New OneDrive and SharePoint Online Security Features in Microsoft 365

Earlier this month, Microsoft announced the rollout of new security features that will be included in the updated Microsoft 365 license, available for purchase February 1st. While many of the features in the package won’t have an immense impact on Microsoft’s cloud services, these new security features promise to help organizations working in OneDrive and SharePoint Online defend their content and maintain compliance with a vast number of data protection regulations. As the cloud becomes more and more popular, providers are recognizing the need for the very best security tools, and Microsoft has frequently led the way here. Based on the information provided about these additions, it’s likely that this trend will continue.

The company has divided the tools into two different packages, each with separate pricing: “Identity and Threat Protection,” and “Information Protection and Compliance.” The former promises to unite security for EMS, Windows 10, and Office 365, and includes Microsoft’s Cloud App Security feature (the standalone version of the tool is being retired). Cloud App Security allows administrators to carefully monitor data from applications and cloud services in an effort to predict threats and diminish the problem of shadow IT within a business. With highly advanced analytics and the ability to detect threats such as ransomware–which might otherwise go unnoticed–CAS ensures that all cloud services are secure for users, and compliant with regulations. In addition to CAS, Microsoft is looking to include Office 365 Advanced Threat Protection with its basic Threat Intelligence packages, giving businesses a more robust set of tools for eliminating hazards.

Diagram of Microsoft 365 line up

For those with limited familiarity with ATP, it’s one of the most useful tools for organizations relying on SharePoint Online or OneDrive for Business. When ATP identifies a file as malicious or corrupted, it will immediately lock the file. This means that, while users can see the file, they won’t be able to open it, edit it, move it or download it. Blocked files, however, can be deleted (and admins have the ability to change ATP settings so that, in certain cases, the file can still be downloaded).

ATP scans files asynchronously, so not all files are scanned at any given time. Rather, ATP plans its scans based on factors like how often or how recently a file has been accessed or edited. All blocked files will be included in reports that ATP sends to administrators and IT personnel. ATP is an integrated part of the security tools inherent to OneDrive and SharePoint Online, however, Microsoft cautions that those organizations who make use of ATP for SPO ensure that everyone is using the “Modern Experience.” While the Classic SPO does still support ATP, the icon denoting that a file has been locked will not appear to users working in that view

Also included will be the Azure Advanced Directory, which has an exciting new feature of its own.

For organizations that want an extra level of security, Azure AD will now provide users with a one-time code, sent to their email, when they attempt to log in to their environment. Once they provide the code, they’ll be granted access. For some this may sound like a hassle, but the protection it provides is immense, and admins can change the settings so that users aren’t automatically logged out when they close a window, meaning they won’t have to enter five or six different codes a day.

Where this new feature is especially helpful is when it comes to external collaboration. The Azure AD application can send a code to a user who needs access to a piece of content from outside of an organization, and because the code is one-time, admins don’t need to worry about having to manually revoke the external user’s access once the collaboration is finished. With this, external sharing and collaboration are much easier to monitor, and anxieties about the potential of an external user making inappropriate use of their access are diminished.

The Information Protection and Compliance “bundle” is–in Microsoft’s words–”designed to help compliance and IT teams perform ongoing risk assessments across Microsoft Cloud services, automatically protect and govern sensitive data throughout its lifecycle, and efficiently respond to regulatory requests leveraging intelligence.” Much like with its Identity Protection package, Microsoft will be including tools specific to both the Office 365 cloud environment and Azure (through the AD application). Compliance is a major concern for organization’s working in the cloud, and Microsoft’s OneDrive and SharePoint Online platforms have always recognized that. With these new features, the ability of IT to recognize potential compliance issues is enhanced, and it’s easier for these personnel to analyze the mountains of content stored in a given cloud environment for possible violations of regulations.

2019 is already looking like a promising year for those working in OneDrive or SharePoint Online. With these new security features, monitoring essentials such as compliance, and identity protection will be easier than ever. With their debut just around the corner, those considering a migration to Office 365 will likely want to pay close attention. Security is a cornerstone of success in the cloud, and for OneDrive and SharePoint Online users, they’re set to receive a brand new arsenal.