Security

Protecting you against the SSL 3.0 vulnerability

As we announced yesterday, driving innovations in security capabilities of Office 365 is a top priority. We understand that the security of your data is important and we’ll continue to be transparent about our approach. To that end, we wanted to share details around Security Advisory 3009008. This advisory provides guidance related to a vulnerability in Secure Sockets Layer (SSL) 3.0 which could allow information disclosure. This is an industry-wide vulnerability…

Office 365
DLP_FeatureImage

Expanding data loss prevention (DLP) to SharePoint Online, OneDrive for Business, Windows File Share and Office applications

One of the key tenets of our approach to security with Office 365 is to give you the right set of tools and services to address your organization’s specific security and compliance needs. Data loss prevention (DLP) is a critical part of the security capabilities we’ve built right into Office 365. We first rolled out DLP in Exchange and Outlook and then expanded into Outlook Web App (OWA), adding new…

Exchange
EOP

Evolving Exchange Online Protection (EOP) to protect against tomorrow’s threats

Ten million spam messages blocked every minute. That’s the average number of spam messages that are blocked by Microsoft every minute. However, every day attackers around the world find new techniques to attack your email. The threats take different forms, such as an unidentified spam campaign, an unknown malware, or a completely new virus. The ever-expanding world of such attacks keeps changing and, to better protect your email against these…

Office 365
Asef Kashi

From Inside the Cloud: What controls do we provide to protect your data in transit in Office 365?

In our last few posts in our From Inside the Cloud series, my colleagues and lead engineers, Perry Clarke, Vivek Sharma and Kamal Janardhan shared insider overviews on how we design and run various aspects of security, privacy and compliance in Office 365. Today, I would like to share an overview of the controls you have within Office 365 to protect your data in transit.

Security
Office 365 logo

Microsoft Online Services Bug Bounty Program launches with Office 365

Today we’re announcing the participation of Office 365 in the new Microsoft Online Services Bug Bounty Program. Through this program, which launches today, we are able to reward and recognize security researchers by offering a bounty for qualifying security vulnerabilities they report to us. We are participating in this program for a number of reasons, chief among them are:

Office 365
Office 365 logo

What does it mean to own your data in Office 365? How we aim to raise the bar on visibility and control of your organization’s data with Office 365

In our last few From Inside the Cloud posts, we offered an insider’s perspective from lead engineers Perry Clarke, Vivek Sharma and Shawn Veney on how we protect your data at rest, who has access to your data within Office 365, and how Office 365 does continuous compliance. They explained the various mitigations that we have in place for data security, access control, and ensuring that customers have the ability…

Garage Series
markruss

The Garage Series for Office 365: Assessing the Top 5 Cloud Security Threats with Mark Russinovich

In this week’s show Jeremy Chapman is joined by cyber security expert and author, Mark Russinovich, to assess the most frequently heard cloud security threats. Mark describes each threat with its threat level and shares how Microsoft architects its cloud services to maximize data security and protect against data loss. Jeremy and Mark also give pro tips to protect against credential loss and contain the risk of user-driven shadow IT. …

Garage Series
swann

Garage Series Under the Hood: Continually Safeguarding your Data in the Office 365 Service

In this special edition of Garage Series Live Under the Hood, Jeremy Chapman goes deep on the operational side of information protection with lead engineer Matt Swann – from Office 365’s blue team – responsible for detecting and analyzing anomalies in the service. They discuss how the service is architected for security across physical, network, access and data vectors then Matt demonstrates how the cloud is used to protect the…

Security

From Inside the Cloud: Who has access to your data within Office 365?

Perry Clarke is the corporate vice president in Office Server and Services. Vivek Sharma is the director of program management in Office Server and Services. Vivek Sharma: In our last From Inside the Cloud post, “Is your data safe at rest?,” we looked at possible physical and logical threat vectors and the various mitigations in place with our defense-in-depth approach, including penetration testing. We also summarized some of the administrator…

Security
kashi

The Garage Series for Office 365: Under the Hood with Information Security and Compliance

Today Jeremy is joined by information protection engineering lead, Asaf Kashi, to explain the principles of data security and compliance along with the controls for administrators, end users and compliance officers. They discuss how built-in controls in Office 365 for Data Loss Prevention – including the new document fingerprinting – can help inform end users of policies and prevent data from being compromised. They also go deep with Office 365 Message Encryption and show how encrypted…