Thursday, September 8, 2016

Answering common questions with Office 365 Part 1

I was recently lucky enough to present at the Australian Partner Conference 2016 with Microsoft and two other resellers. The focus of our presentation was around how to answer common user questions with Office 365 and the features that it includes.

What I thought I’d do is share these questions and answers over a few blog posts. So here is part one.

Customer question - I know a lot of businesses that are getting hit by this crypto locker malware where their documents are being encrypted and there are being asked to pay a ransom. I am really worried that one of my employees may inadvertently open an infected file and we'd be in the same boat as we get lots and lots of attachments every day. How can Office 365 protect me against that?

Office 365 already includes advanced malware protection in email by default. With the E5 license you also get:

Advanced Threat Protection

as well which includes the ability to open suspect attachments in a sandboxed environment to determine what happens and take the appropriate action. More details of these features can be found in this video:

By default, every time a document is updated in SharePoint Team Sites or OneDrive for Business the previous version is saved. Thus, if a file does become encrypted it can be quickly rolled back to a previous version.

At the moment, if multiple files do become encrypted and uploaded there is no single command sequence that would allow you roll back multiple files. Unfortunately, rolling back to a previous version has to be done one file at a time. However, as I understand it, Microsoft is working on a process to roll back multiple files via a single command. I also believe it is possible to do this using advanced scripting (aka PowerShell).

Exchange Online also allows you to create rules to automatically exclude certain attachments and quarantine them before they are delivered to end users. A good reference is:

Reducing malware threats through file attachment blocking

You can also use a third party mail cleansing service, such as Mailguard, in front of Exchange Online.

Of course, the best best protection that you can have is informed and paranoid users. Part of any security policy for a business needs to be education not abdication of this to technology. Technology is not 100% reliable, there is always the chance of some attack slipping through the protective technology security net that is erected around the business. On the odd occasion that this should transpire if it greeted with informed and paranoid users then the chance of the payload being delivered, and the business being interrupted, is much lower. You know, an ounce of prevention and all that.

Office 365 provides some excellent protection by default. The premium Office 365 licenses provide better protection. Appropriate configuration and user education provide even more protection. Finally, there is always the option to integrate third party solutions.