Yammer supports SAML 1.1/2.0-based SSO on all web, desktop, and mobile clients.
Session management tools let admins see the devices users are logged into, and log them out if needed. Admins can close open sessions for any users in their network by destroying OAuth tokens.
Set password policies for length, expiration, and complexity to match your company password policies.
Restrict access to a specified IP range so that your network is only accessible in designated physical locations or through your organization's VPN.
All connections to Yammer are secured via SSL/TLS. Any attempt to connect over HTTP is redirected to HTTPS.
If your servers support TLS encrypted email, any data sent from Yammer by email will be delivered using encrypted transport.
Yammer is built according to secure development best practices with security reviews incorporated throughout the design, prototyping and deployment process.
We classify and treat all data as confidential, using inbound and outbound low-level logical firewalls to ensure that data cannot be leaked between Yammer networks. Sensitive production data is never migrated or used outside of the production network.
The web application servers of Yammer are physically and logically separated from servers that store customer data.
Yammer is operated out of Microsoft's global network of data centers with 24/7/365 video surveillance, biometric and pin-based locks, strict personnel access controls and detailed visitor entry logs.
We routinely run internal and external vulnerability scans and penetration tests and work with third-party firms for in-depth quarterly security reviews.
Your data is backed up multiple times a day and protected with strong encryption on disk. Backups are transferred off-site over SSH and properly deleted after six months.
ISO 27001 is the global standard in information security. Independent auditors have verified that Yammer meets the rigorous set of physical, logical, process, and management controls defined by the ISO 27001 standard.
Yammer is participating in the Microsoft Online Services Bug Bounty, which allows thousands of security researchers to test Yammer and help make our products even safer for users.