Documente Academic
Documente Profesional
Documente Cultură
1
Microsoft 365
Fundamentals
Subtitle or speaker name
Module 03: Security, compliance, privacy,
and trust in Microsoft 365
Module agenda
Organizational security fundamentals
Security features in Microsoft 365
Identity and Access Management
Device and data protection in Microsoft 365
Compliance in Microsoft 365
Lesson 1: Organizational security fundamentals
Lesson introduction
Key pillars of security
Identify the most common security threats
Pillars of computer security
The key pillars of any computer security system are:
Identity and access management
Local, domain, Azure Active Directory (Azure AD) and Microsoft accounts, as well as other account types
Information protection
Data at rest
Data in transit
Threat protection
Firewall settings
Antivirus/antimalware protection
Software fixes and updates
Lax security settings
Poor physical security
Security management
Identity and access management concepts
Your users might have a number of user accounts within your organization,
such as:
Local accounts
Domain accounts
Azure AD accounts
Microsoft accounts
Other accounts
Information protection concepts
When considering how best to secure your organizational data, it’s important
to consider two situations:
Data at rest
Data in transit
Threat protection concepts
Threats to your organization’s data and infrastructure can originate from both
devices and the network.
Device security
Firewall settings
Antivirus / antimalware protection
Software fixes and updates
Lax security settings
Poor physical security
Network security
Common security threats
Network security threats
An eavesdropping attack
A denial of service (DoS) attack
Port scanning attacks
Man-in-the-middle attacks (MITMs)
To help protect individuals, governments and the agencies they appoint have introduced
regulations about data storage and use
These regulations include:
Granting people the right to access, and possibly correct, data stored about them
Defining a data retention period
Granting governments and their appointed regulatory bodies the rights to access stored records for
investigative purposes
Defining exactly how stored data can and cannot be used. In other words, defining the purpose for the
collated data
Defining privacy controls so that private data can remain private
Most common government regulations include: HIPAA, FISMA, EU Model Clauses,
Safe Harbor Framework and others
Service Trust Portal and Compliance Manager
Service Trust Portal provides a variety of content, tools, and other
resources about Microsoft security, privacy, and compliance practices
The portal consists of several components:
Service Trust Portal
Compliance Manager
Trust documents
Regional Compliance
Privacy
Resources
Admin
Service Trust Portal and Compliance Manager (cont.)
The Compliance Manager portal helps you
stay compliant with both internal
requirements and well-known security
standards, such as:
GDPR
ISO 27001
ISO 27018
NIST 800-53
HIPAA
Compliance Manager performs the
following key activities:
Real-time risk assessment
Actionable insights
Simplified compliance
Data governance in Microsoft 365
Retention labels allow you to:
Enable people in your organization to apply a retention label manually.
Apply retention labels to content automatically.
Apply a default retention label to a document library.
Implement records management across Office 365.
Encryption in Microsoft 365
Microsoft 365 uses some of the strongest encryption protocols available:
data is encrypted by default, at rest and in transit.
For data at rest, data is encrypted at the physical disk with BitLocker and in
applications with service encryption.
Data in transit is encrypted with TLS (Transport Layer Security) as it
moves across the network.
Zero standing access
Customer Lockbox for Office 365:
Respond to data discovery requests
Microsoft Compliance Center
Module Review
Complete the module review in the course handbook.
Lab: Implement security and compliance in
Microsoft 365
© Copyright Microsoft Corporation. All rights reserved.