MSP Blog Logo

BDR

Business Growth

Cybersecurity

Help Desk

MDM

RMM

Sales & Marketing

Subscribe

Empowering Your MSP Business to Grow and Prosper—One Post at a Time

5 Ways to Improve Your MSP Service Level Agreement (SLA)

Featured Post

5 Ways to Improve Your MSP Service Level Agreements (SLAs)

SLAs are the foundation of your MSP business. They are essential to building strong client relationships and must be clear, reasonable and well-constructed.

Read Now

4 Ways Microsoft Is Investing in Data Security & Compliance for Office 365

Posted April 27, 2015by Mary McCoy

4_Ways_Microsoft_Is_Investing_in_Data_Security__Compliance_for_Office_365-1

The month of April has seen its fair share of Microsoft announcements. Between Lync Online's transition into Skype for Business and the tech community's first look at Exchange Server 2016, you may have missed or already forgotten about the key product enhancements coming to an Office 365 near you. MSPs can rejoice in the new data security measures the cloud service email provider has on their road map for the remainder of the year.

Because Microsoft understands the need for privacy in a public cloud infrastructure, especially among IT service providers who are held to strict compliance standards, Office 365 will soon be unveiling features geared at increasing administrators' control over their clients' email environments and the safety of their associated data transactions. 

 

1) New Office 365 Management Activity API

If you've been wanting greater visibility into Office 365 service operations, Microsoft's product team may have just granted your wish. As part of their ongoing commitment to giving customers better transparency, they've announced a new Office 365 Management Activity API. 

As MSPs, you want to know who has access to your clients' data and whether security and compliance safeguards are in effect. Does the idea of sensitive business interactions being hosted in a public cloud make you nervous? With the new RESTful API, you will be better able to understand what happens to your clients' sensitive corporate data within the context of cloud computing and which policy related, admin actions occur across Exchange Online and Sharepoint Online in Office 365.

Related: The 3 Choices All MSPs Must Face with the Rise of the Cloud

Microsoft is promising over 150 data transaction types and consistent schema across all activity logs with the upcoming release. Such a security enhancement is an exciting advancement in data monitoring, analysis and visualization. Expect these tighter admin controls to hit this summer!


2) Customer Lockbox

When trusting a platform like Office 365, are you ever concerned that your content isn't private? How much access to your emails do Microsoft employees have, and is it worth worrying about? The Office 365 product team sure thinks so. With its new Customer Lockbox feature, Office 365 reaffirms its dedication to business-grade data security.

Currently powered by automated operations, Microsoft engineers rarely touch customer content, but tighter security controls will soon go into effect. Customer Lockbox will be enabled by the end of the year, offering "unprecedented customer control over content residing in Office 365, so customers can be assured that their content will not be accessed by Microsoft employees without their explicit approval." 

If you're offering Office 365 to clients and therefore, have access to their environments, you can decide who is authorized to approve access requests. You'll also receive notifications when a Microsoft engineer attempts to gain entry to your clients' Office 365 instances to resolve an issue. When you consider the rise of attackers claiming to be Microsoft support staff, account access settings are a vital response.

Related: Microsoft Support Scam Recording Exposes Larger Trend of Social Engineering


For more FAQs regarding this addition, check out the official Office 365 blog post about Customer Lockbox!


3) Enhanced Email Encryption 

As part of the latest string of Microsoft product promises, in the coming months, Office 365 will be introducing a new layer of content level encryption, using "keys that are protected using hardware security modules certified to FIPS 140-2 Level 2."

As MSPs subject to HIPAA regulations, for instance, you can't afford to store and share client data that is weakly encrypted. Office 365's encryption reinforcement should help ease any worries you may have about account credentials or personally identifiable information (PII) such as social security numbers and home addresses, being intercepted and compromised. 

Related: Do Your Tools and Services Help You Comply with HIPAA / HITECH Act Registrations?


4) Exchange Online Advanced Threat Protection (ATP)

Available at the end of the summer, ATP email filtering will offer protection against unknown malware and viruses, real-time protection against malicious URLs and advanced reporting and URL tracking functionality. According to the Microsoft masterminds, any email message or attachment that doesn't have a known virus/malware signature will be "routed to a special hypervisor environment, where a behavior analysis [will be] performed using a variety of machine learning and analysis techniques to detect malicious intent."

In a previous blog post, The Threat the FBI’s Internet Crime Complaint Center (IC3) Wants You to Know About, we wrote about the frightening trend of business email compromises that have contributed to $180 million total dollar loss in America, alone. As hackers become more sophisticated, technology needs to become more robust. Now, Office 365 is addressing those attackers who've found a way to infiltrate undected. If you're worried about clients receiving emails with seemingly safe links that actually redirect to black hat websites, ATP's Safe Links feature has you covered, protecting clients if they do happen to click the link.

It is important to note that while this added security measure is certainly beneficial, MSPs should be educating clients on safe email practices. They should be aware of what to look for in phishing scams, for example, and should always know which links they're clicking on and where those links lead.

Related: Phishing Scams: What You Need to Know to Avoid Them

Within your client's organization, who persistently gets hit with these schemes? Are there any patterns in the attacks? ATP's slick reporting and email tracing allows you to dig deeper to find out!

 

Why not offload those Office 365 migrations to free up tech time? 

New Call-to-action

 

Meet Mary! Mary McCoy is a Senior Demand Generation Programs Manager at Continuum, where she's worked for over two years. Mary has consulted with hundreds of partners, lending website, blog and social media support. Before that, she graduated from the University of Virginia (Wahoowa!) with a BA in Economics and served as digital marketing intern for Citi Performing Arts Center (Citi Center), spearheading the nonprofit’s #GivingTuesday social media campaign. Like her school’s founder, Thomas Jefferson, Mary believes learning never ends. She considers herself a passionate, lifelong student of content creation and inbound marketing.

RMM 101: Must-haves for Your IT Management Solution
MSP Guide to Managed Services SLAs  [white paper]
comments powered by Disqus