Back
Office 365

What does it mean to own your data in Office 365? How we aim to raise the bar on visibility and control of your organization’s data with Office 365

Share on Facebook Share on Twitter Share on Linkedin Share via OneNote Share via Email Print

Kamal Janardhan is the principal program manager in the Office 365 Information Protection team.

In our last few From Inside the Cloud posts, we offered an insider’s perspective from lead engineers Perry Clarke, Vivek Sharma and Shawn Veney on how we protect your data at rest, who has access to your data within Office 365, and how Office 365 does continuous compliance. They explained the various mitigations that we have in place for data security, access control, and ensuring that customers have the ability to comply with regulations or their own organizational policies.

These posts followed an overview on why trust Office 365 with Rajesh Jha, the head of Office 365 engineering, who emphasized how we ensure that you retain full ownership of your data in the Office 365 service. Today I want to take that aspect of the discussion a step or two further by exploring how this translates to the value that we are engineering into Office 365.

How we aim to raise the bar on visibility and control of your organization’s data with the Office 365 service

When you move to the cloud, a key tenet of ownership is the level of visibility and control you have over your data. In today’s From Inside the Cloud three-minute overview, I focus on how we want to raise the bar on that visibility and control, much beyond what you can do in your own on-premises environments today.

 

Kamal JanardhanHow do we hope to deliver on this vision of ownership? We believe that visibility and control means three things (1) being able to view the data (2) being able to take actions on it and (3) being aware of what actions were taken at any time.

In many on-premises environments today, achieving this level of visibility and control is more complex than it is in the cloud. The burden is on you to define and implement consistent configuration with appropriate data access and distribution policies across all your workloads. This can be a costly process and usually requires specialist staff for compliance and IT administration. In Office 365, that visibility into your organization’s workloads is integrated directly into the service.

Archiving and eDiscovery are built directly into Office 365 on the workload’s data store, so you can take actions like preservation, deletion, auditing, and data loss prevention, as well as do an organizational search using our eDiscovery tools, based on person, date range, keyword and other rich criteria. Because you are acting on the most recent version of the data in the workload, you can search within a user’s IM conversations, mailbox, or site libraries and preserve or delete as needed.

Viewing and acting on the data are privileged operations and within Office 365 we define roles that have these abilities for a given set of users. The scope and reach of these roles is defined by you, the customer, and our goal is to enable you to track all changes to these privileged roles. We also want to enable the compliance officer to keep the organization safe without disrupting the productivity of the user. With this in mind, when you perform an eDiscovery query, you can preserve, export, preview and copy the data without impact to the information worker. Our hope for the long term is to give you an organizational view that enables you to easily see the history of any action taken on your data by individuals in your organization. This history can drive your decisions to put proactive compliance controls in place or take reactive action to reduce risk.

Please share any and all feedback about what you see in Office 365. We’ve come a long way but still have farther to travel to fulfill the promise of our vision. We hope you’ll be willing to take that journey with us.

For more information on what is included in Office 365, read our detailed whitepaper, Customer controls for Information Protection in Office 365, available on the Office 365 Trust Center.

 

—Kamal Janardhan

Top

Join the conversation

3 comments
  1. You state the we should be “aware of what actions were taken at any time”. I would like to know:
    1. which employees have synced their OneDriveForBusiness site with their own personal devices.
    2. Who created a site collection in SharePoint online and when it happened
    The data associated with these actions does not appear to be available. How can these basic questions be answered?

    • Beyond the existing reports available in O365 admin center > REPORTS > OneDrive for Business (sites deployed & storage), and the capabilities Kamal outlines from an eDiscovery/DLP/audit perspective, the two areas you’ve outlined are good feedback to consider on our continuous journey to arm admins with the right access to logged data.

      We. too, hope you review the Office.com/roadmap item “OneDrive for Business new auditing and reporting capabilities” where we’ve noted what we plan to bring as the next level of auditing and reporting specific to OneDrive for Business, “These new reporting options will allow admins to audits and reports for file create, edit, upload, download and delete, sharing files by invitation and by link, and accepting or rejecting requests for file or folder access.”

      The journey continues. You will see us continually investing in levels of auditing and reporting across the Office 365 service, and your feedback drives future planning.

      Thanks,
      Mark Kashman

      • The current reports are not very helpful because they do not show current data and the simple count of how many have been created does not include the users who created them

Comments are closed.