Migrating business content to the cloud and Office 365 is one of the most important business upgrades you will make, but once you’ve moved to the cloud, you may never need to upgrade again. But what if you’ve already made the move and are enjoying your newfound tools? Do you just ride off into the sunset?
Well, no. Office 365 is a powerful platform of productive tools and solutions that will help your organization perform better—and there are several actions you can take to make sure it remains secure and organized so everyone in your business can make the most of what they have at their disposal. It’s important to remember that when it comes to storing data, Office 365 is already very secure.
Or at least, that is, secure from outside breaches. However, business is rarely done in isolation and there are times when you will probably need to give external users access to your information. It’s also unfortunately true that we are never completely free from the risk of human error. So, whether coming from internal access or from human oversight, the security of your content and data can never be completely immune from breaches. The good news is, there are steps you can take to make sure it’s as secure as it can be.
And in that spirit, we have set out to assist you with a best practice security guide for Office 365.
- Inventory everything in your Office 365 environment
One of the first steps for security best practice is to take stock of the items, data, content and resources that exist in your Office 365 environment. Knowing what you have means you’ll know how to protect it better. If you have recently migrated to Office 365, you may already have an inventory and your content may already have been purged (you can read more about inventory building in the context of a SharePoint migration). Either way, taking stock right now is an important step.
- Manage User Permissions
User Permissions are what they sound like: granting access to certain areas of your Office 365 data and other content. Permissions in Office 365 are based on the Role Based Access Control (RBAC) permissions model (get familiar with the Office 365 Security & Compliance Center here). Knowing and organizing who has access to what in your Office 365 environment is essential to security best practice. As most breaches come from internal errors or inappropriate access, getting on top of your Permissions management is something you can’t overlook.
- Manage Object Permissions
Object permissions order the bottom-level access that your users have when it comes to creating, reading, editing and deleting pieces of content within your Office 365 environment. It’s important to know that you can organize your content access in Office 365 down to individuals having access to individual files. This, in theory, gives you a much better hand over your file access, meaning members of the same team can have different access to files in their team site. Being aware of this will strengthen your ability to limit access to important data without reducing productivity for those who need access.
- Broken inheritance reports
As SharePoint Online is hierarchical, your sub sites will naturally inherit permissions from a parent site within your site collections. Broken inheritance is where sites, lists, libraries list items or files don’t inherit permissions from a parent site. This can happen when a user is invited to access a site and is made a member of the members group. Because members are usually granted editing permissions, this newly invited user has the power to delete lists or other undesirable actions (whether on purpose or by mistake).
The important thing to note here is that running broken inheritance reports will allow you to see where, how and why broken inheritance exists, and again give you a better overview of who has access to what across your environment. Check out a helpful post from Microsoft here.
- Administer Administrator rights
Your global administrator has the power of complete control over the entire Office 365 suite of products. If that’s you, depending on the size of your company, you may need some help managing the platform across your business. To do that you can assign users to several admin roles: for example, if you needed help resetting passwords you could assign a colleague to the password administrator role, and so on. Here’s a great overview of how to assign roles. The thing to remember here is you need to keep track of who has which rights. If their roles change or if they leave the company, their rights need to change accordingly.
- Monitor External Sharing
These days we work with third party businesses on a regular basis. That means you may often need to allow access to certain information in your Office 365 environment. Monitoring this is the important thing. Similar to other permissions you have to manage internally, making sure your third parties only have access to appropriate documents—and knowing when that access isn’t needed any longer—is the key here. Here’s a really great post we recently published that tells you everything you need to know about the right type of external sharing in Office 365.
- Security auditing
One of the more vital ways to keep your environment secure is to run specific audit reports across your environment’s security. SharePoint in Office 365 comes with built-in audit reports so you can see who last viewed a file, deleted an item or edited a piece of information in your document library. This is an important aspect of your security because you can take the right action on security breaches—whether they were accidental or intentional. These audit reports are disabled by default, so you’ll need to enable them before a security breach. And once you do, they need to be configured correctly for each site collection. Also, watch out for trying to audit everything—that can really slow your system down.
Get cracking today
There you have it. We hope now you have a better appreciation of why Office 365 security is important to consider for the sake of your business, and you can get started with our best practice recommendations.
We would like to thank Sharegate for this great post and contribution to our blog.
Sharegate software is designed with simplicity and a happiness-driven attitude. With over 10,000 clients across 90 countries, Sharegate has grown to be the leader in SharePoint & Office 365 management around the world.
Diversus is a reseller and implementation partner of Sharegate products.