Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.

Office365 App Security

This slide deck provides an overview on the options administrators have to secure the applications that are part of Office 365. This slide deck also include recommendations and best-practices.

  • Soyez le premier à commenter

  • Soyez le premier à aimer ceci

Office365 App Security

  1. 1. Office365 App Security Overview on options to secure Office365 applications Presented By: Oliver Wirkus (MVP) September, 7th 2017
  2. 2. About me • Sr. Consultant with 2toLead • Microsoft Office Servers and Services MVP • Published Author and Speaker • Member of the Board of Vancouver Office365 user group Email: oliver@2tolead.com Twitter: @OWirkus LinkedIn: https://www.linkedin.com/in/owirkus/ Oliver Wirkus
  3. 3.  What are common threads that organizations face?  How to secure the Office 365 applications?  Summary and Best Practices
  4. 4. What are common threads that organizations face? Agenda
  5. 5. Sharing of sensitive information outside of the organization Common Threads
  6. 6. Sharing of sensitive information with other organizations Common Threads
  7. 7. Using unmanaged (personal) devices Common Threads
  8. 8. Uncontrolled sync’ing of data Common Threads
  9. 9. (Accidentally) sending sensitive information Common Threads
  10. 10. How to secure the Office 365 applications? Agenda
  11. 11. Security settings for SharePoint online
  12. 12. Configure external sharing according to corporate policies SharePoint online Configure external sharing in the Office365 Admin Center.} } Limit external sharing to selected security groups
  13. 13. Configure blocked and allowed domains as an additional layer of security SharePoint Online Configure domains users are allowed to share with.}
  14. 14. Create DLP rules according to corporate policies and keep in mind that DLP rules are not in effect immediately SharePoint online Data Loss Prevention Configure external sharing in the Office365 Security and Compliance Center. Rules might take a long time to become active!
  15. 15. Security settings for OneDrive for Business
  16. 16. Configure external sharing according to corporate policies OneDrive for Business Configure sharing with external users} Configure defaults for sharing links}
  17. 17. Configure blocked and allowed domains as an additional layer of security OneDrive for Business Limit external sharing by domain. Domains can be blocked or allowed}
  18. 18. Create DLP rules according to corporate policies and keep in mind that DLP rules are not in effect immediately OneDrive for Business OneDrive for Business is using the same DLP rules as SharePoint Online
  19. 19. Limit sync’ing to PCs joined to a corporate domain OneDrive for Business List domains that devices need to join to be included into synchronization}
  20. 20. Security settings for PowerApps and Flow
  21. 21. Only allow connectors which are safe to handle corporate data. Content transferred by connectors is not checked! PowerApps / Flow Data Loss Prevention is handled by allowing specific connectors to be used with Business Data} Redmond Magazine: How to Secure SharePoint Online Workflows with Microsoft Flow
  22. 22. Security settings for Skype for Business
  23. 23. Configure external access based on corporate policies Skype for Business Control how users can access Skype for Business users in other organizations} Configure blocked and allowed domains}
  24. 24. Security settings for Power BI
  25. 25. Configure who is allowed to share externally and who is allowed to publish to the web Power BI Control how users can share dashboards with external users} Control who can share dashboards with external users} Control who is allowed to publish reports to the web}
  26. 26. Control who is allowed to export data or to print dashboards and reports Power BI
  27. 27. Configure carefully who is allowed to use integrations services, audits and usage metrics Power BI Control who is allowed to use integration services } Control who is allowed to create audits and usage metrics }
  28. 28. Security settings for Office Groups
  29. 29. Configure privacy settings according to governance policies Office Groups Office Groups can be either ‘Public’ or ‘Private’} Configure if the group can receive external email}
  30. 30. Security settings for Yammer
  31. 31. Add only trusted network domains to Yammer Yammer Access list of allowed domains } Add domains as ‘allowed’ domains}
  32. 32. Configure who is allowed to create External Networks Yammer Configure who is allowed to create ‘External Networks’} Configure additional options for ‘External Networks’}
  33. 33. Configure IP ranges for Office network or VPN access Yammer Define a range of allowed IP addresses} Define how logins from outside are handled}
  34. 34. Security settings for Sway
  35. 35. Configure options for external sharing and what viewers are allowed to do with a Sway they receive. Sway Select with whom the Sway should be shared} Configure additional options regarding what Viewers are allowed to do}
  36. 36. Security & Privacy settings for Office 365
  37. 37. Assign roles and permissions according to tasks. Don’t assign all roles to just a few admins. Office 365 Assign roles and permissions to employees who need to perform specific tasks}
  38. 38. Create alerts based on various predefined activities } Set alerts and know what is happing to your data. Office 365
  39. 39. Only use Supervision with permission of your corporation Office 365 Configure who’s communication should be supervised, how often it should supervised and define supervisors }
  40. 40. Fine-tune the communication that should be supervised Office 365 “The conditions you choose will apply to communications from both email and 3rd-party sources in your organization (like from Facebook or DropBox).” https://support.office.com/en-us/article/Configure-supervision-policies-for-your-organization-d14ae7c3-fcb0-4a03-967b-cbed861bb086
  41. 41. Summary and Best Practices Agenda
  42. 42. Best practice guidance Security restricts employees in their day-to-day business! Too much security restrictions might constrict users in a disproportionate manner. On the other hand, too less security will definitely have a negative impact on the business and jeopardize the enterprise. My personal best practices:  Develop governance rules and security guidelines with business owners and external experts.  Apply the necessary amount of security rules based on these governance rules.  Log each applied security setting thoroughly and utilize the “Four- eye principle”.  Review governance rules and security settings at least twice per year.  Be transparent and train users

    Soyez le premier à commenter

    Identifiez-vous pour voir les commentaires

This slide deck provides an overview on the options administrators have to secure the applications that are part of Office 365. This slide deck also include recommendations and best-practices.

Vues

Nombre de vues

131

Sur Slideshare

0

À partir des intégrations

0

Nombre d'intégrations

0

Actions

Téléchargements

8

Partages

0

Commentaires

0

Mentions J'aime

0

×