May 05 2017

How Office 365 Helps Feds Handle Sensitive Data on Mobile Devices

Software features can protect users from themselves and keep an eye on private information.

Federal officials often tread slowly when it comes to adopting new technologies to handle sensitive information. Relying on employees to follow policies on classified information is also a challenge. But Microsoft Office 365 can reduce the likelihood of staff falling prey to phishing scams, accidentally copying classified information, or forwarding files to personnel who aren’t authorized to view them. Here are four ways Office 365 keeps sensitive information safe.

1. Conditional Access Rules Limit Breaches 

Compliance policies only allow users access to Office 365 services if a device meets predefined requirements. This may include whether a password is required to unlock a device or whether a device is encrypted. If a device doesn’t comply, Microsoft guides users through the steps to resolve the issue and prevents access to emails or files. This level of protection requires an Azure Active Directory Premium license.

2.  Advanced Threat Protection from Attachments 

Microsoft added two features, URL Detonation and Dynamic Delivery, to Office 365 to improve protection and performance. URL Detonation scans links to Office files, PDFs and executables. In a sandboxed environment, advanced threat protection checks whether a file might involve malicious behavior and, if so, blocks access to that link. Dynamic Delivery lets users read messages as attachments are scanned. Previously, Microsoft scanned files with an anti-malware engine, but this feature led to a delay in users accessing email as it analyzed attachments. Users must activate both options.

3. Data Loss Prevention Keeps Information Inside Agencies 

This feature analyzes content in Exchange Online, SharePoint Online and OneDrive for Business sites to determine if sensitive and personally identifiable information (including credit card numbers and civilian pay grades) should be protected and monitored. DLP ensures that information doesn’t leave an agency or is forwarded to the wrong people. It also uses Exchange transport rules to determine whether Outlook should act on a message before it is delivered, such as warning users they may be violating a policy on classified information.

4. Rights Management Protects Files Anywhere 

Office 365 Rights Management is designed to secure files and email no matter their location, meaning that even when documents are emailed to an outside organization, it’s possible to control who can view the information and what can be done with it. Office 365 Rights Management Services (RMS) uses simple transport rules to classify files, label them and protect them in one step. Users can manually select a classification. In addition, users can revoke access to documents. While the Office mobile apps for iOS, Android, and Windows Mobile can consume RMS-protected content, they cannot create it.


Become an Insider

Unlock white papers, personalized recommendations and other premium content for an in-depth look at evolving IT