CEO Satya Nadella’s words pretty much hit home at the Microsoft Government Cloud Forum in November 2015, striking a chord with the many IT managers who more often than not seem to be deeply concerned about Office 365 compliance and data security when facing the decision whether or not to move on-premises content to Microsoft’s cloud-based service. Why?

Organizations are obliged at all times to meet legal and regulatory compliance standards and assure corporate data security. Penalties for noncompliance can be severe with crushing consequences. In many instances, fines quickly skyrocket into millions of dollars, let alone the fact that false claims and fraudulent statements on compliance can put company executives under arrest - no ifs and buts.

Understandably, with regulations applying to printed information and electronic data alike, CIOs are genuinely troubled about compromising compliance when moving sensitive information to the cloud, passing the buck to IT to safeguard their tenant data across Office 365 and steer clear of any violations and infringements.

Microsoft is well aware of those fears… and declared cybersecurity a key priority with the Office 365 Security and Compliance Center, designed to help you meet your legal, regulatory and organizational requirements.

Still worried? Discover Microsoft’s toolbox for Office 365 security and compliance.

What is the Office 365 Security and Compliance Center?

With the Office 365 Security and Compliance Center, Microsoft offers several useful features IT managers can take advantage of to manage and uphold the protection of sensitive information across Office 365, Exchange Online and SharePoint Online.

While a number of core functionalities offered in the Center have been available in Office 365 since its day of launch, Microsoft is continuing to move more features into the console from their respective services, aiming to unite the whole set of security and compliance tools under one unified interface, which is accessible through the familiar Office 365 Admin Portal.

Here are the tools in detail.

Download our free Office 365 implementation checklist:

Corporate data security and Office 365 data security features

  • Access Control. Don’t let sensitive data fall into the wrong hands. Access Control allows you to set the seal on corporate content and ensure that only authorized staff can access information intended for them. Just as in previous on-premises versions, you can regulate access to SharePoint Online via the Office 365 Security and Compliance Center.
  • Azure Rights Management Services (RMS). Apart from Access Control, you can utilize RMS to impose certain limitations to defined content. In case an email (or file attached to it) contains sensitive information you are afraid might leak to the outside, you can set RMS restrictions to block the recipient from forwarding that email, printing it or even copying it to a USB flash drive. Besides email messages, you can apply RMS to content stored in SharePoint Online as well as files within your network folders or any other content you have saved to Microsoft's cloud.
  • Data Loss Prevention (DLP). On top of RMS, you can take advantage of security controls that help lock down who can see individual email messages. You can also define which content is allowed to leave the organization. In Exchange Online, you can establish custom rules and policies that encrypt, bar or warn email senders that they are about to distribute sensitive information that ought to stay within the organization.
  • Device Management. As mobile devices have an impact on data security and compliance, Microsoft offers capabilities that allow you to restrict Office 365 access to devices approved by your company (you can grant conditional access to Google Android, Apple iOS and Windows devices).

Office 365 compliance tools

  • Archiving. Use this function to enable/disable employees’ archive mailboxes and provide them with an alternate location to store older messaging data. You can set up archive policies that automatically move messages from a primary mailbox to the archive after a specified period (by default, messages are moved to the archive mailbox two years after they have been delivered).
  • eDiscovery. Generally, electronic discovery allows you to identify and deliver information to be used as evidence in legal cases. With the eDiscovery capability in Office 365, you can search for specific content in Exchange Online mailboxes, Office 365 Groups, SharePoint Online sites and Skype for Business conversations. Apply this tool to perform compliance searches relevant to a legal case - if your search returns content that needs to be secured against tampering while a legal process is running, you can place a litigation hold on sensitive content stored in Exchange, SharePoint and OneDrive for Business to protect evidence without moving it from its original location.
  • Retention. To keep on top of what content you need and which you no longer require, Microsoft boasts retention capabilities to help you manage the lifecycle of all emails and documents. While you may be obliged to retain content for a specific period of time due to compliance, legal or other organizational requirements, keeping content longer than needed might make you fall victim to legal risk.
  • Import. Apply this tool to import PST files to Exchange Online mailboxes or import data files to SharePoint Online. You can upload both types of files via the network or copy them to a hard drive – just send it to a Microsoft datacenter to have it imported to Office 365.
  • Permissions. Manage access to the compliance tools Microsoft offers within the Office 365 Security and Compliance Center. While your employees are only able to execute tasks you grant them access to, you can specify and assign them to role groups with certain (deeper) levels of access in the Center.

With the Office 365 compliance toolset, you will find it is easy to enforce regulatory policies and make sure your employees comply to them.

Download our free Office 365 implementation checklist: