CHEAT SHEET Microsoft SharePoint Online Security Microsoft is one of the leading cloud service providers at enterprises around the world. The company’s Office 365 suite of cloud applications ensures enterprises always have the latest versions of Excel, Word, PowerPoint, and Outlook, as well as cloud-based collaboration and productivity platforms OneDrive, Exchange Online, Yammer, and SharePoint Online. For enterprises, migrating to Office 365 gets particularly Many enterprises have built sizable on-premises complicated when moving from on-premises SharePoint SharePoint environments with hundreds, and deployment to SharePoint Online. This document will sometimes even thousands, of site collections. Migrating focus on some of the security challenges of migrating to SharePoint Online usually occurs in phases, with to SharePoint Online and best practices to put in place enterprises running hybrid on-premises and cloud when it comes to securing SharePoint Online usage. environments while they make the transition. As they move to the cloud, companies often look at the security Sharepoint Online Usage at a Glance controls for SharePoint Online and compare them to the Enterprises store a significant volume of sensitive controls they have implemented for data in SharePoint data in SharePoint—in fact, our usage data finds “on premises.” that 17.1% of files contain sensitive data. One of the primary drivers of SharePoint Online adoption is the Some of the security practices companies have ability to invite co-workers and business partners to implemented for on-premises deployments that access and edit documents and other content in real they commonly look to mirror in their cloud-based time. This intersection between sensitive content and deployments include rights management services external sharing, however, causes concern for many (RMS) and data loss prevention (DLP). There are specific organizations in terms of security and compliance of deployment considerations organizations encounter corporate data. The average company collaborates with with rights management. SharePoint Online Information Rights Management (IRM) requires the use of Azure 72 external business partners via Office 365, more than Connect With Us any other cloud-based collaboration platform. Active Directory Rights Management, Microsoft’s new cloud offering. 1 Microsoft SharePoint Online Security CHEAT SHEET 7. What sensitive data is stored in which site 9.4 Confidential Data collections? 1.7% Payment Data 8. Which SharePoint users have access to what 1.9% Health Data information in which sites? 9. Which sites are shared externally and can be 1.1 4.1% Personal Data accessed by third parties? of files in OneDrive 10. Are we using rights management for SharePoint “on and SharePoint Online contain sensitive data premises?” What is the migration path for our RMS deployment to Azure AD RM? Figure 1. Sizable amounts of sensitive data are stored in SharePoint. 11. Are users accessing or downloading an unusual amount of sensitive content in SharePoint Online? Common Questions Enterprises Using or 12. What devices are accessing data stored in SharePoint Migrating to SharePoint Online Need to Ask Online, and where are those devices accessing from? 1. Which file sharing and collaboration services are in 13. Are unauthorized third parties logging in to view our use by which employees? data using stolen usernames/passwords? 2. What is the risk of Shadow IT file-sharing and 14. Are administrators viewing or downloading data they collaboration services? shouldn’t? 3. How many of our users have account credentials for SharePoint Online Security sales on the Darknet? Office 365 has one of the most advanced built-in 4. What industry regulations are we required to meet? security capabilities of any cloud service provider. While How do these requirements translate to how we Microsoft takes responsibility for the security of its cloud store and share data in SharePoint Online? platform against intrusions, it works within a shared 5. What are our security and data privacy policies? How responsibility model where the customer is responsible do these policies translate to how we store and share for ensuring its users are using Office 365 in a secure data in SharePoint Online? way. Below is a list of SharePoint Online security best 6. Do we store any data in SharePoint on behalf of practices for secure usage. European Union (EU) residents or other individuals whose data is covered by data residency laws? 2 Microsoft SharePoint Online Security CHEAT SHEET Access control ■ Define SharePoint-centric and cloud-centric DLP ■ Turn on multifactor authentication. policies. For example, some DLP policies might apply to SharePoint Online users and Salesforce users ■ Use single sign-on—either Microsoft’s own solution or uniformly, while other policies might be needed that one of its partners like Okta, One Login, or others— will be unique to SharePoint Online. to provide a convenient way for users to access SharePoint and create a centralized place to manage ■ Define remediation actions only after SharePoint password policies for Office 365 and SharePoint Online usage has been thoroughly observed and Online. policies fine-tuned, such as enforcing sharing policies based on domain whitelist/blacklist and revoking ■ Apply device or location-specific access controls untraceable shared links for files containing sensitive across sensitive data, including unmanaged devices, content. public computers, or open Wi-Fi networks. ■ Use a single DLP engine for every cloud service to ■ Apply role-based access control so that it gives ensure uniform enforcement of DLP policies. minimum access to users while still allowing them to fulfill their job duties. Threat protection ■ Data loss prevention (DLP) Monitor user activity within SharePoint Online and across other cloud services to identify anomalous ■ Inventory existing DLP policies across different behavior that might be indicative of: services. − Compromised account ■ Gain visibility into how SharePoint Online is being used, including: − Malicious internal user − The number of files containing sensitive data, such − External user threat as salaries, passports, Social Security numbers, − Accidental misuse or policy violations account numbers, credit card numbers, and more ■ Apply privileged user analytics to identify risk − The number of files being shared with internal from dormant administrator accounts, excessive employees and outside partners permissions, and unnecessary escalation of privileges − The number of files being shared with personal and end-user provisioning in SharePoint Online. email accounts such as Gmail or Yahoo! Mail 3 Microsoft SharePoint Online Security CHEAT SHEET ■ Identify stolen login credentials for sale on the − Seemingly innocuous activity within a single cloud Darknet, and send targeted password updates to application can be correlated with activity in other users with compromised credentials. applications to expose multidimensional cloud ■ Employ a cross-application threat detection strategy to threats ensure that: − Incident investigation and remediation can be − An unmanaged Shadow IT cloud service, along with applied across multiple services at once SharePoint Online, isn’t being used in tandem as a vector for data exfiltration 2821 Mission College Blvd. McAfee and the McAfee logo are trademarks or registered trademarks of McAfee, LLC or its subsidiaries in the US and other countries. Other Santa Clara, CA 95054 marks and brands may be claimed as the property of others. Copyright © 2018 McAfee, LLC. 3843_0418 888.847.8766 APRIL 2018 www.mcafee.com 4 Microsoft SharePoint Online Security.