Interlink Cloud Blog

facebooktwitterlinkedin

Matt Scherocman

How Does Archiving in Office 365 Work?

Immutability is the industry-standard term for “preserving data in the system so that it is discoverable, and cannot be destroyed or altered."

With Exchange Server 2016, and Exchange Online, Microsoft enables organizations to preserve individual or all mailbox items for discovery natively, keeping those items within the Exchange infrastructure. This approach is called, In-Place hold.

One significant benefit of hold as opposed to separate, read-only storage is that items are preserved within the Exchange infrastructure, preserving more of the information including metadata and making management easier for IT admins. Users benefit because they can manage their mailboxes using the familiar Outlook interfaces. From an IT-perspective, In-Place Hold eliminates the necessity and complexity of maintaining a separate infrastructure and potentially storage for Exchange items.

Exchange gives organizations the flexibility to choose the architecture that can help meet their immutability requirements whether that is on-premises, online, or a hybrid of both, and supports the ability to store archived items in a separate physical location.

In Exchange Online, you can use In-Place Hold or Litigation Hold to accomplish the following goals:

  • Enable users to be placed on hold and preserve mailbox items immutably
  • Preserve mailbox items deleted by users or automatic deletion processes such as MRM
  • Protect mailbox items from tampering, changes by a user, or automatic processes by saving a copy of the original item
  • Preserve items indefinitely or for a specific duration
  • Keep holds transparent from the user by not having to suspend MRM
  • Use In-Place eDiscovery to search mailbox items, including items placed on hold

Additionally, you can use In-Place Hold to:

  • Search and hold items matching specified criteria
  • Place a user on multiple In-Place Holds for different cases or investigations

How does Litigation Hold work?

In the normal deleted item workflow, a mailbox item is moved to the Deletions subfolder in the Recoverable Items folder when a user permanently deletes it (Shift + Delete) or deletes it from the Deleted Items folder. A deletion policy (which is a retention tag configured with a Delete retention action) also moves items to the Deletions subfolder when the retention period expires. When a user purges an item in the Recoverable Items folder or when the deleted item retention period expires for an item, it's moved to the Purges subfolder in the Recoverable Items folder and marked for permanent deletion. It will be purged from Exchange the next time the mailbox is processed by the Managed Folder Assistant (MFA).

When a mailbox is placed on Litigation Hold, items in the Purges subfolder are preserved for the hold duration specified by the Litigation Hold. The hold duration is calculated from the original date an item was received or created, and defines how long items in the Purges subfolder are held. When the hold duration expires for an item in the Purges subfolder, the item is marked for permanent deletion and will be purged from Exchange the next time the mailbox is processed by the MFA. If an indefinite hold is placed on a mailbox, items will never be purged from the Purges subfolder.

The following illustration shows the subfolders in the Recoverable Items folders and the hold workflow process.

Archiving in Office 365

See this technet article for additional information, or you can view the general sales site from Microsoft here.

Contact Interlink today for help in defining your needs, which licensing options would be the best fit, and actually getting the service configured correctly to ensure the right data is being kept and deleted.  

Matt Scherocman

Six Reasons Microsoft Azure SQL Database Provides the Best Data Security Around

Six Reasons Microsoft Azure SQL Database Provides the Best Data Security Around

Companies leveraging the cloud for business have a multitude of options. They also have a lot of security concerns when transitioning their data to the cloud. Microsoft has built on the SQL Server foundation, bringing a new level of security to help ease the mind of these cloud-driven companies with six enhancements. All of which are crucial reasons to consider Microsoft Azure SQL Database as your company’s cloud platform of choice:

  1. Always Encrypted: Exactly how it sounds, Always Encrypted means your data remains encrypted…all the time to help you protect sensitive data. Data is encrypted in transit, in memory, on a disk, and during query processing.

  2. Transparent Data Encryption: For those of us constantly keeping up on compliance regulations and requirements, this encrypts databases with associated backups as well as transaction log files without needing changes to your applications. The audit trail is clear in order to stay in compliance while keeping data safe from any breach.

  3. Row-Level Security: This feature can limit access to individual rows of data based on a user's identity, role, or query execution context to ensure only the right people can view that data. This also simplifies the application code so that data isn’t accidently shared in any situation.



  4. Azure Active Directory (AD) Authentication: Different from SQL Authentication, Azure AD
    Authentication simplifies password management by allowing you to access a number of Azure services using the same identity. This does not compromise the level of security. It reduces the amount of IT time spends on retrieving lost passwords and login details while maintaining access control every step of the way.

  5. Dynamic Data Masking: Another, more sophisticated, form of encryption allows users to define masking patterns on actual database columns. For example, users can set a masking rule that masks all but the last four digits of any social security number in the result set of any query to ensure that sensitive data is truly safe.

  6. SQL Database Threat Detection: This feature alerts set users of any suspicious database activities automatically and complements Azure SQL Database Auditing, which records database events and writes audited events to an audit log in the Azure Storage account. 

    Microsoft Azure SQL Database Security

Both features are great examples of how users can monitor and quickly respond to risk. Advanced Threat Analytics is yet another approach to helping users stay ahead of sophisticated malware attacks.

Another (bonus) reason to consider Azure SQL Database that’s best shared through this diagram, courtesy of Microsoft Azure, is that SQL Server’s track record speaks for itself. When you’re in the cloud, you can’t be vulnerable and SQL Server lives up to that motto…six years running!

microsoft azure sql database unparalleded security

Data security in the cloud isn’t a set it and forget it process. It is a constant work in progress because the security risks keep changing and technology keeps advancing. Choosing Microsoft as your partner in mitigating those risks is a smart and educated decision in keeping your data safe.

Learn more about these security enhancements by downloading the Security and Azure SQL Database whitepaper and contact us at Interlink for more information.

SQL Modernization Assessment Ad

 

Matt Scherocman

Active Directory Federation Services (ADFS) vs. Password Sync

There are a number of different ways to provide Single Sign-On (SSO) in a Microsoft Cloud environment. The two most popular ways are: Active Directory Federation Services (ADFS) and Password Sync, which is part of the Azure Active Directory Connect  (DirSync) tool. Microsoft includes either technology within the Office 365 licensing. However, both tools require the proper Windows server licensing.

ADFS with federated login provides true Single Sign-On (SSO) with Office 365 whereas DirSync with Password Sync allows for Same Sign-On which implies users will be prompted for credentials when accessing Office 365 even in domain joined scenarios. ADFS also allows for better access control based on IPs, etc.

With DirSync with Password Synchronization, you enable your users to use the same password they are using to log-on to your on premise Active Directory to log-on to Windows Azure Active Directory. The users' accounts and passwords are authenticated by Office 365, but for SSO with ADFS, the credentials are authenticated by the on premise ADFS server.


Pros of ADFS

  • ADFS can be configured such that users who are already logged on to a domain joined and connected machine do not require any password re-entry to sign in at Office 365. This gives you true single sign-on since re-entry of the password is not required. With DirSync and password hash synchronization a user must still re-enter their password, although it will be the same password as they use on-premises.  This is especially important for SharePoint Online while users may need to go there dozens of times per day.
  • ADFS allows for client access filtering, which restricts access to Exchange Online to users based on their IP address. Customers frequently use this control to limit hourly workers to only checking mail while onsite. Find more details here: Can I Limit Access to Office 365 for Remote or Hourly Users?
  • ADFS will honor Active Directory configured login time restrictions for users.
  • ADFS can include web pages for users to change their passwords while they are outside the corporate network.
  • With ADFS the authentication decision is always made on-premises and no password hashes are synchronized to the cloud. This may be obvious but can be sometimes a security policy requirement.
  • With ADFS an administrator can immediate block a user to remove access where-as DirSync synchronizes these changes every three hours. Only password changes are synchronized by DirSync every two minutes.
  • ADFS permits use of on-premises deployed multi-factor authentication products. Note that Azure AD supports multi-factor authentication but many third party multi-factor authentication products require on-premises integration.
  • Where Microsoft Forefront Identity Manger (FIM) is required for some other FIM capability. FIM directory synchronization does not include password hash synchronization so ADFS will still be required for SSO login.
  • Some on-premises to cloud hybrid scenarios require ADFS such as hybrid search.

If you need any of these functionalities then Active Directory Federation Services is still the best option.

Cons of ADFS:

  • Additional infrastructure needed to deploy.
  • Added point of failure (even if multiple servers are deployed, this option brings in more dependencies for the setup to work).
  • Additional cost involved with this setup.
  • SSL certificate from a public CA is needed and needs to be renewed on a periodic basis (cost/administrative work involved).

Click here to read more from the: Password Hash Sync Article

 
Recent comment in this post
Guest — Ron
Great concise and to the point article. Exactly what I was looking for: Pro/con's and differences in each technology. Thank you Ma... Read More
Tuesday, 02 June 2015 6:06 PM
Matt Scherocman

How is Microsoft Protecting Your Data From Government Snooping?

There have been a growing number of stories related to government surveillance of internet data in recent days. Our customers have taken notice and we have heard a number of concerns related to the privacy of their data in Microsoft’s Cloud.

While we share in these concerns, the bottom line is Microsoft is doing everything they can to keep your data safe. More importantly, there is no indication that any of Microsoft’s data has been breached by the government. We are told that on the business platforms, Microsoft has had only a handful of requests to share data with the government and was able to work with clients to provide notice and assistance in the vast majority of the cases.

A recent press release explains what Microsoft is doing to keep your data private.

Highlights include:

Expanding Encryption:

  • Microsoft is expanding or strengthening encryption across all of its services; particularly while data is transmitted over the internet
  • If you are on Office 365, Microsoft already encrypts all information moving between your business and Microsoft, and Microsoft’s internal data centers by default
  • These communication channels are protected by best-in-class cryptography including Perfect Forward Secrecy and 2048-bit Key lengths
  • All information which is stored in a Microsoft data center is protected by industry leading encryption and security protocols

Reinforcing legal protections:

  •  Committed to notifying any company when Microsoft receives a government request for access to their information
  • Working with other cloud providers to make the government go directly to an individual company, rather than a cloud provider, to obtain data

Increasing Transparency:

  •  Increasing the transparency of their software code, making it easier for customers to see for themselves that Microsoft products do not contain back doors.
  • Opening a network of transparency centers in the US, America and Asia

 

For more information or to read the full press release, please see this article from Microsoft

Matt Scherocman

Does Office 365 Include Message Enryption?

Microsoft has recently added to the Office 365 family – Messaging Encryption.  This replaces Exchange Hosted Encryption (EHE) and will be a great for many clients and is included as part of the E3/E4 suites.  Below are the key facts and a link to the O365 Technology Blog article outlining the new feature.

Key facts:

  • Included with O365 E3 and E4 at no cost
  • $2 per user per month to add to other plans
  • Rolling out the first quarter of 2014
  • Receiver does not need to be on the service
  • Current Exchange Hosted Encryption customers will be automatically upgraded

http://blogs.office.com/b/office365tech/archive/2013/11/21/introducing-office-365-message-encryption-send-encrypted-emails-to-anyone.aspx

This posting is provided “AS IS” with no warranties, and confers no rights.

Welcome to the Interlink Cloud Blog

All content provided on this blog is for informational purposes only. The owner of this blog makes no representations or warranties regarding the information from our partners or other external sources.

Blog Categories

Interlink Cloud
Interlink Cloud
5 post(s)
Tips and Tricks
Tips and Tricks
1 post(s)
Outlook
Outlook
2 post(s)
Reporting
Reporting
1 post(s)
Cloud Storage
Cloud Storage
2 post(s)
Webinars
Webinars
11 post(s)
OneDrive
OneDrive
5 post(s)
Yammer
Yammer
3 post(s)
Azure
Azure
15 post(s)
SharePoint
SharePoint
9 post(s)
Microsoft
Microsoft
6 post(s)
Lync
Lync
8 post(s)
Office 365
Office 365
47 post(s)

Blog Archive