Microsoft expanding security and mobile controls for Office 365
- By Kurt Mackie
- Oct 29, 2014
IT managers at government agencies will soon have more options for data loss protection (DLP) and mobile device controls.
Microsoft announced the expansion of DLP across Office 365 and beyond. Over the past few months, the company introduced new capabilities in SharePoint Online and OneDrive for Business, according to a recent Microsoft blog post on DLP, allowing users to search for sensitive content through eDiscovery.
Microsoft is now releasing active policy evaluation and enforcement on sensitive data in SharePoint Online and OneDrive for Business.
Some of those features were discussed during the Day 1 keynote talk at Microsoft's TechEd Europe event in Barcelona by Julia White, general manager of Microsoft Office.
With DLP, IT pros have access to Office 365 console reports, which show rules that can be set up, White said. They also show if users are trying to override the rules. If they are, IT managers can modify the policies to add additional restrictions, if wanted. For instance, restrictions can be set regarding the disclosure of credit card information. Alerts can be set up, too, and end users will get policy tips so they will become aware of the policy restrictions set by IT.
These Office 365 capabilities are being rolling out at various times, but the target date seems to be the first quarter of next year.
White also described the ability to edit policies for mobile device management (MDM). The policies get embedded into managed apps, such as Office for iPad apps, she said, and the capability will be "natively built into Windows 10." That would allow IT pros to set copy and paste restrictions on managed apps to protect company data.
Microsoft already has some DLP features in its OneDrive for Business and SharePoint Online services, including an e-discovery capability. However, the ability to add policy restrictions to block and restrict access to content will be rolled out in these apps, "in the coming months," according to a Microsoft blog post on DLP.
The first app to get the new DLP controls will be Excel, followed by Word and PowerPoint. DLP will work "natively" in Office applications, Microsoft promises. The protection scheme will work at the file level, as well as for email, document libraries or OneDrive for Business folders.
IT managers will have access to built-in DLP templates to add rules. They can review incident reports showing attempted policy overrides. Additional policy controls for Office 365, such as information rights management, will arrive in the first quarter of 2015.
Microsoft also plans to extend the file classification infrastructure capability of Windows File Server to Exchange Online, OneDrive for Business and SharePoint Online, starting in the first quarter of 2015. Office documents can be classified using this scheme and policies can be set to avoid information disclosure.
OneDrive for Business and SharePoint Online also have "advanced encryption at rest," which is a capability that Microsoft calls "per-file encryption." Per-file encryption creates a key for every file stored. It also creates a new key for any variants of those files.
Mobile device management capabilities
Microsoft is planning to roll out its new MDM capabilities for Office 365 in the first quarter of 2015. Some of these capabilities are being built into Office 365 management, but other capabilities will be available through Microsoft Intune.
A Microsoft MDM blog post outlined the following Office 365 MDM capabilities:
- Ability to set security policies for devices that connect to Office 365.
- Ability to set specific security policies for devices, such as "device level pin lock and jailbreak detection."
- Ability to set "selective wipe," which allows corporate data to be removed remotely while retaining personal data on a device.
- Ability to have MDM management built "directly into productivity apps," which avoids having to set all-in-one management policies across apps.
- Ability to manage MDM policies through the Office 365 administration portal.
Microsoft is planning to add these new MDM capabilities to its Office 365 "business, enterprise, EDU and government plans."
A longer version of this article appeared on Redmond, a sister site to GCN.