This is the seventh post in our eight-blog series on deploying Intelligent Security scenarios. To read the previous entries, check out the Deployment series page.
Cumbersome restrictions and limitations on mobile devices, apps, and remote access can be taxing from an IT perspective and frustrating for your employees. Your users need to be able to create, access, and share files from anywhere, and IT needs to ensure that these actions won’t compromise your company’s security.
Microsoft 365 offers security solutions that help secure your collaboration and productivity apps. That way your employees can connect and communicate wherever they are, using tools they are familiar with, as securely as if they were right at their desks.
How can I securely share documents outside my organization?
Classify documents based on content sensitivity
First, classify documents using Azure Information Protection (AIP). With AIP, you can configure policies to classify, label, and protect data based on its sensitivity. Data can be classified according to standards you define for content, context, and source. These classifications can then be applied automatically or manually, or you can prompt your employees to decide what classification to apply with in-product suggestions.
To classify documents using AIP, you must first configure your company’s classification policy. Configure the policy by signing in to the Azure portal as an administrator and then select Azure Information Protection in the apps list. All AIP users start with a default policy that you can configure to suit your needs. Once you have created the policy that works best, publish your changes to deploy the policy to all managed apps and devices.
Use email to share files
Your employees can use email file attachments in Microsoft Outlook to share files. With Outlook, users can take files from their business or personal device, attach files to an email, and access a dedicated library where all group files are stored. If your employees need to send a sensitive message to external users, they can increase security by encrypting the message using Office 365 Message Encryption and the message recipient will decrypt the message using the Office 365 Message Encryption viewer.
Enable users to collaborate
To ensure that shared documents are only viewed by the right person, your users can share files with internal or external partners through OneDrive for Business and apply security features such as password protection and Multi-Factor Authentication.
Microsoft Teams—a chat-based workspace—enables teams to be more productive by giving them a single and secure location that brings together everything a team needs all in one hub, including chats, meetings, calls, files, and tools. Azure Active Directory (Azure AD) conditional access policies can be configured to secure the data in Teams. You can deploy Teams through Microsoft System Center Configuration Manager (ConfigMgr) or Microsoft Intune.
Yammer helps your users improve engagement with everyone in your organization through social networking. Use the security features in Yammer to help protect sensitive organizational data. Yammer supports Azure AD single sign-on authentication, allows admins to set password policies, and provides admins with session management tools that let you see the devices users are signed in to. You can manage access and permissions in Yammer by setting up the Yammer network to comply with your organization’s standards.
Identify risky applications and shadow IT
Microsoft Cloud App Security allows you to more securely share documents via third-party applications by identifying the cloud apps on your network. By gaining visibility into shadow IT, you can help protect your information using policies for data sharing and data loss prevention.
How can I work on documents across devices securely?
To work more securely across different devices you will need to manage your mobile devices and set app protection policies. You can use Intune to manage your users’ mobile devices. To help prevent data loss, you will want to protect company data that is accessed from devices that you don’t manage. You can apply Intune app protection policies that restrict access to company resources and avoid company and personal data from getting intermingled. Company data can end up in locations like personal storage or transferred to apps beyond your purview and result in data loss. App protection policies can be used to prevent company data from saving to the local storage of an unmanaged device or moving the data to other apps that aren’t protected by app protection policies.
Deployment tips from our experts
Enable security features in Office 365 apps—Office 365 apps like Outlook, OneDrive, Teams, and Yammer all come with built-in features that enable users to more securely share files and be productive. A few simple things you can do include:
- Add permissions to file recipients in OneDrive for Business or SharePoint before sending in Outlook.
- Use password protection to ensure documents are viewed only by the right people.
- Send a sensitive message to external users securely by encrypting the message using Office 365 Message Encryption.
- Set password policies and manage security settings in Yammer.
- Configure Azure AD conditional access policies to secure the data in Teams.
Classify and share documents securely—Classify documents in AIP to track and control how information is used. Then share documents securely via third-party applications using Microsoft Cloud App Security to protect your information.
Prevent data loss on mobile devices—Manage mobile devices with Intune and through mobile device management. Then implement app-level controls with Intune app protection policies to help prevent data loss.
Plan for success with Microsoft FastTrack—FastTrack comes with your subscription at no additional charge. Whether you’re planning your initial rollout, needing to onboard your product, or driving end-user adoption, FastTrack is your benefit service that is ready to assist you. Get started at FastTrack for Microsoft 365.
Want to learn more?
For more information and guidance on this topic, check out the white paper Store and share files inside and outside your organization to work securely across organizational boundaries. You can find additional security resources on Microsoft.com.
Coming Soon! “Using controls for security compliance” will be the last installment of our “Deploying intelligent scenarios” series. In November, we will kick off a new series: Top 10 security deployment actions with Microsoft 365 Security.
More blog posts from this series:
- Tips for getting started on your security deployment
- Accelerate your security deployment with FastTrack for Microsoft 365
- First things first: Envisioning your security deployment
- Now that you have a plan, it’s time to start deploying
- Getting the most value out of your security deployment
- New FastTrack benefit: Deployment support for co-management on Windows 10 devices
- Assessing Microsoft 365 security solutions using the NIST Cybersecurity Framework
- Enable your users to work securely from anywhere, anytime, across all of their devices
- Protect your data in files, apps, and devices
- Cybersecurity threats: How to discover, remediate, and mitigate
- Protecting user identities
- Collaborate securely
- Secure file storage