Quadra

Connecting Technology and Business.

Your Messages are Encrypted in Office 365

Message Encryption in O365 is service that lets you send encrypted emails to people outside your company. No matter what the destination-Outlook.com, Yahoo, Gmail, Exchange Server, Lotus Notes, GroupWise, Squirrel Mail, you name it - you can send sensitive business communications with an additional level of protection against unauthorized access. There are many business situations where this type of encryption is essential. Here are just a few.

  • A bank sending credit card statements to customers over email.
  • An insurance company providing details about the policy to clients.
  • A mortgage broker requesting financial information from a customer for a loan application.
  • A healthcare provider using encrypted messages to send healthcare information to patients.
  • An attorney sending confidential information to a client or another attorney.
  • A consultant sending a contract to a client.
  • A therapist providing a patient diagnosis to an insurance company.

Office 365 E3 and E4 users will get Office 365 Message Encryption at no extra cost.

Setting up encryption

Administrators set up transport rules to apply Office 365 Message Encryption when emails match specified criteria. Transport rules provide great flexibility and control, and can be managed via a web-based interface or PowerShell.

Setting up the transport rules is simple. Administrators simply select the action to apply encryption or remove encryption in the Exchange admin center.

https://officeblogswest.blob.core.windows.net/wp-content/migrated-images/78/3808.OME_0.png

You set up Office 365 Message Encryption rules in the Exchange admin center.  

Once the admin sets up the rules, whenever anyone in the company sends a message that matches the conditions, the message is encrypted using Office 365 Message Encryption. The outgoing message is encrypted before it is delivered to the outside mail server to prevent any spoofing or misdirection.

Receiving and responding to encrypted messages

When an external recipient receives an encrypted message from your company, they see an encrypted attachment and an instruction to view the encrypted message.

https://officeblogswest.blob.core.windows.net/wp-content/migrated-images/78/7245.OME_1.png

The encrypted message appears as an attachment in a message in the recipient’s inbox, with instructions for how to view it. 

You can open the attachment right from your inbox, and the attachment opens in a new browser window. To view the message, you just follow the simple instructions for authenticating via your Office 365 ID or Microsoft Account.

https://officeblogswest.blob.core.windows.net/wp-content/migrated-images/78/3660.OME_3.png

Once you are authenticated, the content of an encrypted message appears.

The Message Encryption interface, based on Outlook Web App, is modern and easy to navigate. You can easily find information and perform quick tasks such as reply, forward, insert, attach, and so on. As an added measure of protection, when the receiver replies to the sender of the encrypted message or forwards the message, those emails are also encrypted.

https://officeblogswest.blob.core.windows.net/wp-content/migrated-images/78/6012.OME_4.png

When you reply to an encrypted message you’ve received, your reply is also encrypted.

-gleaned from Office Blogs

Use more than one authentication method to keep identities secure

Microsoft has added Multi-Factor Authentication for Office 365 to Office 365 Business plans, Enterprise plans, Academic plans, Non-profit plans, and standalone Office 365 plans, including Exchange Online and SharePoint Online. This allows organizations with these subscriptions to enable multi-factor authentication for their Office 365 users without requiring any additional purchase or subscription.

Multi-factor authentication increases the security of user logins for cloud services above and beyond just a password. With Multi-Factor Authentication for Office 365, users are required to acknowledge a phone call, text message, or an app notification on their smartphone after correctly entering their password. Only after this second authentication factor has been satisfied can a user sign in.

Multi-factor authentication is available for Office 365 administrative roles and also to any Office 365 user and users who are authenticated from a federated on-premises directory.

Microsoft has also added App Passwords for users so they can authenticate from Office desktop applications.

Multi-factor authentication enhances security for Office 365. (Office 365 offers many robust built-in security features for all customers and also optional controls that enable subscribers to customize their security preferences. More information about security in Office 365 is available in the Office 365 Trust Center).

Multi-Factor Authentication for Office 365

Office 365 administrators enroll users for multi-factor authentication through the Office 365 admin center.

mfa_02

On the users and groups page in the Office 365 admin center, you can enroll users for multi-factor authentication by clicking the Set Multi-factor authentication requirements: Set up link.

mfa_03

The multi-factor authentication page lists the users and allows you to enroll a user for multi-factor authentication.

After a user is enabled for multi-factor authentication, they will be required to configure their second factor of authentication at their next login. Each subsequent login is enforced and will require use of the password and phone acknowledgement.

mfa_04

After being enrolled for multi-factor authentication, the next time a user signs in, they see a message asking them to set up their second authentication factor.

Any of the following may be used for the second factor of authentication.

  1. Call my mobile phone. The user receives a phone call that asks them to press the pound key. Once the pound key is pressed, the user is logged in.
  2. Text code to my mobile phone. The user receives a text message containing a six-digit code that they must enter into the portal.
  3. Call my office phone. This is the same as Call my mobile phone, but it enables the user to select a different phone if they do not have their mobile phone with them.
  4. Notify me through app. The user configured a smartphone app and they receive a notification in the app that they must confirm the login. Smartphone apps are available for Windows Phone, iPhone, and Android devices.
  5. Show one-time code in app. The same smartphone app is used. Instead of receiving a notification, the user starts the app and enters the six-digit code from the app into the portal.

mfa_05

Once a user is signed in they can change their second factor of authentication.

The settings menu is the little cog at the top right of the portal screen. In the settings menu clicking the additional security verification link. 

App Passwords in Multi-Factor Authentication for Office 365

Users who are enrolled for multi-factor authentication are required to configure App Passwords in order to use Office desktop applications, including Outlook, Lync, Word, Excel, PowerPoint, and OneDrive for Business.

Once an information worker has logged in with multi-factor authentication, they will be able to create one or more App Passwords for use in Office client applications. An App Password is a 16-character randomly generated password that can be used with an Office client application as a way of increasing security in lieu of the second authentication factor.

App Passwords are not available for use with PowerShell access to Office 365, and they can be turned off entirely for the Office 365 tenant for customers who have special security policies.

mfa_06

After you’ve created an App Password for an Office desktop application, such as Outlook, it is indicated in a list in your account.

- gleaned from Office blogs

SharePoint Server or SharePoint Online – that is the question

Many business enterprises grapple with the dilemma whether to host their SharePoint on-premises or to settle for what is available on the SharePoint online services that Microsoft offers in its Office 365 offerings. There is a third but less considered option – host SharePoint server on the cloud using the Infrastructure as a Service (Iaas) offered by Microsoft (Azure) or other cloud players.


Any decision, according to Gartner, must be based on the business objective of the enterprise rather than any other consideration. As this question gets complex with the increase in the number of users/user teams, their location, connectivity, security, compliance, privacy and controllability, Gartner has published decision frameworks, decision factors and lists of strengths and weaknesses to help enterprises base their decisions on.


While many enterprises that desired an intranet for their staff have already invested in SharePoint for an on-premises solution (SharePoint Online was a late-comer), with the cloud-first principle, Microsoft has started rolling out a lot of new features in the SharePoint online services that has become attractive and is becoming a deterrent in decision making in support of an on-premises solution. Now, a serious decision is looming in the near future for many enterprises whether to go for the next upgrade of SharePoint server or should the enterprise opt for the cloud services.


Some of the factors that influence a decision are listed hereunder:


Is my enterprise content safe on the cloud?


A number of enterprises are still worried about the security of their content. With news of data breaches happening all around the web, this is a factor of grave concern for the enterprises. Many of them still hesitate to consider the online services as a safe bet and are not ready to move their content to the cloud due to legal constraints. While Microsoft, one of the most trusted IT companies in the world, has come up with a lot of information on its trust center about the various steps it has taken to make the enterprise content secure and about the various certification that it has acquired over the years (http://azure.microsoft.com/en-us/support/trust-center/ ), it still fails to offset the fears in the mind of the enterprise decision makers. They would rather live with their content in their datacenter and risk a breach than trust it to a third party vendor.


Where is my data?


Many business enterprises that provide services to their customers and clients are facing this question – where is my data located in the cloud? Many of them are bound by legal compliance requirements that prohibit them from moving their data beyond their national boundaries. Customers and clients might consider it a threat to allow their data to be held in a country that might not align with their political, religious or cultural convictions. While Microsoft allows enterprises to choose a zone of their choice for holding their content on the azure services, it is not so transparent with respect to the Office 365 services.


How is the connectivity?


While a SharePoint server might require only a LAN connectivity, SharePoint online would require an always online kind of a WAN connectivity for accessing content. Many developing countries are still facing a problem of poor internet connectivity which might be a very important factor that influences the decision against SharePoint online services. While there is the 3G and 4G connectivity that is becoming popular lately in the urban areas, this might not be the case in places  that are far removed from the cities where the manufacturing centers are located – in industrial estates and export processing zones that have limited connectivity even today.


How much do I get to store?


SharePoint online provides 500 mb per user subscription apart from the 10GB available for the enterprise. This might become a limitation where the enterprise is content-intensive. While additional space for storage of the content can be bought from the service provider, this might be considered as an additional expense and there might not be an upper predictable limit for budgeting purposes.


Will my search be fast enough?


As SharePoint is made available in a multitenant environment, search capabilities might be slow and not give the user as good an experience as an on-premises solution. There is a potential scalability concern when it comes to the online services.


What limit of customization do I want?


With a SharePoint on-premises solution, there is a possibility of extensive customization. Enterprises can make the solution as user friendly as possible. With the SharePoint designer, a lot of apps can be built in to the solution to make the platform a real collaborative entity. SharePoint online provides limited customization options.


How much am I going to spend?


The online services is available at a fractional cost of the on-premises solution and comes in a subscription model. The underlying infrastructure is of no worry to the enterprise and does not require the upkeep of it. The personnel for maintaining the solution and their skill set requirements become minimal. An on-premises solution would require a Windows server, the respective client access licenses, SQL server, the SharePoint server and the client access licenses and a double investment for high availability scenarios.


How fast do I want to roll out / scale up the solution?


An On-premises SharePoint solution requires details architectural planning and the roll out might take several months. The end-user waiting time for this solution might at some time sap the enthusiasm of the users. An online solution would shorten this time significantly as the infrastructure is readily made available by the service provider. And scaling up and down depending on the requirement is possible in an online solution as it is a pay for what you use model. Scaling down on the number of users in an on-premises model will only reduce the Return on investment (RoI) significantly.


The third option – Hosting the SharePoint server on the cloud


This might be an option that enterprises might want to consider if they are financially crunched on acquiring fresh hardware or provision existing hardware for this SharePoint solution. In this case, not only have they to pay the vendor for IaaS but also have to pay for the software Server licenses and CALS. And the responsibility of running and upkeep of the solution is on the shoulders of the internal IT admins.



Azure Active Directory - Capabilities and Business Benefits (1)

Azure Active Directory provides single sign-on to thousands of cloud (SaaS) apps and access to web apps that an enterprise runs on-premises. Built for ease of use, Azure Active Directory features Multi-Factor Authentication (MFA), access control based on device health, user location, and identity and holistic security reports, audits, and alerts. Azure Active Directory is available in 3 editions: Free, Basic and Premium.

Benefits of Azure Active Directory

Single sign-on to any cloud and on-premises web app

Azure Active Directory provides secure single sign-on to cloud and on-premises applications including Microsoft Office 365 and thousands of SaaS applications such as Salesforce, Workday, DocuSign, ServiceNow, and Box.

Easily extend Active Directory to the cloud

Connection to Active Directory and other on-premises directories to Azure Active Directory is available in just a few clicks and it helps maintain a consistent set of users, groups, passwords, and devices across both environments.

Works with iOS, Mac OS X, Android, and Windows devices

Users can launch applications from a personalized web-based access panel, mobile app, Office 365, or custom company portals using their existing work credentials—and have the same experience whether they’re working on iOS, Mac OS X, Android and Windows devices.

Protect sensitive data and apps

Application access security is enhanced using rule-based Azure Multi-Factor Authentication for both on-premises and cloud applications. Security reporting, auditing, alerting, and “shadow IT” application discovery helps protect the business. Business can also take advantage of unique machine learning-based capabilities that identify potential threats.

Protect on-premises web apps with secure remote access

Users can access their on-premises web applications from everywhere and can be protected with multi-factor authentication, conditional access policies, and group-based access management. They can also access SaaS and on-premises web apps from the same portal.

Reduce costs and enhance security with self-service

Admins can delegate important tasks such as resetting passwords and the creation and management of groups to their employees. Providing self-service application access and password management through verification steps can reduce helpdesk calls and enhance security.

Enterprise scale and SLA

Azure Active Directory Premium offers enterprise-grade scale and reliability. As the directory for Office 365, it already hosts hundreds of millions of users and handles billions of authentications every day. The high availability service is hosted in globally distributed datacenters in 17 regions, with worldwide technical support that provides a 99.9% SLA.

Empower Users

Business enterprises can enable users to work from any location – corporate office, home office, on the go, using any device – desktops, laptops, tabs, smartphones. They can give the users always-on access to all their work resources using a single set of credentials protected with Multi-Factor Authentication. After a user has signed in, they get single sign-on access to their apps and data.

Self-service capabilities

Enterprises can minimize support costs and keep users up and running by configuring self-service experiences. With web-based tools such as Access Panel and Password Reset, users  can be given a personalized, company-branded portal to access SaaS applications.



Users create and manage their own groups

Admins can empower users to create their own groups, assign members to groups they own, approve join requests, and more.

Users change and reset their own passwords

Businesses can give all users in their directory the capability to change and reset their passwords – whether they are in the cloud or on-premises.