Office 365 Customer Security Considerations Preview

Yesterday Microsoft announced that the new Office 365 customer security considerations (CSC) workbook is in preview for customers to test and give feedback.

The Office 365 customer security considerations workbook is designed to help facilitate a quick review and implementation of the security controls available in Office 365, as well as provide information on key security and compliance features. The CSC workbook is currently implemented as a Microsoft Excel workbook and overtime will increase the number of pivots and additional compliance scenarios that are incorporated.

Currently the CSC workbook contains two security-based pivots on the same set of features and information. One of the pivots is the Office 365 Customer Control Considerations section. Information in this security based pivot is organized into five scenarios listing the features that can be used to manage information security risks:

• Access Control – Managing identity and access control using Office 365 and Azure features.
• Data Leakage – Encryption and controlling forwarding.
• Data Resiliency – Protecting and recovering information from potential data corruption.
• Incident Response and Recovery – Security incidents around response and recovery.
• Security and Compliance Investigations – Conducting compliance searches and forensic investigation, as well as logging and hold actions in Office 365.

An all-up list of considerations is provided in addition to these five scenarios.

The second pivot is the Office 365 Risk Assessment Scenarios section. This information is organized by risk/threats and how you can implement the various controls that will help you manage these risks.

• Attacked Foothold
• Credential Theft
• Former Employee
• Malicious Customer Administrator
• Malware
• Microsoft Operator
• Trusted Device Compromised

Microsoft is aiming to have the CSC workbook provide quick information on how to help secure your Office 365 service with features and configurations you can manage.

If you or your organization is interested in getting the CSC workbook, you can sign in to the Office 365 Service Trust Portal (STP).