Office 365 delivers excellence with its cutting-edge security practices.
- Customers benefit from the investments, scale, and deep experience of Microsoft. We have developed our practices and policies as a result of over 15 years of experience in providing security for online data. Our security practices are scalable and combine our learnings in different geographies and industry verticals.
Built-in security. We help secure data from the time it is stored at rest within data centers to the time it reaches user devices. The built-in security features available to all customers by default are:
- 24-hour monitored physical data centers.
- Logical isolation of data between tenants.
- Administrative access to Office365, controlled by a role-based access control process.
- Segregation of the internal datacenter network from the external network and encryption of data transmitted across the networks.
- Encryption of email data at rest using BitLocker 256-bit encryption and SSL/TLS encryption of data in transit.
- Applications built by following the Security Development Lifecycle. The Microsoft secure development lifecycle ensures that security and privacy are incorporated by design, from software development to service operation.
Office 365 security controls. Office 365 offers controls to help customers customize security features depending on their individual needs.
- Advanced encryption using Rights Management Service allows users and administrators to selectively encrypt items.
- User access control, using identity services such as Active Directory, Azure Active Directory, and Active Directory Federation Services can be enabled to simplify management.
- Compliance features such as data loss prevention can be enabled by administrators to prevent sensitive data from leaving the organization.
- Legal hold, governance, and archiving features allow administrators to place a hold on sensitive data for legal and archiving purposes.
- eDiscovery lets administrators quickly find items across Sharepoint Online, Exchange Online, and Lync Online for audit and security purposes.
- Anti-malware and anti-spam features are easy to use and customize by administrators.
- Device security features in mobile devices and PCs allow remote device data wipe and device access restrictions.
Read our new Security white paper that describes Office 365 security practices end to end.
Learn more about the Microsoft response to questions suggested by the Cloud Security Alliance for customers seeking a cloud provider.
Watch a video about our security practices.