As an Office 365 customer, you benefit from the investments, scale, and deep experience of Microsoft. We have developed our practices and policies as a result of over a decade of experience in providing security for online data.
Our security practices are scalable and combine our learnings in different geographies and industry verticals.
Our built-in security features safeguard data from the time it is stored to the time it reaches user devices. By default, our security features include:
- 24-hour monitored physical datacenters.
- Logical isolation of data between tenants.
- Administrative access to Office 365, controlled by a role-based access control (RBAC) process.
- Segregation of the internal datacenter network from the external network, plus encryption of data transmitted across the networks.
- Encryption of email data at rest using BitLocker and SSL/TLS encryption of data in transit.
- Applications built by following the Security Development Lifecycle. Our secure development lifecycle ensures that security and privacy are incorporated by design—from software development to service operation.
Our security controls give you options to customize your security features depending on your specific needs.
- Rights Management Service allows users and administrators to encrypt content with intelligence based on identity and policy.
- Identity systems and services such as Windows Active Directory, Windows Azure Active Directory, and Active Directory Federation Services can be enabled for secure access to Office 365.
- Advanced features such as data loss prevention can be enabled by administrators to prevent sensitive data from leaking outside the organization.
- Features like legal hold, governance, and archiving allow administrators to place a hold on sensitive data for legal and archiving purposes.
- Functionality like eDiscovery enables administrators to easily find items across SharePoint Online, Exchange Online, and Lync Online for audit and security purposes.
- Our anti-malware and anti-spam features are advanced yet easy to use and customize by administrators.
- Our device security features in mobile devices and PCs allow remote device data wipe and device access restrictions.
For a detailed description of Office 365 security, read our security white paper.