Office 365 represents the movement of major software suites going to a SaaS model as opposed to letting users buy the software outright and install it directly on their hard-disks. It works partially in the cloud and partially on the local system, which creates security concerns among organizations large and small. Microsoft has built-in features that reduce some of the strain that comes with the platform, but it’s not perfect. Office 365 is still vulnerable to phishing attacks via email. All it takes is for one user to click on a link to cause problems for their own accounts and potentially the rest of the network. Here’s what you need to understand about security in Office 365.

Identity Management


Image via Flickr by

Microsoft offers a single sign-in option by Azure called Active Directory. Single sign-in, or SSO, simplifies logins for users working in a connected suite of software like Office 365. Typically a user has to sign into each app for the day or after a timeout period. And if the user has individual instances of each piece of Office software on their computer, they would have to sign into each app separately. Office 365 eliminates this through the use of SSO and the creation of federated trust in the form of an Active Directory. The user is no longer required to constantly enter their credentials for each app. This is more secure than having a different credential, as the user may have a hard time memorizing and write down their passwords on a piece of paper for everyone to see.

Data Loss Prevention

Data loss prevention, or DLP, is built into Office 365, however it has some shortcomings. DLP is partially teaching users what to share and what not to share with other users as well as software controls that prevent the accidental sharing of files. IT has the ability to monitor and control what’s getting sent through the software suite. This allows IT to identify problems and address them as they arise. Office 365 DLP includes options that won’t slow down the workflow but does warn the user about sharing a file with a co-worker and allow them to override a restriction if there’s a justifiable need. IT can review the justification and take appropriate action if necessary. However, if you use multiple cloud services, then Office 365’s DLP will be inadequate. In those case, consider using a cloud access security broker (CASB), that will allow you to enforce a uniform set of DLP policies across all of your cloud applications.

Self-Auditing Software

Microsoft has a tool called SecureScore that’s available to anyone who has administrative privileges for Office 365. The software analyzes the current security settings and prompts the administrator to enact extra security if necessary. Microsoft has established its own security baseline and uses it to compare how the administrator has set up security on their end. SecureScore scores the settings and offers suggestions on how the administrator can improve the score to meet Microsoft’s baseline.

These are a few of the things to know about security in Office 365. Microsoft has created tools to help IT administrators keep everything secure and out of the hands of thieves. Taking advantage of these tools is a wise idea in this day and age of cloud storage.