Export (0) Print
Expand All

Security and compliance for Exchange Online

Exchange Online
 

Applies to: Exchange Online

Email has become a reliable and ubiquitous communication medium for information workers in organizations of all sizes. Messaging stores and mailboxes have become repositories of valuable data. It’s important for organizations to formulate messaging policies that dictate the fair use of their messaging systems, provide user guidelines for how to act on the policies, and where required, provide details about the types of communication that may not be allowed.

Organizations must also create policies to manage email lifecycle, retain messages for the length of time based on business, legal, and regulatory requirements, preserve email records for litigation and investigation purposes, and be prepared to search and provide the required email records to fulfill eDiscovery requests.

Leakage of sensitive information such as intellectual property, trade secrets, business plans, and personally identifiable information (PII) collected or handled by your organization must also be protected.

The following table provides an overview of the security and compliance features in Exchange Online and includes links to topics that will help you learn about and manage these features.

 

Feature Description

In-Place Archiving

In-Place Archiving helps you regain control of your organization's messaging data by eliminating the need for personal store (.pst) files and allowing users to store messages in an archive accessible in Outlook and Outlook Web App.

In-Place Hold

In-Place Hold and Litigation Hold allow you to preserve or archive mailbox content for compliance and eDiscovery.

In-Place eDiscovery

In-Place eDiscovery allows authorized compliance officers in your organization to search mailbox data across your Exchange organization, preview search results, copy them to a Discovery mailbox or export them to a .pst file.

Inactive mailboxes in Exchange Online

You can preserve the contents of deleted mailboxes indefinitely by using inactive mailboxes. You can make an inactive mailbox by placing an In-Place Hold or a Litigation Hold on the mailbox, and then deleting the corresponding Office 365 user account. In addition to preserving mailbox contents, administrators or compliance officers can use In-Place eDiscovery to search the contents of an inactive mailbox.

Data loss prevention (DLP)

Data loss prevention (DLP) helps you identify and monitor sensitive information, such as private identification numbers, credit card numbers, or standard forms used in your organization. You can set up DLP policies to notify users that they are sending sensitive information or block the transmission of sensitive information.

Exchange auditing reports

You can use the auditing functionality in Exchange Online to track changes made to your Exchange Online configuration by Microsoft and by your organization’s administrators, and to audit mailbox access by persons other than the mailbox owner.  In Exchange Online, audited actions are recorded and available to view in an online report or export to a file.

Messaging records management (MRM)

Messaging records management (MRM) helps your organization manage email lifecycle to meet business and regulatory requirements and reduce the legal risks associated with email. In Exchange Online, you can use In-Place Hold or Litigation Hold to preserve email and Retention tags and retention policies to archive and delete email.

Information Rights Management in Exchange Online

Information Rights Management (IRM) helps you and your users control who can access, forward, print, or copy sensitive data within an email. IRM can use your on-premises Active Directory Rights Management Services (AD RMS) server or Azure RMS.

Office 365 Message Encryption

Office 365 Message Encryption allows you to send encrypted messages to people inside or outside your organization, regardless of the destination email service—whether it’s Outlook.com, Yahoo, Gmail, or another service. Designated recipients can send encrypted replies.

S/MIME for message signing and encryption

Secure/Multipurpose Internet Mail Extensions (S/MIME) allows email users to help protect sensitive information by sending signed and encrypted email within their organization. As an administrator, you can enable S/MIME-based security for your organization if you have mailboxes in either Exchange 2013 SP1 or Exchange Online.

Journaling

Journaling can help you meet legal, regulatory, and organizational compliance requirements by recording inbound and outbound email communications. In Exchange Online, you can create journal rules to deliver journal reports to your on-premises mailbox or archiving system, or to an external archiving service.

Transport rules

You can use transport rules to inspect messages sent or received by your users and take actions such as blocking or bouncing a message, holding it for review by a manager or an administrator or delivering a copy to another recipient if the message matches specified conditions.

 
Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft