O365 ComplianceSara Manning DawsonSanjay Ramaswamy

OFC-B232

AGENDA

Risk, and how we can help

Data Compliance • Archive and Retention• EDiscovery

Data Flow and Data Access Compliance • Data Loss Prevention• Encryption• Mobile Device Management• Auditing and Reporting

AGENDA

Risk, and how we can help

Data Compliance • Archive and Retention• EDiscovery

Data Flow and Data Access Compliance • Data Loss Prevention• Encryption• Mobile Device Management• Auditing and Reporting

Risk: Got anything to worry about?You probably don’t need to be here if

The country you live in has no laws. Neither does the state, province, county, or municipality.

No one in your organization communicates with anyone, ever.

Every member of your organization is perfect. They know exactly what to do all the time, and do it.

..

“I want to make sure we’re doing the right thing”Help me respond to this lawsuit

Average number of active lawsuits for $1B+ companies: 147$1M Average per case cost to find and cull evidence

I’m regulated. Help me know and show we are doing the right thing

Help me enforce internal policiesStandards of Business Conduct, Confidentiality, Financial Integrity, Anti-Corruption…

10%28%

62%

Size of Regulated Orgs<50

50-1000

> 1000

28%72

%

Regulated?

No

Yes

PIIHIPAA, PCI DSSGramm-Leach-Bliley

Also ITAR, NASD, UK FSA, ABI, ISO9001, Sarbanes Oxley, Magdelina, FINRA,, SEC, DODD FRANK

Subpoenas

Regulations

and Law

Internal Policy

Bring the data homeIngestion

Migrations from third party stores, more formats

Go Big, Go Fast, UnifyOne Compliance Centre,

Scale,

Compliance RoadmapBuilt in (not bolt on) Compliance for Office

In-Place Archiving

Unified Experience

Extensible Platform

In-PlaceImmutability and in-place

search, preservation, deletion

eDiscovery and Compliance

Immutable

ExchangeLync

File shares

Immutable

SharePoint

Bloomberg

Immutable

Exchange Lync

3rd Party Archives

File SharesImmutable

SharePoint

Immutable

Exchange

Immutable

SharePoint

eDiscovery and Compliance

EncryptAudit Archive Discover DLP Preserve

eDiscovery and Compliance

EncryptAudit Archive Discover DLP Preserve

eDiscovery and Compliance

EncryptAudit Archive Discover DLP Preserve Delete

How we plan to get there

Build compliance into Exchange and SharePoint

Index or Ingest to extend beyond these workloads

Unify compliance experience and configuration across the suite

Exchange

SharePoint

OthersTraditional

Archive

eDiscovery and Compliance eDiscovery and Compliance

EncryptAudit ArchiveDiscover DLP PreserveDelete

BloombergImmutable

Exchange Lync

3rd Party Archives

…Immutable

SharePoint

AGENDA

Risk, and how we can help

Data Compliance • Archive and Retention• EDiscovery

Data Flow and Data Access Compliance • Data Loss Prevention• Encryption• Mobile Device Management• Auditing and Reporting

Today: Archive

Exchange In-Place Archive

Outlook OWA

Retain folder hierarchy

Primary

Immutable

Deletions

Inbox

Purges

Versions

Audits

Deleted Items

…

Archive

Immutable

Deletions

“Inbox”

Purges

Versions

Audits

…

User A

… …

Today: MRM to Delete risky or unnecessary data

Specify default policies and tags available for users to classify their folders or items

Exchange Deletion Policies SharePoint Document Deletion Policies

Define central policies

Assign policies to Site Collection Templates or individual Site Collections

Today: Preservation to keep important data

Exchange Preservation SharePoint Preservation

Exchange Preservation Architecture

Mailbox

Recoverable Items

Deletions

(1) Message delivered

Deleted Items

Inbox

…(2) Message deleted by User

(3) Message eliminated by User

(4) Messagepurgedby userOr Deleted ItemRetention Period expires for that item

Depending on Hold type, items are preserved or

removed

Mailbox

Recoverable Items

Deletions

(1)Message delivered

Deleted Items

Inbox

…(2) Messagedeleted byUser(3) Message eliminatedby User

(4) Message purgedby user Versions

PurgesGone forever

Versions

Purges

DiscoveryHolds

Audits

Delete Hold

Lync Preservation User A Mailbox

Recoverable Items

Deletions

Deleted Items

Inbox

Versions

Purges

DiscoveryHolds

Server side archiving

All Lync modalities captured (PC, mobile, web, OWA)

User A on hold

Hold state synced

Lync archives content into Exchange mailboxes when user is on Hold

Includes instant messaging and meeting content

Preserve data belonging to users no longer with the companyFully available for eDiscoveryAvailable for free! 2 simple steps to an Inactive Mailbox:1. Place mailbox on Hold (Litigation or In-Place)2. Remove user from Office 365

• Mailbox is now an Inactive mailbox

Read more at: http://aka.ms/inactivembx

Inactive Mailboxes

Preserves DL expansion info In-Place, at message send point in timeDL expansion info fully available for eDiscoveryRemoves the need to journal to third party archives Now available in Office 365, and in upcoming Exchange Server 2013 CU7Partners now integrating with this featureRead more at: http://technet.microsoft.com/en-us/library/dn770225(v=exchg.150).aspx

Announcing: In-Place DL Expansion

• Ingestion• Public Folder Hold• Unified Preserve/Delete

experiences• And more…

Future: Archiving

AGENDA

Risk, and how we can help

Data Compliance • Archive and Retention• EDiscovery

Data Flow and Data Access Compliance • Data Loss Prevention• Encryption• Mobile Device Management• Auditing and Reporting

Identify and Preser

ve

Search and

Process

Review

Produce

eDiscovery Overview

Volume Relevance

147 Average number of active lawsuits for $1B+ companies

$1M Average per case cost of eDiscovery

Today: Multi-Mailbox Search in EAC

• Built on FAST mailbox indices• Provides Search, Hold and Export

Today: Discovery in Sharepoint

Preserve data for legal purposes

Support for eDiscovery across Exchange, Lync and SharePoint

Search and export data

Add mailboxes, SharePoint sites and file shares

Hold Capabilities

22

Mailbox: John Doe

Mailbox: Jane Doe

Mail Items Query: SpaceX

Conversations Query: SpaceX

Site: SpaceX

Site: Owner: John Doe

Content: Query: SpaceX

Attorney Discovery Center

Hold: “SpaceX”

Exchange 2013

Lync 2013

SharePoint 2013

  

Easy: download from SharePoint, Exchange, and file shares whether on premises or in Office 365 all at once

EDRM XML Support: growing industry standard for data interchange, import into popular review tools

Take it offline: Native files, PSTs, pages as .MHT, lists and feeds as .CSV

Export Capabilities

EDiscovery Demo

• Scale and Performance• Search and Comply

Future: Discovery

FFO/EOP

UCC – eDiscovery console

Policy Store

Policy WebService

Policy cmdlet

eDiscovery Results Sync Process

Policy DAL

eDiscovery cmdlets

eDiscovery DAL

Workload (Exchange)

Backend Backend

Arbitration Mailbox

(per tenant policy store)

eDiscovery Results Store

(per tenant)

eDiscovery Results Service

Policy Sync Service

Backend 1

Backend N

DAR Exchange

Search Tasks

3rd Party Data Sources

…

Federated Query Infra

Workload (Sharepoint)

Backend Backend

Policy Store(per tenant policy store)

eDiscovery Results Store

(per tenant)

eDiscovery Results Service

Policy Sync Service

Backend 1

Backend N

DAR SPSearch Tasks

Discovery Store (Aggregated result counts,

metadata, case management etc)

AGENDA

Risk, and how we can help

Data Compliance • Archive and Retention• Ediscovery

Data Flow and Data Access Compliance • Data Loss Prevention• Encryption• Mobile Device Management• Auditing and Reporting

Content analysisGet ContentRegex AnalysisFunction AnalysisAdditional EvidenceVerdict

Policy TipsOutlook and OWA

Document FingerprintingProtect intellectual property like patents, company confidential information, and other standardized form content

DLP in O365

Recognized Content Country

PII Financial Health

France

EU data protection, Data Protection Act,National Id (INSEE),Drivers License, Passport

EU Credit, Debit Card,IBAN, BIC, VAT,Swift Code

US HIPPA, UK Health Service,Canada Health Insurance card

GermanyEU data protection,Drivers License, Passport National Id

EU Credit, Debit Card,IBAN, VAT, BIC,Swift Code

UKData Protection Act,UK National Insurance, Tax Id, UK Driver License, Passport

EU Credit, Debit Card,IBAN, BIC, VAT,Swift Code

Canada PIPED Act,Social Insurance, Drivers License

Credit Card, Swift Code

US US State Security Breach Laws,US State Social Security Laws, COPPA

GLBA & PCI-DSS (Credit, Debit Card, Checking andSavings, ABA, Swift Code)

JapanPIPA, Resident Registration, Social Insurance, Passport, Driving License

Credit Card,Bank Account,Swift Code

Australia Drivers License, Passport, Social Insurance

Credit Card, Bank Account, Swift CodeBeyond Regulations and Law:• Prevent inappropriate content from entering or leaving• Limit the interaction between specific recipients and senders (ethical firewall, school

bully).• Apply disclaimers to messages as they leave

Encryption in O365

OME

IRM (RMS)Prevents sensitive information from being printed, forwarded, or copied by unauthorized people inside the organization

S/MIMESign and encrypt messages to users using certificates

Encrypt messages to any SMTP address

Office 365 Message Encryption

Exchange Online

Policy detection and Enforcement

Tenant configuratio

n

O365 User Internet UserSend

Microsoft account/Organization

Account

Mail Reading Portal

Deliver

Post

Microsoft Intune

Mobile Device Management for Office 365

Built-In

Device Management

Conditional Access

Selective Wipe

Built-InMicrosoft Intune

Application Management

LoB app

User-centric approach

Conditional AccessBefore mobile devices can access Office 365 data, they must be enrolled and healthy.

1. A user downloads the public OneDrive app on a personal iPad

2. The user is shown a page that directs them to enroll the iPad

3. The user steps through the enrollment process

4. The OneDrive app is now MDM enabled

5. The user is able to access their OneDrive data

Built-InQ1 2014

MICROSOFT CONFIDENTIAL – INTERNAL ONLY

Conditional access control flow

Office 365Users on their devices Azure AD Conditional access control

Report device compliance

Enroll device, evaluate & enforce compliance with

device management policies

Microsoft Intune

Authenticate user and device

IT Admin

Configure device mgmt. and conditional access

policies

Configure device mgmt. and conditional access

policies

Device Polices• Control what mobile devices can connect

to Office 365 Data• Set device configuration policies such as

pin lock• Enforce data encryption on devices

Admin Controls• Built-In management in console and PowerShell• Configure device policies by groups• Product level granular control• Block non-compliant devices, or just report

Device Reporting• Device compliance reports• Mobile usage and trends in our

organization• API support

Device ManagementBuilt-In

Q1 2014

Demo

Device Management in O365

Today: Auditing in O365

Specify criteria such as users to search and then export audit logs

Choose from many reports such as admin actions and non owner access

Exchange Auditing SharePoint Auditing

Audit views, edits, deletes, and searches.

Configure per site collection

Demo

Directory Changes Reporting via Azure

• Unified Logs, Unified XP• Always On Auditing• Better Together: Search,

DLP, MDMFFO/EOP

UCC – Auditing console

Policy Store

Policy WebService

Policy cmdlet

Policy DAL

Workload (SharePoint)

Backend Backend

Policy Store (per tenant policy

store)

Policy Sync Service

Content FE

Content FE

SP Content Front End Node

Audit Storage (EXO)

Audit Long Term Storage

FFO/EOP

UCC – Auditing console

Reporting cmdlets

Reporting UX

Reporting Web Service

ContentBE

SQL

Workload (Exchange)

Backend Backend

Arbitration Mailbox (per tenant policy

store)Local Queue,

Uploader(per BE server)

Policy Sync Service

Backend 1

Backend N

Exchange Auditing Hook

Audit Upload Web Service

Local Queue,

Uploader(per BE server)

Future: Auditing

sharepoint activity individual reportsarchiving

reports

devices

data loss prevention

eDiscovery

retention

Compliance admin center

Jul 7: 9:45 pm

Jul 7: 2:35 pm

Jul 7: 1:00 pm

Jul 7: 10:00 am

Jul 7: 9:30 am

Jul 7: 9:00 am

Jul 6: 10:45 am

Jul 6: 2:45 pm

Jul 6: 9:45 pm

Jul 5: 9:45 pm

Jul 5: 2:35 pm

Jul 5: 1:00 pm

Jul 4: 10:00 am

Jul 4: 9:30 am

Viewed

Deleted

Viewed

Created

Shared

Updated

Shared

Viewed

Shared

Viewed

Deleted

Viewed

Created

Shared

ACTIONDATE

HR.xlsx

ssn.doc

foo.doc

foo.doc

apple.xls

bar.list

X.doc

ssn.doc

x.doc

HR.xlsx

ssn.doc

foo.doc

foo.doc

apple.xls

FILE

Bob Kirsten

Bob Kirsten

George Washington

Howard Gonzales

Isabel Monty

Jay Hammer

Laura Post

Matej Peter

Bob Kirsten

Bob Kirsten

Bob Kirsten

George Washington

Howard Gonzales

Isabel Monty

USER

User or group name File name Event

All search

From date

2014/07/01 11:00 AM

To date

2014/07/07 10:00 PM

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.

activity log search Export results

bkirsten@contoso.com

bkirsten@contoso.com

gwashington@contoso.c

om

hgonzales@contoso.com

imonty@contoso.com

jhammer@contoso.com

lpost@contoso.com

mpeter@contoso.com

bkirsten@contoso.com

bkirsten@contoso.com

bkirsten@contoso.com

gwashington@contoso.c

om

hgonzales@contoso.com

imonty@contoso.com

EMAIL

3 users

Bob Kirsten

2 users

Laura Post

TARGET

sharepoint activity individual reportsarchiving

reports

devices

data loss prevention

eDiscovery

retention

Compliance admin center

Date: Jul 6: 10:45 am

User: Laura Post

Action: Shared

Service: SharePoint

Entity: X.doc and

others

External Access: Yes

Classification: HBI

User Type: User

Modified Property: N/A

Details: N/A

Laura shared X.doc and 19 other docs with an external user

Jul 7: 9:45 pm

Jul 7: 2:35 pm

Jul 7: 1:00 pm

Jul 7: 10:00 am

Jul 7: 9:30 am

Jul 7: 9:00 am

Jul 6: 10:45 am

Jul 6: 2:45 pm

Jul 6: 9:45 pm

Jul 5: 9:45 pm

Jul 5: 2:35 pm

Jul 5: 1:00 pm

Jul 4: 10:00 am

Jul 4: 9:30 am

Viewed

Deleted

Viewed

Created

Shared

Updated

Shared

Viewed

Shared

Viewed

Deleted

Viewed

Created

Shared

ACTIONDATE

HR.xlsx

ssn.doc

foo.doc

foo.doc

apple.xls

bar.list

X.doc

ssn.doc

x.doc

HR.xlsx

ssn.doc

foo.doc

foo.doc

apple.xls

FILE

Bob Kirsten

Bob Kirsten

George Washington

Howard Gonzales

Isabel Monty

Jay Hammer

Laura Post

Matej Peter

Bob Kirsten

Bob Kirsten

Bob Kirsten

George Washington

Howard Gonzales

Isabel Monty

USER

User or group name File name Event

All search

From date

2014/07/01 11:00 AM

To date

2014/07/07 10:00 PM

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.

activity log search Export results

bkirsten@contoso.com

bkirsten@contoso.com

gwashington@contoso.c

om

hgonzales@contoso.com

imonty@contoso.com

jhammer@contoso.com

lpost@contoso.com

mpeter@contoso.com

bkirsten@contoso.com

bkirsten@contoso.com

bkirsten@contoso.com

gwashington@contoso.c

om

hgonzales@contoso.com

imonty@contoso.com

EMAIL

3 users

Bob Kirsten

2 users

Laura Post

TARGET

In the Cloud? Compliance is easy•HIPAA Business Associate Agreement (HIPAA BAA) •FISMA authority to operate (ATO) from a federal agency•FERPA use and disclosure restrictions related to student data •EU model clause addressing international transfers of data•CJIS Security Policy 5.2 requirements met for CA and TX law enforcement•DPA (Data Processing Agreement) to address the privacy, security, and handling of customer data

Supporting Customer

Compliance

• ISO 27001: First major business productivity public cloud service to have implemented ISO 27001 mgmt. controls

• SAS 70 Type I and Type II attestation

O365Accreditations

• Protecting Against Government Snooping: http://blogs.technet.com/b/microsoft_blog/archive/2013/12/04/protecting-customer-data-from-government-snooping.aspx

• Transparency Advocacy: https://www.reformgovernmentsurveillance.com/ • DC Ops Auditing• Numbers of govt requests for data

http://blogs.technet.com/b/microsoft_on_the_issues/archive/2014/02/03/providing-additional-transparency-on-us-government-requests-for-customer-data.aspx

• Law enforcement requests report: http://www.microsoft.com/about/corporatecitizenship/en-us/reporting/transparency/

Transparency and Government

Snooping

“We are committed to notifying business and government customers if we receive legal orders related to their data. Where a gag order attempts to prohibit us from doing this, we challenge it in court. “

OFC-B230 Overview of Security in O365

Track resources

OFC-B312 Data Loss Prevention in O365

OFC-B334 Office365 Compliance and Privacy

OFC-B330 Mobile Device Mgmt for O365

EM-B312 Mobile App Mgmt for O365

Resources

Learning

Microsoft Certification & Training Resources

www.microsoft.com/learning

Developer Network

http://developer.microsoft.com

TechNet

Resources for IT Professionals

http://microsoft.com/technet

Sessions on Demand

http://channel9.msdn.com/Events/TechEd

Please Complete An Evaluation FormYour input is important!TechEd Schedule Builder CommNet station or PC

SAMPL

E

TechEd Mobile appPhone or Tablet

QR code

Evaluate this session

SAMPL

E

© 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Font infoFont, size, and color for text have been formatted for you in the Slide MasterThis template uses Segoe UI and Segoe UI Light, standard fonts included in Windows 7/8If you are running Windows 7 or 8, no fonts are needed. If you are running Windows Vista or earlier, you will need to install Segoe UI Light.

When connected to CorpNet, you can find Segoe UI here: \\showsrus\images\Corporate_Fonts\PC\Segoe UI\Segoe_UI_Font_family

Copy the .ttf fonts into your C:\Windows\Fonts folder