Microsoft Office 365 Security Updates Revealed

New features for Office 365, announced during the RSA Conference 2015 in San Francisco this week, aim to enhance data privacy.

Kelly Sheridan, Staff Editor, Dark Reading

April 22, 2015

4 Min Read
<p align="left">View of Customer Lockbox.</p>

Windows 10: Your PC Is Headed For The Cloud

Windows 10: Your PC Is Headed For The Cloud

Windows 10: Your PC Is Headed For The Cloud (Click image for larger view and slideshow.)

Microsoft Office 365 will receive a range of new features later this year and into 2016 that are aimed at enhancing customer controls and adding transparency in service operations.

The new features were announced by Microsoft during the 2015 RSA Conference, taking place this week at San Francisco's Moscone Center.

Mobile and cloud trends are profoundly influencing how people do their jobs, said Vijay Kumar, Microsoft's senior product marketing manager, in an interview with InformationWeek. Delivering improved service capabilities and customer controls for Office has been a priority, but such changes have to be made with security in mind, he said.

Of its announcements this week, the most significant is Customer Lockbox for Office 365, says Kumar. The new feature will give customers greater control over their data when a Microsoft engineer has to access their private content to solve a problem.   

Office 365 was designed to minimize interaction between Microsoft employees and customer content, so service operations are already mostly automated. The instances during which a Microsoft engineer has to access user content are rare, for instance when there is an issue with mailbox or document content.

[ Wondering what's in store for the next edition of Windows Server? Read: Microsoft Offers Azure Service Fabric For Distributed Apps.]

When such cases arise, Microsoft employees get permission to view customer content through an access control technology called Lockbox. They're given just-in-time access, with limited windows of authorization, and all activities are logged and audited. It's already pretty secure, but Microsoft is taking things up a notch.

Its most recent update will give customers those Lockbox approval rights to grant access permission to Microsoft employees. With Customer Lockbox, Microsoft will not be able to access user content without explicit approval from the customer, who will have the option to reject the request. This capability will be available for Exchange Online by the end of 2015, and for SharePoint Online by Q1 2016.

To boost transparency in service operations, Microsoft has announced a new Management Activity API and preview program for security and compliance monitoring within Office 365. The goal is to provide greater visibility into user and administrative transactions within Office 365.

Its new Management Activity API will grant access to more than 150 transaction types, with activity logs from SharePoint Online, Exchange Online, and Azure Active Directory. Microsoft notes that more Office 365 services will be included in the future. There will also be a consistent schema throughout all activity logs in the service with a common core, and an on/off option for customers to control instrumentation for activity logs.

Partners have already started to build solutions using the new API in accordance with a pre-release program. These solutions provide reports, interactive visualizations, and operational dashboards. If you want to test the Management Activity API, a preview program is available.

On the security front, we'll also be seeing more advanced email encryption in the months ahead. Office 365 already has advanced encryption. In 2014, Microsoft boosted its BitLocker drive-level encryption with per-file encryption across OneDrive and SharePoint Online.

The latest plans include adding content-level encryption to email in Office 365, an update that will increase security by further separating server administration and data stored within Office 365. Kumar noted that the new encryption advancements will be available by the end of 2015.

In 2016, the goal is for Microsoft customers to be able to create and control their own content encryption keys. This idea was sparked through customer conversation, which shed light on the different capabilities that would make sense for them and how they could have more control over their information, according to Kumar.

Attend Interop Las Vegas, the leading independent technology conference and expo series, designed to inspire, inform, and connect the world's IT community. In 2015, look for all-new programs, networking opportunities, and classes that will help you set your organization's IT action plan. It happens April 27 to May 1. Register with Discount Code MPOIWK for $200 off Total Access & Conference Passes.

About the Author(s)

Kelly Sheridan

Staff Editor, Dark Reading

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial services. Sheridan earned her BA in English at Villanova University. You can follow her on Twitter @kellymsheridan.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like

More Insights