Office 365

Accessible via Logic App connectors for basic transformations, such as pulling an email off a mailbox and writing to a database table.

Office 365 - Email

This provides in- and outbound email for the enterprise. All attachments should be virus checked, compressed, and encrypted. SPAM filters should be used to block unwanted inbound emails, while outbound emails should be checked against a "do not contact" list prior to transmission.

Office 365 – Compliance Manager

The Compliance Manager provides an at-a-glance summary of the shared responsibility model reflecting both Microsoft's and your organization’s data protection and compliance posture for standards and regulations such as ISO 27001:2013, NIST 800-53, the Health Insurance Portability and Accountability Act (HIPAA), the European Union General Data Protection Regulation (GDPR) and others.

It provides risk assessment workflow and management tools for task assignment and verification to help Governance, Risk & Compliance teams and IT departments work together to streamline internal compliance activities.

It also features intelligent tracking that understands common and similar compliance activities across multiple standards and regulations to reduce your organizations costs and efforts from regulation to audit, by applying a single activity to multiple assessments or controls.

Office 365 – Data Loss Prevention

To comply with business standards and industry regulations, organizations need to protect sensitive information and prevent its inadvertent disclosure. Examples of sensitive information that you might want to prevent from leaking outside your organization include financial data or personally identifiable information (PII) such as credit card numbers, social security numbers, or health records. With a data loss prevention (DLP) policy in the Office 365 Security & Compliance Center, you can identify, monitor, and automatically protect sensitive information across Office 365.

With a Data Loss Prevention policy, you can:

To assess how your organization is complying with a DLP policy, you can see how many matches each policy and rule has over time. If a DLP policy allows users to override a policy tip and report a false positive, you can also view what users have reported.

You create and manage DLP policies on the Data loss prevention page in the Office 365 Security & Compliance Center.

Office 365 – Data Governance

Data governance is about keeping your data around when you need it and getting rid of it when you don't. With data governance in Office 365, you can manage the full content lifecycle, from importing and storing data at the beginning, to creating policies that retain and then permanently delete content at the end.

Office 365 – Threat Management

Threat management includes protection from both malicious software and attacks against systems and networks. Microsoft products and services have built-in protection features to help defend your data against malware and other types of threats.

Microsoft cloud services help you protect against malware threats in multiple ways. Microsoft Antimalware is built for the cloud, and additional antimalware protections are provided in specific services. Denial-of-service (DoS) attacks can deny access to important resources and result in lost productivity, so Microsoft builds its services to defend against such attacks. Windows server and client operating systems include multiple technologies for protecting against these threats at the local level.

Secure Identity

Microsoft threat management technologies help protect systems against malware, in cloud and on-premises environments. Malware is a leading cause of identity compromise; it can run in the background and collect information, such as user names and passwords, and transmit them back to the attacker. With stolen credentials, an attacker can access, modify, or destroy your valuable data. If the compromised account has administrative privileges, the attacker can change system or account settings and do much more damage. Thus, an important element in keeping user identities secure is protecting them from the effects of malicious software.

Secure Infrastructure

Microsoft uses many security technologies and practices to protect the cloud infrastructure and on-premises networks against modern, sophisticated threats:

Antimalware components and services for cloud services, virtual machines (VMs), and Windows clients and servers help identify and remove viruses, spyware, and other malicious software. Antimalware also provides real-time protection, on-demand scanning, basic configuration management, and monitoring. Microsoft Antimalware for Azure cloud services and virtual machines is built on the same antimalware platform as other Microsoft malware protection products, and provides a single-agent solution for applications and tenant environments.

Distributed denial-of-service defenses protect Microsoft's cloud services from network-layer high-volume attacks that choke network pipes and packet-processing capabilities by flooding the network with packets. Microsoft provides a distributed denial-of-service (DDoS) defense system that is part of the Azure continuous monitoring and penetration-testing processes. The Azure DDoS defense system is designed not only to withstand attacks from the outside, but also from other Azure tenants. The Azure DDoS defense technology provides detection and mitigation techniques such as SYN cookies, rate limiting, and connection limits to help ensure that network-layer high-volume attacks on the platform itself do not impact customer environments. Application-layer attacks, on the other hand, are direct attacks launched against a customer deployment. The Azure DDoS defense system doesn’t provide mitigation or actively block network traffic affecting individual customer deployments, as it's not possible for the system to interpret the expected behavior of customer applications.

Advanced Threat Analytics is technology that monitors normal usage patterns for networks, systems, and users, and employs machine learning to flag any behavior that is out of the ordinary. Advanced Threat Analytics uses information derived from networked devices and heuristics to detect suspicious activity that may indicate a threat; it then sends real-time alerts so that you can mount a response to protect your assets.

Microsoft threat management technologies were developed based on our experience addressing emerging threats in the public cloud, private cloud, and datacenter environments, and are driven by the “assume breach” approach.