Microsoft on Tuesday unveiled several upcoming Office
365 improvements, including mobile device management (MDM) and data loss
protection (DLP) controls.
The announcements were made during the Day 1 keynote of
the Microsoft TechEd Europe conference, taking place this week in Barcelona.
Julia White, general manager of Microsoft Office, took the stage to demonstrate
the ability to connect the cloud-based Azure
Active Directory (AD) service with an on-premises Active Directory in "six
clicks" during a setup process. With Azure AD in place, IT pros can have
their security and auditing
functions in one place, she said.
White also described the ability to edit policies for MDM.
The policies get embedded into managed apps, such as Office for iPad apps, she
said, and the capability will be "natively built into Windows 10."
For instance, IT pros can set copy and paste restrictions on managed apps to
protect company data.
White also talked about the coming DLP capabilities. With
DLP, IT pros have access to Office 365 console reports, which show the rules
that can be set up. They also show if users are trying to override the rules.
If they are, IT pros can modify the policies to add additional restrictions, if
wanted. For instance, restrictions can be set regarding the disclosure of
credit card information. Alerts can be set up, as well. End users will get
policy tips, so they will become aware of the policy restrictions set by IT.
These Office 365 capabilities are being rolling out at
various times, but the target date seems to be the first quarter of next year.
Data Loss
Prevention
Microsoft already has some DLP capabilities in its
OneDrive for Business and SharePoint Online services, including an e-discovery
capability. However, the capability to add policy restrictions that can block
and restrict access to content will be rolled out in these apps "in the
coming months," according to a Microsoft blog post on DLP.
The first app to get the new DLP controls will be Excel,
followed by Word and PowerPoint. DLP will work "natively" in Office
applications, Microsoft is promising, and the protection scheme will work at
the file level, as well as for e-mail, document libraries or OneDrive for
Business folders.
IT pros will have access to built-in DLP templates to add
rules. They can review incident reports showing attempted policy overrides.
Additional policy controls for Office 365, such as information rights
management, will arrive in the first quarter of 2015.
File
Classifications
Microsoft also plans to extend its file classification
infrastructure capability of the Windows File Server to Exchange Online,
OneDrive for Business and SharePoint Online, starting in the first quarter of
2015. Office documents can be classified using this scheme and policies can be
set to avoid information disclosure.
OneDrive for Business and SharePoint Online also have
"advanced encryption at rest," which is a capability that Microsoft
calls "per-file encryption." Per-file encryption creates a key for
every file stored. It also creates a new key for any variants of those files.
Mobile Device
Management Capabilities
Microsoft is planning to roll out its new MDM
capabilities for Office 365 in the first quarter of 2015. Some of these
capabilities are being built into Office 365 management, but other capabilities
will be available through Microsoft Intune.
A Microsoft MDM blog post outlined the following Office
365 MDM capabilities:
·
Ability to set security policies for devices
that connect to Office 365.
·
Ability to set specific security policies for
devices, such as "device level pin lock and jailbreak detection."
·
Ability to set "selective wipe," which
allows corporate data to be removed remotely, while retaining personal data on
a device.
·
Ability to have MDM management built
"directly into productivity apps," which avoids having to set
all-in-one management policies across apps.
·
Ability to manage MDM policies through the
Office 365 administration portal.
Microsoft is planning to add these new MDM capabilities
to its Office 365 "Business, Enterprise, EDU and Government plans."
Microsoft Intune
Enhancements
Microsoft Intune optionally will add other MDM
capabilities for Office 365 users. It's not quite clear when those capabilities
will be available, but Microsoft listed them as follows:
·
Ability to restrict user actions, such as copy
and paste, including the ability to set policies for line-of-business apps
using the Microsoft Intune app wrapper.
·
Ability to control the viewing of content via
the "Managed Browser, PDF Viewer, AV Player and Image Viewer Apps."
·
Ability to integrate Microsoft Intune with
System Center 2012 Configuration Manager for a single-console MDM view.
·
Ability to automatically provision enrolled
devices, which will automate the deployment of "certificates, Wi-Fi, VPN
and email profiles."
·
Ability to bulk enroll corporate devices.
·
Ability to provide end users with a
"self-service Company Portal," which allows them to enroll their
devices and install their own apps.
On top of that Office 365 news, veteran Microsoft
reporter Mary Jo Foley has reported from the TechEd Europe event that Microsoft
plans to release the next version of the Microsoft Office suite, which she
called "Office 16 for Windows," in the "second half of
2015."
No comments:
Post a Comment