Office 365
Inside the Cloud Nov 2

From Inside the Cloud: How do we monitor and safeguard your data in the Office 365 service?

The rigor and discipline required to testing ourselves continuously to keep your data safe within the service, is by nature an operation of tremendous scale especially when you consider the terabytes (TB) of data flowing daily through the service. And it’s the Blue team’s job, to literally find that potential needle in the haystack of activity that may signify anomalous behavior and to then take action. Which is what we…

Office 365
Inside the Cloud Nov

From Inside the Cloud: What does Microsoft do to prepare for emerging security threats to Office 365?

Recently, there have been a number of cyber security related news articles about vulnerabilities and exploits. If you are wondering if the Cloud increases your data risk, in this week’s episode we focus on the measures that our engineering team has in place to prepare for emerging security threats to the Office 365 service.

Security

Protecting you against the SSL 3.0 vulnerability

As we announced yesterday, driving innovations in security capabilities of Office 365 is a top priority. We understand that the security of your data is important and we’ll continue to be transparent about our approach. To that end, we wanted to share details around Security Advisory 3009008. This advisory provides guidance related to a vulnerability in Secure Sockets Layer (SSL) 3.0 which could allow information disclosure. This is an industry-wide vulnerability…

Office 365

Expanding data loss prevention (DLP) to SharePoint Online, OneDrive for Business, Windows File Share and Office applications

One of the key tenets of our approach to security with Office 365 is to give you the right set of tools and services to address your organization’s specific security and compliance needs. Data loss prevention (DLP) is a critical part of the security capabilities we’ve built right into Office 365. We first rolled out DLP in Exchange and Outlook and then expanded into Outlook Web App (OWA), adding new…

Exchange
EOP

Evolving Exchange Online Protection (EOP) to protect against tomorrow’s threats

Ten million spam messages blocked every minute. That’s the average number of spam messages that are blocked by Microsoft every minute. However, every day attackers around the world find new techniques to attack your email. The threats take different forms, such as an unidentified spam campaign, an unknown malware, or a completely new virus. The ever-expanding world of such attacks keeps changing and, to better protect your email against these…

Office 365
Asef Kashi

From Inside the Cloud: What controls do we provide to protect your data in transit in Office 365?

In our last few posts in our From Inside the Cloud series, my colleagues and lead engineers, Perry Clarke, Vivek Sharma and Kamal Janardhan shared insider overviews on how we design and run various aspects of security, privacy and compliance in Office 365. Today, I would like to share an overview of the controls you have within Office 365 to protect your data in transit.

Security
Office 365 logo

Microsoft Online Services Bug Bounty Program launches with Office 365

Today we’re announcing the participation of Office 365 in the new Microsoft Online Services Bug Bounty Program. Through this program, which launches today, we are able to reward and recognize security researchers by offering a bounty for qualifying security vulnerabilities they report to us. We are participating in this program for a number of reasons, chief among them are:

Office 365
Office 365 logo

What does it mean to own your data in Office 365? How we aim to raise the bar on visibility and control of your organization’s data with Office 365

In our last few From Inside the Cloud posts, we offered an insider’s perspective from lead engineers Perry Clarke, Vivek Sharma and Shawn Veney on how we protect your data at rest, who has access to your data within Office 365, and how Office 365 does continuous compliance. They explained the various mitigations that we have in place for data security, access control, and ensuring that customers have the ability…

Security

From Inside the Cloud: Who has access to your data within Office 365?

Perry Clarke is the corporate vice president in Office Server and Services. Vivek Sharma is the director of program management in Office Server and Services. Vivek Sharma: In our last From Inside the Cloud post, “Is your data safe at rest?,” we looked at possible physical and logical threat vectors and the various mitigations in place with our defense-in-depth approach, including penetration testing. We also summarized some of the administrator…