Cloud Services you can trust: Security, Compliance, and Privacy in Office 365

Hello!

This is Paresh once again. I've been asked by number of customers about the security of their data while choosing office 365 services as their preferred services option in cloud. Hence, I thought rather repeating my talk here, let the Microsoft team address the concerns of customers about the data security. Please read below blog by Microsoft. Good news is Microosft is about to build data centres in India which should give relief to some customers. 

Source of information: microsoft's office blogs

Written by: Office 365 Team

When you make a decision to place your trust in a cloud services provider for productivity services, security, compliance, and privacy are top of mind. With over a billion customers on Office and decades of experience running online services, we understand what it takes to earn and continue to maintain your trust and confidence in Office 365.

Our construct for security, compliance, and privacy in Office 365 has two equally important dimensions: Built-in capabilities that include service-wide technical capabilities, operational procedures, and policies that are enabled by default for customers using the service; and Customer controls that include features that enable you to customize the Office 365 environment based on the specific needs of your organization.

We will look at Built-in capabilities and Customer controls for each of the key pillars of trust – Security, Compliance, and Privacy – in more detail below.

Security

Security of our customers’ information is a key trust principle. We implement policies and controls to safeguard customer data in the cloud and provide unique customer controls that you can use to customize your organizational environment in Office 365.

Built-in capabilities

As an Office 365 customer, you will benefit directly from in-depth security features that we have built into the service as a result of experience gained from years of building enterprise-grade software, managing a number of online services and billions of dollars in security investments. We have implemented technologies and processes that are independently verified to ensure high security of customer data.

Some key aspects of our built-in security capabilities are:

Physical security – We monitor our data centers 24/7 and we have technologies and processes to protect our data centers from unauthorized access or natural disasters

Security best practices -We use best practices in design like Secure Development Lifecycle and operations like defense-in-depth to keep your data secure in our data centers

Data encryption – Every customers’ email content is encrypted at rest using BitLocker Advanced Encryption Standard (AES) encryption

Secure network layer – Our networks are segmented, providing physical separation of critical back-end servers from the public-facing interfaces at the same time our Edge router security detects intrusions and signs of vulnerability

Automated operations like Lock Box processes – Access to the IT systems that store customer data is strictly controlled via lock box processes. This access control mechanism is similar to a system where two people have to turn the key for an action to be allowed.

Customer controls

As a result of Office 365 offering productivity services to a wide range of industries, we have built both features and choices that you can control to enhance the security of data based on the needs of your organization.

Some key aspects of our customer controls for security are:

Exchange Hosted Encryption – Enables delivery of confidential business communications safely, letting users send and receive encrypted email directly from their desktops as easily as regular email.

S/MIME - Enables encryption of an email messages and allows for the originator to digitally sign the message to protect the integrity and origin of the message. As part of our continued investment in security technologies that Government and Security conscious customers care about, we are adding support for S/MIME for Office 365 in the first quarter of Calendar Year 2014.

Rights Management Services – Enables a user to encrypt information using 128-bit AES and use policies on email or documents so that the content is appropriately used by specified people.

Role based access control – Allows administrators to enable access to authorized users based on role assignment, role authorization and permission authorization.

Exchange Online Protection - Allows administrators to manage your company’s Anti-virus and Anti-spam settings from within the Office 365 administration console.

Identity Management - Provides organizations with various options for identity management such as cloud based identity, identities mastered on-premises with secure token based authentication or hashed passwords to integrate into the Office 365 identity management system based on the security needs of your organization.

Two factor Authentication – Enhances security in a multi-device, mobile, and cloud-centric world by using a second factor, such as a PIN, in addition to the primary factor which is identity.

Compliance

Another key principle of Office 365 trust is Compliance.  It is expected that commercial organizations have regulations and policies that they must comply with to operate businesses in various industries. These policies can be a mix of external regulatory requirements that vary depending on industry and geographical location of the organization and internal company-based policies.  Office 365 provides built-in capabilities and customer controls to help customers meet both various industry regulations and internal compliance requirements.

Built-in capabilities

Office 365 stays up-to-date with many of today’s ever-evolving standards and regulations, giving customers greater confidence.  To bolster this and to continue earning your confidence, we undergo third-party audits by internationally recognized auditors as an independent validation that we comply with our policies and procedures for security, compliance and privacy.

Some key aspects of built-in compliance capabilities are:

Independently Verified - Third party audits verify that Office 365 meets many key world-class industry standards and certifications

Control framework - We follow a strategic approach of implementing extensive standard controls that in turn satisfy various industry regulations. Office 365 supports over 600 controls that enable us to meet complex standards and offer contracts to customers in regulated industries or geographies, like ISO 27001, the EU Model Clauses, HIPAA Business Associate Agreements, FISMA/FedRAMP

Comprehensive Data Processing Agreement - Our Data Processing Agreement comprehensively addresses privacy and security of customer data, helping customers comply with local regulations

Customer Controls

We provide Compliance controls within the service to help our customers comply based on the policy needs of their organization.

Some key customer controls for compliance are:

Data Loss Prevention – Helps customers to identify, monitor and protect sensitive data through content analysis

Archiving – Allows organizations to preserve electronically stored information retaining e-mail messages, calendar items, tasks, and other mailbox items

E-Discovery – Permits customers to retrieve content from across Exchange Online, SharePoint Online, Lync Online, and even file shares

Privacy

Privacy is our third trust principle.  As more and more customers are relying on online service providers to keep their data safe from loss, theft, or misuse by third parties, other customers, or even the provider’s employees, we recognize that cloud services raise unique privacy questions for businesses.

To meet your needs, we are continually developing technologies to enhance privacy in our services. We call this privacy by design – which is our commitment to use best practices to help protect and manage customer data.

Built-in Capabilities

Key built-in capabilities and principles of Privacy in Office 365 are:

No Advertising – We do not scan email, documents, build analytics or data mine to build advertising products. In fact, we do not use your information for anything other than providing you services you have subscribed for.

Data Portability – As an Office 365 customer, your data belongs to you, and you can export your data at any time with no restrictions. We act only as a data processor and provider of productivity services, not as a data owner

Notice and Consent – When we act upon your data, we let you know why and we ask for permission in advance or redirect any enquiries to our customers unless legally prevented to do so.

Breach Response – We have strong, tested and audited processes to inform you if there is a breach and remediate issues if they occur.

Data Minimization – We strive to minimize the actual amount of customer data that our internal teams have access to.

Customer Controls

In addition to built-in capabilities, Office 365 enables you to collaborate through the use of transparent policies and strong tools while providing the distinct ability to control information sharing.

Some examples of customer controls for privacy are:

Rights Management in Office 365 - Allows individuals and administrators to specify access permissions to documents, workbooks, and presentations. This helps you prevent sensitive information from being printed, forwarded, or copied by unauthorized people by applying intelligent policies

Privacy controls for sites, libraries and folders- SharePoint Online, a key component service of Office 365 that provides collaboration functionality has a number of privacy controls. One example is that SharePoint Online sites are set to “private” by default. A second example is that a document uploaded to a SkyDrive Pro is not shared until the user provides explicit permissions and identifies who to share with.

Privacy controls for communications - In Lync Online, another key component service that provides real time communications in Office 365, there are various administrator level controls as well as user level controls to enable or block communication with external users and organizations. One example is blocking access to federation in Lync. Similarly there are controls throughout the service for the admins and users to ensure privacy of their content and communications.

At Microsoft, we have been building Enterprise software for over two decades and we run over 200 online services. We bring all of this experience to Office 365 to give you industry leading capabilities in security, compliance and privacy. In addition, we take the advantage of scale and continuous feedback from providing services to a diverse customer base across industry and geography to constantly learn and improve the Office 365 services. Security, Compliance and Privacy are the key pillars of the Office 365 Trust Center (the other two pillars being Transparency and Service Continuity). Customers can have confidence that Microsoft is a thought leader and will continue to make deep investments to protect customers in the cloud.

Extended email retention for deleted items in Office 365

Source of information:Office blogs 

Written by: Microsoft office 365 team 

We’ve all been there, you search for an email or calendar invite in Outlook only to find that it isn’t there anymore. Until now deleted items were moved into the Deleted Items folder, then they would disappear after being in that folder for 30 days. With this update, the length of time items remain in the Deleted Items folder is extended to indefinitely or according to the duration set by your administrator. So that email or calendar invite you were looking for is still there if you search for it later—even if you accidentally deleted it.

If you are an Office 365 administrator, this means we’ll be updating the Default MRM Policy for everyone using Exchange Online over the next month. As an administrator, you also have control over this behavior. If you want to keep the 30-day policy or set a custom retention period, that can be done as well and you don’t even need to wait for the change. Also, if you have already created a custom MRM policy, (as long as it has a name other than “Default MRM Policy”), you don’t need to do anything and the change will not impact you.

Create a custom retention policy

You can either edit the name of the Default MRM Policy or create a new policy to opt out of this change. To change the policy name in Office 365 navigate to Office 365 Admin >Exchange admin center > compliance management > retention policies. Next, select Default MRM Policy, click the edit icon and then change the name of the policy.

Exchange admin center for compliance management and retention policies.

Editing experience for retention policies.

Now your policy will not be overwritten and will maintain the settings you’ve specified.

Frequently asked questions

Q. Will this be only for new users or will this policy change for all my users who are already in Office 365?

A. This change will affect all existing and new users in your Office 365 tenant who have been assigned the Default MRM Policy.

Q. What if I customized the Default MRM Policy with other settings and properties, but did not rename it?

A. Modifying the properties in the Default MRM Policy alone will not exclude it from being overwritten by this change. If you have customized your Default MRM Policy and kept the original name, the change will still apply.

Q. Does this policy apply to the Recoverable Items folder?

A. No the change does not apply to the Recoverable Items folder. It is only for the visible Deleted Items folder.

Q. If I already have a custom retention policy, will it also be changed to this new default? 

A. No, custom policies that you have created will not be modified. For example, if the admin has added extra tags, modified the retention period, modified retention enabled of an existing tag etc. the new behavior will not be enforced.

Q. Does this change affect “Move to Archive” actions on the Deleted Items folder?

A. No, this change will not affect any explicit tags set by the users on items in the Deleted Items folder.

Q. If there is a “Move to Archive” action on the Deleted Items folder will that be affected?

A. No, the change will not affect any “Move to Archive” actions on the Deleted Items folder.

Q. Will this change apply both to the primary and personal archive mailbox Deleted Items folders?

A. Yes, the change will apply for the Deleted Items folder in both the primary and archive mailbox.

Q. Will this change affect a Litigation Hold or In-Place Hold?

A. No, this will not an affect Ligation Hold or In-Place Hold.

Q.  How is Microsoft implementing this change?

A. We are instructing the system to ignore the 30 day delete tag on the Deleted Items folder if the retention policy’s name is “Default MRM Policy.” This is why changing the policy name will ensure that the tag continues to work. We are not removing or disabling the tag.

Introducing Panasonic Toughbook and Toughpads - Available in India Now.

Dear Sir / Madam

I am happy to tell you that Sujata Computers Pvt Ltd has been appointed a distributor for “toughbooks” and “toughtpads” of Panasonic and now it is available in India. 

Toughbooks are laptops, Toughpads are tablet-pcs which are rugged and can be used under extreme or harsh environment. They can be used in noisy environment, in an dusty air or when it is drizzling. Obviously, as the name suggests they are built by tougher material than the traditional commercial laptops and tablet-pcs.

Please reach out to us for discussion or for a demo –

Email - Himanshu.a@sujataindia.com | paresh.lodha@sujataindia.com

Mobile - +91-8805162400 | +91-7276000222

Check out full range of Toughbooks and Toughpads here -

http://in.panasonictoughbook.asia/computer-product/introducing-the-full-toughbook-range

Microsoft Project 2013 - Training and Licensing Explained - Sujata Computers Pvt Ltd

Hi!

A lot has happened in last one week for Sujata - We started our operations in Singapore which is our second overseas operations after Dubai. Secondly, we have been appointed as a distributor by Tally for Maharashtra State. And lastly, we organized two wonderful events for our customers in Pune and in Kolhapur fully sponsored by Fortinet, thanks to Fortinet team for that. 

Today is a pleasant day here in Pune and as I write, India has managed to bat against South Africa as per the plan to put up a decent score in the Cricket WC 2015. That makes my day better. Question comes to my mind if BCCI uses Microsoft Project to manage Indian Cricket Team's plan for the match, This blog is about Microsoft Project licensing and the training that you can opt for. Training will be done by Sujata's team if you are not buying Software Assurance services along with the licenses. 

Sujata Computers Pvt Ltd is a 14 years old Microsoft Gold Partner and a Microsoft Cloud Accelarator Partner headquartered in Pune, India.

What are the editions and version available in Microsoft Project?

Currently, Microsoft offer Project 2013 as a subscription license that is cloud and as a perpetual license.

If you are buying Microsoft Project for less than five users, I recommend you to buy retail pack license as it will be cheaper as compared to Volume License. 

Microsoft offers three different editions under on-premise perpetual licenses for Project Portfolio Management (PPM) and everyday work, enabling you to effectively execute and achieve strategic priorities. 

Perpetual licenses editions are  - 

1. Project Professional - This license type is recommended to a 'Project Manager'. Someone who wants to allocate resources to the project, prioritize work, define timeline etc. 
2. Project Standard - This license type is recommended to a 'Team Member' or someone who's managing project as an 'individual' and there is no team. Someone who is working on a project and updating the status of the tasks that have been assigned to him/her. Someone who manages only tasks and not a team or not a whole project. 
3. Project Server-CALs - Like any other Microsoft server product licensing, Project server is recommended to be bought along with the CALs (Client Access License) equal to either number of users or device accessing the Project Server. 


Important Note - Pre-requsite for Microsoft Project Server license deployment is - 1) Microsoft SharePoint Enteprise Server-CALs licenses 2) Microsoft SQL Server-CALs licenses. Without these two licenses, Microsoft Project Server licensing does not get complete.  

This license type is recommended in a scenario where there are multiple projects need to be collaborated with each other and there is information being shared between different projects. 
So in this case apart from pre-requisite licenses, client would need to buy 1 Project Server license for 1 server deployment each, 1 CAL for either device or user each, 1 Project Professional license for each of the project manager, 1 Project Standard license for each of the team member. Note - Project Professional license do come in bundle offering with CAL license so client does not need to buy CAL separately for Professional license assuming you are buying under Microsoft Volume Licensing. 

Cloud editions of Microsoft Project 2013 are - 

1. Project Online - Usage wise this one is very much equivalent to Project Server on-premise but it is hosted out of Microsoft Cloud/Data-center so one does not have to deploy or manage. One also does not need to procure pre-requisite licenses which can save lot of cost to the client. All this means is that client does not have access to the hardware of Project and hence the direct access to the database. This is recommended to the client who does not mind having data stored at Microsoft's data center and does not want to invest into Project Server licensing but wants to use functionality of it. Also, does not mind logging into browser to use Project. I have elaborated technical difference between Project Server and Project Online later in this blog. 
2. Project Pro for Office 365 - Client can add Project Professional license to Office 365. Functionality remains same as Project Pro on-premise as mentioned above. It is meant for 'Project Manager'. It has to be used through a web-browser.
3. Project Online with Project Pro for Office 365 - As the name itself suggests, this one is a license that gives you functionality of both Project Online and Professional. This is recommended for a 'Project Manager' using Project under Project Online subscription. That means organization has subscribed for Project Online and the user is a manager who will be creating and managing the project in it so he also needs Project Professional functionality.

Whether to buy Cloud/subscription license or on-premise/perpetual license - 

Cloud is recommended for customers who are looking for - 

1. yearly or monthly payment options
2. always wants to use latest version released by Microsoft

Perpetual licenses are recommended to the customers who want to do one-time investment and do not necessarily want to use the latest version of Project always. They can still opt for Software Assurance (SA) if they want to take the version upgrade at a later point of time after the purchase of the licenses.

Project Online vs. Project On-Premises. Which should I choose?

If you are looking for an environment where you do not have to worry about technical maintenance then consider a Project Online environment.

If you are looking for an environment where you can have SQL query access to the databases and where you have full control over the content then consider an On-Premises Solution.

The chart below shows some additional differentiators between Project 2013 On–Line and Project 2013 On – Premises environments.

Key differentiators between Project Server 2013 On Line and Project Server 2013 On Premises

 

Differentiator	On Line	On Premises
Administrative backup and restore for Projects (used to restore a slightly older version of a project without pulling a tape and impacting an entire organization)		x
Archival Environments to retain data		x
Multi-Dimensional Olap Cubes		x
Direct access to SQL Server Databases and OLAP Databases		x
Direct SQL Query Access to Project Server and SharePoint Databases		x
Team Foundation Server Connectivity (including 2012) (Note: The version of Project used must have the Team Foundation Server extensions installed. These extensions are not present, out of the box, in the online version.)		x
Standard Windows Installation (MSI)		x
Event Handlers can use both full trust event handlers and remote event receivers		x
Full access to PSI and CSOM		x
Access to ULS Logs By default ULS Logs are located at  C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\15\LOGS directory		x
As a result of full access to the databases, PSI and CSOM there is more flexibility for Business Intelligence, Dashboards, and Reports		x
Recycling Bin for documents, projects, and sites        Note: –Caution should be exercised when emptying the recycle bin. Once a project or a site is deleted from the recycle bin. It is deleted (gone) and cannot be recovered.	x	x
Project Web Applications (Add applications to PWA)	x	x
SharePoint Permission Mode or ProjectServer Permission Mode	x	x
Monitoring Enhancements	x	x
SharePoint Designer for workflows	x	x
No database administration	x
Security handled by Microsoft	x
Latest and greatest service packs and cumulative updates	x
Click-to-run installation	x
No direct access to SQL Server and OLAP Databases (Reporting is done via OData)	x
Access using CSOM (Note: PSI interfaces do not support O- Authentication)	x
Event Handlers require remote event receivers	x
Extensibility is accomplished via the use of the SharePoint Extensibility Model – (as a result there is no full-trust code)	x

Download Training Options Available with Us - 

https://onedrive.live.com/redir?resid=C9095231E7A1B4D4!132&authkey=!AH_PF8iapIOZhhs&ithint=folder%2cpdf


More Resources :

1) Project Licensing Microsoft Home Page - https://products.office.com/en-us/project/microsoft-project-licensing
2) Project Top Features - https://products.office.com/en-us/Project/project-top-features
3) Videos and demos of Microsoft Project 2013 - https://technet.microsoft.com/en-us/library/ff628958.aspx
4) Feature and Function comparison between Project Online and Project Server - https://technet.microsoft.com/en-us/library/dn268595.aspx



Hope this has given you a decent idea about Microsoft Project licensing and how to choose the correct edition for yourself. Still, if you have any doubt, please feel free to call me or write to me. I will be happy to provide you free guidance - 

Paresh Lodha
+91-7276000222
Paresh.Lodha@sujataindia.com

Microsoft server 2003 end of life - Webinar

Which one will serve you better Upgrade or lose the advantage Dear Sir/Madam, Starting July 14, 2015, Microsoft will end all support and updates for Windows Server 2003. As your trusted advisor and partner, we’re hosting an exclusive series of webinars to help you with a smooth transition from Windows Server 2003. The last webinar focused on the process of migration. The upcoming webinar, to be held on February 19, 2015 will detail out the practical considerations and best practices of migration from Windows Server 2003. We will also take you through the licensing options available. Register for the webinar now and stay ahead in the game. Regards, Microsoft Team Webinar Details: Date: February 19, 2015 Time: 3:00 pm to 4:00 pm Hosted by Nirmal Puranik Solution Specialist, Datacenter at Microsoft Manpreet Madaan Director, Volume Licensing, Microsoft Learn more about your migration options

Improve Your Marketing with Standardized E-mail Signature

Hi All IT and Marketing Managers !

Have you ever seen that your colleague has used weird email signature that doesn't only irritates you but chances are that it will leave a bad impression on customers?

Have you ever thought that you can use email signature to do marketing? or its an integral part of marketing but managing it is difficult in your organization?

We have brought the solution for you!

Sujata is happy to introduce itself as an authorized reseller for Exclaimer Signature Manager Exchange Edition which is the award-winning signature software solution for Exchange 2013/2010/2007 that automatically adds professional email signatures to all corporate mail.

1.  Centrally manage all your organization’s email signatures processed by Exchange.
2. Get consistent signatures on all email with auto-completed details like names, departments and job titles pulled from your Active Directory.
3. Design the perfect email signature template with logos, legal disclaimers, marketing banners, social media links and more.
4. Vary email signatures for different teams and departments.
5. Get full HTML signatures on all devices including mobiles (iPhone, Blackberry, Android devices, iPad etc.).
6. Easily update and distribute every signature in your organization with a single click via Exchange.
7. End users don’t have to do anything to receive a new email signature.

  Solution is best suited for organizations that want to look professional in the e-mail. It can be from any industry. 

Cost is very much affordable to enterprise and SMB customers. 

Example e-mail signature

For more details, please call - Mr.Paresh Lodha - +91-7276000222 or write to sales@sujataindia.com and paresh.lodha@sujataindia.com 

Thank you!

Security From Symantec For Manufacturing Industry - Sujata Computers Pvt Ltd

Hi!

This is Pushkar Nath, Sujata's Data Security Specialist. This blog is for CXOs in Manufacturing Industry to understand what data security threats are around us and how to keep the data safe from the threats.

In today’s tech savvy world, where systems are getting automated, it is leaving vulnerable points which render an organization prone to data leak. We will do critical analysis sector wise to pinpoint the leak points and ways to plug them. Today I am picking up manufacturing sector for critical analysis

End Users – It can be anyone designing team, people from R&D department, data entry executive, receptionist etc. There is possibility of malware infection through internet and spreading it in local area network and crashing down the entire network. Apart from that it might be possible that they might try to send documents or critical organization data through USB, mails or web. This can be prevented by using Antiviruses, data loss prevention, web and Messaging gateway protection. Hard disc, file and folder and removable USB level Encryption

Accounts/Finance Department – This department handles one of the most critical assignments of an organization and that is to manage the entire financial dealing and transactions. Any leakage of financial details might prove detrimental to the organization. This department is prone to phishing attack. . Antiviruses, data loss prevention, web and messaging gateway protection, Hard disc, file and folder and removable USB level Encryption  endpoint to endpoint encryption with two factor authentication will provide adequate security to this department.

Human Resource department – Human resource department has under its possession entire record of the employees. As manufacturing sector is labour intensive sector so every company has long list of labours doing blue collar and white collar jobs.  Companies doling out financial services are always on prowl for these type of database.  Security becomes necessary. Antiviruses, data loss prevention, messaging gateway protection, hard disc, file and folder and removable USB level Encryption becomes critical necessity of this department.

Sales and marketing Dept. – This department generates revenue for an organization. They have data of their clients and their requirements. As personals from this department remains mobile. So BYOD is gaining currency among them. . Antiviruses, data loss prevention, web and messaging gateway protection, Hard disc, file and folder and removable USB level Encryption  , gateway to end point mail  encryption , mobile device management, mobile application management coupled with two factor authentication will provide adequate protection to the devices, application and data.

IT Department – This department manages the entire IT infrastructure of an organization. It has to manage server infrastructure, networking, end points of the users.  Its role becomes critical in the sense that if it gets down then functioning of the entire organization will come down to notch. The first product which is of extreme importance for them is back up software for end points and servers. Second is archiving and third is solution for hardware and software inventory management.

Top management – This level of management is privy to secrets of all the above mentioned departments. Any IT admin can’t stop them from accessing there date/mails etc from their own device or from home. Security becomes critical as any intentional or unintentional loss of data, documents can have a devastating effect on the entire organization. Antiviruses, data loss prevention, web and messaging gateway protection, Hard disc, file and folder and removable USB level Encryption  endpoint  to end point  mail  encryption , mobile device management, mobile application management coupled with two factor authentication will provide adequate protection to the devices, applications and data.

Let me know if you have any concerns around the data security or you can get a free check up of your IT infrastructure and processes set for accessing the critical data within your organization from me and my team in Sujata.

Regards,
Pushkar Nath