Protection starts with authentication and identity. By using this release, Office makes a fundamental change from computer centered identity and authentication to user centered identity and authentication. This shift enables content, resources, most-recently-used lists, settings, links to communities, and personalization to roam seamlessly with users as they move from desktop, to tablet, to smartphone, or to a shared or public computer. For the IT admin, user audit trails and compliance are also separated by identity.

In this new environment, users sign in to Office 365 by using one of these identities:

• Their Microsoft-managed, organization-owned, user ID.   For Office 365 business use, where Microsoft hosted enterprise and smaller organization user IDs are stored in the cloud. This scenario also supports multiple linked user IDs and single sign on.

  —or—

  Their federated, org-owned user ID.   For Office 365 business use, where enterprise user IDs are stored on premises).

• Their Windows Live ID.   Typically, users use this identity to sign in to Office 365 for non-business purposes. Users can have multiple Windows Live IDs that are linked and then sign in one time, get authenticated, and then switch from one Windows Live ID to another during the same session. They don't have to be re-authenticated.

From an IT admin’s perspective, Active Directory is at the heart of this new paradigm. IT admins can do the following:

• Control user password policies across devices and services

• Use Group Policies to configure the operating environment

• Manage with Forefront Identity Manager (FIM) or Active Directory Federation Services (ADFS)

The cloud makes it all possible:

• User accounts can be cloud-managed by using a web portal   Setup is simple. You can provision users manually for greatest control. No servers are required. Microsoft manages all that for you.

• Any on-premises directories are Active Directory synchronized to the web portal   Provisioning can be automated and can co-exist with the cloud managed accounts.

• Users have single-sign-on capability by using ADFS   Provisioning can be automated, and multi-factor authentication is supported.

As shown in the following figure, when identity and authentication are handled completely in the cloud without affinity to any on-premises Active Directory store, IT admins can still provision or de-provision IDs and user access to services through a management portal or PowerShell cmdlets.

Figure: Office 365 identity and authentication managed completely in the cloud—without local Active Directory interaction.

The next figure shows identity provisioning by using the Microsoft Online Directory Synchronization service. Authentication is managed in the cloud.

Figure: Identity provisioning populated by using the Microsoft Online Directory Synchronization service. This is cloud managed authentication.

The following figure shows the addition of federated authentication through Active Directory Federation Server 2.0 for large organizations.

Figure: Identity provisioning that is populated by using the Microsoft Online Directory Synchronization service; Active Directory Federation Server 2.0 and cloud managed authentication.

In the user experience, identity is surfaced when the user signs in.

The client user interface   At the start of each session, a user can choose to connect either to their personal cloud by using their Microsoft account, or to their on-premises corporate server or Microsoft-managed cloud for services such as Office 365 and for their documents, pictures, or other data.

If a user chooses to connect by using their Windows Live ID, they sign in by using their by using their Microsoft account (formerly called Passport or Windows Live ID) or they can choose to connect by using the user ID they use to access Office 365.

After they are signed in, that user is also free to switch identities at any time from the Backstage of any Office app.

The client infrastructure   Behind the scenes, client authentication APIs enable users to sign in and out and switch the active user identity. More APIs keep track of roaming settings (preferences and most-recently-used documents) and the services available to each identity.

Other cloud identity services   Users are automatically logged into these native services:

• SkyDrive, for a Microsoft account sign on, or SharePoint Online for a corporate identity)

• Roaming most-recently-used files and settings

• Personalization

• Microsoft account activities

Users can also log on to third-party cloud services after they sign in by using a Microsoft account. For example, if they sign in to LinkedIn or Facebook, the connection will roam with that identity.

Use Group Policy settings to control desktops configurations

With more than 4,000 Group Policy control objects at your disposal, you can use Group Policy to mandate user settings for Office.This means that you can create a range of lightly-managed to highly-restricted desktop configurations for your users. Your Group Policy settings always have precedence over Office Customization Tool (OCT) settings. You can also use Group Policy settings to disable particular file formats that are not secure over the network.

A word about Microsoft Data Centers

The Microsoft Data Center Security Program is risk-based and multi-dimensional. It takes people, processes, and technology into consideration. The Privacy Program makes sure that consistent global standard “high bar” privacy practices are followed for data handling and data transfer. The Microsoft data centers are also physically secure. All 700,000+ square feet and tens of thousands of servers are guarded 24 hours a day, 7 days a week. If there is a power failure, days of ancillary power are available. These data centers are geographically redundant and located in North America, Europe, and Asia.

Office 365 never scans your email messages or documents to build analytics, mine data, advertise, or improve our own service. Your data always belongs completely to you or your company and you can remove it from our data center servers at any time

Office 365 complies with the following important and business essential industry standards:

• ISO 27001 certified   Office 365 meets or exceeds the rigorous set of physical, logical, process, and management controls defined by ISO/TEC 27001:2005.

• EU model clauses   Office 365 is compliant with and able to sign standard contractual clauses that relate to the EU model clauses and EU Safe Harbor framework.

• HIPAA-Business Associate Agreement   Office 365 can sign requirements for HIPAA with all customers. HIPAA governs the use, disclosure, and safeguarding of protected health information.

Catalogs and web Extensions

Office 2013 includes a new extensibility model for Office clients that enables web developers to create apps for Office, which are web extensions that use the power of the web to extend Office clients. An app for Office is a region inside an Office application that contains a web page that can interact with the document to augment content and provide new interactive content types and functionality. apps for Office can be obtained by users from the new Office marketplace or from a private catalog in the form of stand-alone apps or subcomponents of a document template solution, or a SharePoint application.

In the Trust Center, there is a new section titled “Manage Catalogs and Web Extensions.” This gives you the option to control the apps for Office. This includes the following:

• Disabling all catalogs, which turns off the apps functionality in Office

• Disabling the Office Marketplace catalog

• Adding more catalogs to your Trusted Catalog list and to the Insert menu

• Requiring catalog server verification by using HTTPS

Reset a document’s password with an escrow key and the new DocRecrypt tool

Office 2013 provides a new escrow key capability. This allows the IT admin of an organization to decrypt password-protected documents by using a private escrow key. For example, if a document was encrypted by using Word, Excel, or PowerPoint and the original owner of the document has either forgotten the password or has left the organization, it would be possible for the IT admin to retrieve the data by using the private escrow key.

The escrow key capability only works with files that are saved and encrypted by using next generation cryptography. This is the default encryption that is used in Office 2010 and Office 2013. If, for compatibility reasons, the default behavior was changed to use the legacy format, escrow key functionality will not be available. For details about this new feature, see Remove or reset file passwords in Office 2013.

Digital signatures

Improvements to digital signatures in Office 2013 include the following:

• Support for Open Document Format (ODF v1.2) file formats

• Enhancements to XAdES (XML Advanced Electronic Signatures)

Support for ODF v1.2 file formats enables people to digitally sign ODF documents in Office 2013 by using invisible digital signatures. These digitally-signed documents do not support signature lines or stamps. In addition, Office 2013 provides digital signature verification of ODF documents that are signed from inside other applications but that are opened in Office 2013.

XAdES improvements in Office 2013 include an improved user experience when creating an XAdES digital signature. Users are given more detailed information about the signature.

Information Rights Management (IRM)

Office 2013 includes a new IRM client, which has a new UI to help simplify identity selection. It also supports automatic service discovery of Rights Management Services (RMS) servers. In addition, Office 2013 has read-only IRM support for Microsoft Office Web Application Companions (WACs). WACs can view IRM-protected documents in a SharePoint library or IRM-protected documents that are attached to messages in Outlook Web Access (OWA).

Protected view

Office 2013 provides an improved protected view, a “sandbox” technology, when Office 2013 is used with Windows 2012 as the operating system. Office 2013 uses the Windows 2012 AppContainer feature, which provides stronger process isolation and also blocks network access from the sandbox. Protected view was introduced in Office 2010. Protected view helps reduce exploits to computers by opening files in a restricted environment, referred to as a lowbox, so that they can be examined before they are opened for editing in Excel, PowerPoint, or Word.

At Microsoft, security is considered during every step of the software life-cycle. Every employee who contributes to an Office feature or product is required to take security training and continue to learn as the industry and threats evolve. When designing a feature or product, the team is required to consider user data security and privacy from the beginning, and how threats to these can be reduced by using encryption or authentication or other methods. Their decisions are based on the environment, expected or potential exposure, and data sensitivity. The team performs multiple attack surface reviews and creates an incident response plan before an Office product is ever released.

Microsoft doesn’t just rely on employees to make sure user data is safe. It also uses tools and automated quality assurance tests. These fall into three general categories:

• Functional testing where every piece of the user interface is verified to make sure that user input, output, and action is as intended and advertised.

• Fuzz testing where large amounts of random or unexpected data are injected into the software to reveal security problems. Fuzz testing was a big part of the Office 2007 release and continues to be with this latest release.

• For web applications dynamic or web scanning tools are used to test for potential security bugs like cross-site scripting (XSS) or SQL injection.

The testing never stops. The Microsoft Security Response Center (MSRC) is responsible for handling security issues that are uncovered after a product has released. This team can quickly mobilize and deliver swift fixes to customers.

A quick review of security progress over the last several Office releases

Security controls that were introduced in Office XP, Office 2003, Office 2007, and Office 2010 reduced attacks, improved the user experience, hardened, and reduced the attack surface, and made it easier for IT admins to build a robust defense against threats while maintaining user productivity. Here’s how:

Introduction of the following features has mitigated attacks on Office:

• Protected view

• Document flow protection

• Patch management

• Cryptographic agility

The following features have improved the user experience:

• The Trust Center and message bar, trusted locations, trusted publishers, and sticky trust decisions

• Actionable security prompts

• Improvements to the Encrypt with Password feature

• Document Inspector

• XML file format support

Office has hardened the attack surface through the following features:

• Data Execution Prevention (DEP) support

• Group Policy enforcement

• Trusted time-stamping support for digital signatures

• Domain-based password complexity checking and enforcement

• Encryption-strengthening improvements

• CryptoAPI suppor

Office has reduced the attack surface through the following features:

• Office file validation

• Expanded file block settings

• ActiveX control security

• ActiveX “kill bit”

• Integrity checking of encrypted files

• Macro security levels

More on file fuzzing

More on Data Execution Prevention

More on Protected View