Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud

4/30/2019
01:30 PM
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
50%
50%

Microsoft 365 Updated with New Compliance, Encryption, Privacy Controls

New tools, such as Compliance Manager and Advanced Message Encryption, aim to give businesses more options for data privacy.

Microsoft is rolling out a series of new capabilities designed to give businesses greater control over their data privacy practices, help meet compliance requirements, and investigate potential security threats.

The changes arrive as companies are taking a closer look at their privacy practices and monitoring information wherever it travels and resides. With more data moving to the cloud and consumers becoming more aware of organizations' privacy standards, protecting that data has become priority.

One of the new capabilities is Office 365 Advanced Message Encryption, which gives admins additional controls to automatically expire, or revoke access to, encrypted emails sent outside the company via secure Web portal. For example, if a message has data such as health IDs, an admin can configure the settings so it's encrypted and expires after 30 days or whatever compliance requirements dictate.

Microsoft is also adding data investigation capabilities, which businesses can use to analyze incidents such as data leaks or phishing attacks. Data investigation lets admins search affected content or individuals following a breach, then delete emails containing confidential data so users can't view it. Data investigation is currently in preview, Microsoft notes in a blog post on today's announcements.

New changes to Microsoft Teams aim to improve security and compliance for chats, meetings, and calls. These include data loss prevention and information barriers to prevent sensitive data from leaking.

There also are new features for Compliance Manager, a tool designed to help admins manage compliance across various data assets. Admins can now create their own assessments against any regulation or standard while including on-prem and non-Microsoft applications. This lets managers handle data protection controls, prep for audits, and work with different teams from Compliance Manager.

Compliance Manager integrates with the Secure Score API to detect settings and update controls accordingly. When security controls like multifactor authentication are implemented, the tool's risk assessments reflect it. Compliance Manager updates are in public preview for commercial plans.

In another compliance-friendly move, Microsoft is extending Multi-Geo capabilities to SharePoint Online and Groups in addition to Exchange Online and OneDrive. Businesses face several compliance requirements as data residency rules are introduced around the world. Multi-Geo, which can be bought as an add-on to Microsoft 365 and Office 365, lets them choose where Office 365 content is stored at rest.

Related Content:

 

 

 

Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industry's most knowledgeable IT security experts. Check out the Interop agenda here.

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Aviation Faces Increasing Cybersecurity Scrutiny
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/22/2019
Microsoft Tops Phishers' Favorite Brands as Facebook Spikes
Kelly Sheridan, Staff Editor, Dark Reading,  8/22/2019
MoviePass Leaves Credit Card Numbers, Personal Data Exposed Online
Kelly Sheridan, Staff Editor, Dark Reading,  8/21/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2016-6154
PUBLISHED: 2019-08-23
The authentication applet in Watchguard Fireware 11.11 Operating System has reflected XSS (this can also cause an open redirect).
CVE-2019-5594
PUBLISHED: 2019-08-23
An Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") in Fortinet FortiNAC 8.3.0 to 8.3.6 and 8.5.0 admin webUI may allow an unauthenticated attacker to perform a reflected XSS attack via the search field in the webUI.
CVE-2019-6695
PUBLISHED: 2019-08-23
Lack of root file system integrity checking in Fortinet FortiManager VM application images of all versions below 6.2.1 may allow an attacker to implant third-party programs by recreating the image through specific methods.
CVE-2019-12400
PUBLISHED: 2019-08-23
In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. However, if some untrusted code can register a malicious implementation with the thread context class loader first, then this im...
CVE-2019-15092
PUBLISHED: 2019-08-23
The webtoffee "WordPress Users & WooCommerce Customers Import Export" plugin 1.3.0 for WordPress allows CSV injection in the user_url, display_name, first_name, and last_name columns in an exported CSV file created by the WF_CustomerImpExpCsv_Exporter class.