Move your business ahead with the latest security and compliance features within Office 365 Enterprise E5. Learn more

Built-in security
from Office 365

Welcome to the place where we share our commitments and information about security, privacy, and compliance.
Play in-page video about what Microsoft does to prepare for emerging security threats to Office 365

Office 365 is a security-hardened service, designed following the Microsoft Security Development Lifecycle. We bring together the best practices from two decades of building enterprise software and managing online services to give you an integrated software-as-a-service solution.

At the service level, Office 365 uses the defense-in-depth approach to provide physical, logical, and data layers of security features and operational best practices. In addition, Office 365 gives you enterprise-grade user and admin controls to further secure your environment.

 
Show all
  • 24-hour monitoring of datacenters.
  • Multi-factor authentication, including biometric scanning for datacenter access.
  • Internal datacenter network is segregated from the external network.
  • Role separation renders location of specific customer data unintelligible to the personnel that have physical access.
  • Faulty drives and hardware are demagnetized and destroyed.
  • Lockbox processes for a strictly supervised escalation process greatly limit human access to your data. Learn how to activate Lockbox.
  • Servers run only processes that are whitelisted, minimizing risk from malicious code.
  • Dedicated threat management teams proactively anticipate, prevent, and mitigate malicious access.
  • Port scanning, perimeter vulnerability scanning, and intrusion detection prevent or detect any malicious access.
  • Encryption at rest protects your data on our servers.
  • Encryption in transit with SSL/TLS protects your data when it’s transmitted between you and Microsoft.
  • Threat management, security monitoring, and file/data integrity prevent or detect any tampering of data.
  • Exchange Online Protection provides advanced security and reliability against spam and malware to help protect your information and access to email.
  • Office 365 Message Encryption allows users to send encrypted email to anyone, whatever email service recipients may use.
  • Data loss prevention can be combined with Rights Management and Office 365 Message Encryption to give greater controls to your admins to apply appropriate policies to protect sensitive data.
  • S/MIME provides message security with certificate-based email access.
  • Azure Rights Management prevents file-level access without the right user credentials.
  • Multi-factor authentication protects access to the service with a second factor such as phone.
  • Data loss prevention prevents sensitive data from leaking either inside or outside the organization while providing user education and empowerment.
  • Built-in mobile device management capabilities allow you to manage access to corporate data.
  • Mobile application management within Office mobile apps powered by Intune provides granular controls to secure data contained in these apps.
  • Built in antivirus and antispam protection along with advanced threat protection safeguard against external threats.
  • Office 365 Cloud App Security provides enhanced visibility and control into your Office 365 environment.

British Airways secures data across mobile devices and operating systems

British Airways logo, learn how British Airways uses Yammer and Office 365

We wanted a safe, secure solution that was cost-effective and ran out-of-the-box on multiple mobile devices and operating systems. —Julie Boddy

Read the full story

Office 365 security white paper

When you consider moving your organization to cloud services, security concerns add another layer of consideration. Read what Office 365 is doing to address your concerns.

Read the paper

Top 10 security and privacy features

Review the top security and privacy considerations to help you determine the security and trustworthiness of cloud service providers and their services.

Review the feature

Protecting email with Microsoft Exchange Online Protection (EOP)

This white paper describes the defense-in-depth approach that the Microsoft Exchange Online Protection (EOP) online service uses in order to stop malicious email messages from compromising your organization’s security.

Read the paper

Customer controls for information protection white paper

This white paper outlines how Office 365 provides you the security and compliance controls you need, explaining how Office 365 has met and exceeded these needs, and how innovation continues.

Read the paper

Monitoring and protecting sensitive data in Office 365

Microsoft IT created Power BI dashboards to learn how corporate users share information. Find out how this solution helps them detect sensitive data sharing and proactively manage information security risks.

Read the case study

Office Blogs

Office 365 logo, read the April Office 365 security and compliance update on the Office blog

April Office 365 security and compliance update

Over the last month, the Office 365 team announced the expansion of Customer Lockbox to new workloads and new features coming to Office 365, such as capabilities that improve security management and reduce eDiscovery costs.

Rudra Mitra discussing data protection for Office 365, read about data protection in Office 365 on the Office blog

From Inside the Cloud—What protection exists for your data in Office 365?

Read about the latest of our continued investments to protect customer data like Data Loss Prevention (DLP), Advanced Threat Protection (ATP) and Intelligent Protection.

Demonstration of Exchange Online Protection updates, read about Office 365 features that fight against dangerous email threats

Leading the way in the fight against dangerous email threats

Learn about exciting new features that proactively identify and block the most dangerous email threats for our Exchange Online Protection and Advanced Threat Protection services.

iTunes, iPhone, and iPad are registered trademarks of Apple Inc., registered in the U.S. and other countries. Android is a trademark of Google Inc.
yxvzAcdXEjY