Move your business ahead with the latest security and compliance features within Office 365 Enterprise E5. Learn more

Built-in security from Office 365

Welcome to the place where we share our commitments and information about security, privacy, and compliance.

Office 365 is a security-hardened service, designed following the Microsoft Security Development Lifecycle. We bring together the best practices from two decades of building enterprise software and managing online services to give you an integrated software-as-a-service solution.

At the service level, Office 365 uses the defense-in-depth approach to provide physical, logical, and data layers of security features and operational best practices. In addition, Office 365 gives you enterprise-grade user and admin controls to further secure your environment.

Show all
  • 24-hour monitoring of datacenters.
  • Multi-factor authentication, including biometric scanning for datacenter access.
  • Internal datacenter network is segregated from the external network.
  • Role separation renders location of specific customer data unintelligible to the personnel that have physical access.
  • Faulty drives and hardware are demagnetized and destroyed.
  • Lockbox processes for a strictly supervised escalation process greatly limit human access to your data. Learn how to activate Lockbox.
  • Servers run only processes that are whitelisted, minimizing risk from malicious code.
  • Dedicated threat management teams proactively anticipate, prevent, and mitigate malicious access.
  • Port scanning, perimeter vulnerability scanning, and intrusion detection prevent or detect any malicious access.
  • Encryption at rest protects your data on our servers.
  • Encryption in transit with SSL/TLS protects your data when it’s transmitted between you and Microsoft.
  • Threat management, security monitoring, and file/data integrity prevent or detect any tampering of data.
  • Exchange Online Protection provides advanced security and reliability against spam and malware to help protect your information and access to email.
  • Office 365 Message Encryption allows users to send encrypted email to anyone, whatever email service recipients may use.
  • Data loss prevention can be combined with Rights Management and Office 365 Message Encryption to give greater controls to your admins to apply appropriate policies to protect sensitive data.
  • S/MIME provides message security with certificate-based email access.
  • Azure Rights Management prevents file-level access without the right user credentials.
  • Multi-factor authentication protects access to the service with a second factor such as phone.
  • Data loss prevention prevents sensitive data from leaking either inside or outside the organization while providing user education and empowerment.
  • Built-in mobile device management capabilities allow you to manage access to corporate data.
  • Mobile application management within Office mobile apps powered by Intune provides granular controls to secure data contained in these apps.
  • Built in antivirus and antispam protection along with advanced threat protection safeguard against external threats.
  • Office 365 Cloud App Security provides enhanced visibility and control into your Office 365 environment.

British Airways secures data across mobile devices and operating systems

British Airways logo, learn how British Airways uses Yammer and Office 365

We wanted a safe, secure solution that was cost-effective and ran out-of-the-box on multiple mobile devices and operating systems. —Julie Boddy

Read the full story

Top 10 security and privacy features

Review the top security and privacy considerations to help you determine the security and trustworthiness of cloud service providers and their services.

Review the feature

Protecting email with Microsoft Exchange Online Protection (EOP)

This white paper describes the defense-in-depth approach that the Microsoft Exchange Online Protection (EOP) online service uses in order to stop malicious email messages from compromising your organization’s security.

Read the paper

Customer controls for information protection white paper

This white paper outlines how Office 365 provides you the security and compliance controls you need, explaining how Office 365 has met and exceeded these needs, and how innovation continues.

Read the paper

Monitoring and protecting sensitive data in Office 365

Microsoft IT created Power BI dashboards to learn how corporate users share information. Find out how this solution helps them detect sensitive data sharing and proactively manage information security risks.

Read the case study

Introduction to encryption in Office 365 white paper

This white paper introduces encryption in Office 365. It explains what encryption is and why it’s an important tool in keeping your data secure and private, and it lays out the encryption options in Office 365.

Read the paper

Office 365 Mobile Applications Security

Get the latest information on the security controls available in Office 365 mobile applications. Access our Office 365 Enterprise documentation page to learn which Office 365 applications support Mobile Application Management, Conditional Access, and Modern Authentication.