Brian LongSteve Goodman Ion Gott

How to Plan and Complete a Secure Office 365 MigrationPresented By: Conrad Agramont, Director of Technology Services, Agile ITIon Gott, Partner Technology Strategist, Microsoft

Agenda• Microsoft Trust Center• Data encryption and Office 365 platform• E-discovery and compliance across Office 365• Security Features in Office 365 and Beyond• What’s Next

Security Best-in-class security with over a decade of experience building Enterprise software & online services• Physical and data security with access control, encryption and strong authentication• Security best practices like penetration testing, defense-in-depth approach to protect against

cyber-threats• Unique customer controls with Rights Management Services to empower customers to protect

information

Office 365 TrustBuilt-in capabilities and Customer Controls

Compliance Commitment to industry standards and organizational compliance• Enable customers to meet global compliance standards in ISO 27001, EUMC, HIPAA, FISMA• Contractually commit to privacy, security and handling of customer data through Data

Processing Agreements• Admin Controls like Data Loss Prevention, Legal Hold, E-Discovery to enable organizational

compliancePrivacy Privacy by design with a commitment to use customers’ information only to deliver services

• No mining of data for advertising• Transparency with the location of customer data, who has access and under what

circumstances• Privacy controls to regulate sharing of sites, libraries, folders and communications with

external parties

Office 365 Built-in Security

Office 365 Customer Controls

Office 365 Independent Verificationand Compliance

Office 365 Security

24 Hour Monitored Physical HardwareIsolated Customer DataSecure NetworkEncrypted DataAutomated operationsMicrosoft security best practices

Customer data isolationDesigned to support logical isolation of data that multiple customers store in same physical hardware.

Intended or unintended mingling of data belonging to a different customer/tenant is prevented by design using Active Directory organizational units

6

Customer A

Customer B

Data in transitStrong SSL/TLS cipher suitePerfect Forward SecrecyDatacenter-to-datacenter encryption

Data at restBitLocker disk encryptionPer-file encryption for customer content

Encryption

Content DB

Encryption at rest with Per-file Encryption

A B C D

Key StoreA

B

C

D

AB

C

D

crypto

Data Security

Right info. Right person. Right device.

Mobile device & application

management

Access & information protection

Desktop Virtualization

Hybrididentity

Conditional access to corporate resourcesSecure data sharing

Easy management and control

FPO

Rights management

Data encryption

Policy enforcement

Right Access to the Right Data.

Azure Active DirectoryShare internally Share externally

DATA OUTSIDE OF OFFICE 365B r i n g y o u r d a t a t o O ffi c e 3 6 5 s o t h a t o u r c o m p l i a n c e c a p a b i l i t i e s c a n a p p l y

Drive shipping

Network

File shares

3 rd party archive

On-premises

3 rd party data

SharePoint Online

Exchange Online

OneDrive for Business

Skype for Business

Protecting your data at various vectorsIdentity &

Access Devices Data & Content

User

Devices

Data

Data

Encryption

Data Loss Prevention

Anti Spam & Anti Virus

Rights Management Service

S/MIME

Office 365 Message Encryption

Transport Layer Security

Exchange serverData disk

Exchange server

Data disk

RMS, S/MIME protected

Message Delivery

User

Office 365 Message Encryption

SMTP to partners: TLS protected

Encryption technologies

Rights Management Service

Data protection at restData protection at rest

Data Protection in motion Data Protection in motion

Information can be protected with RMS at rest or in motion

Data protection at rest

RMS can be applied to any file type using RMS app

Securing the Identity and Device

Identity & Access Management

FederationSecure Password SynchronizationMulti-factor Authentication

Users

Federated identity model

AD FS

Password hashesUser accounts

User

Authentication

Authentication

Sign

-on

Federated identityAAD Sync

On-premisesdirectory

• SAML token based authentication

• Password Synchronization

• Two-factor authentication

• Client-based access control

Mobile Apps

Multi-factor authentication using any phone

Text MessagesPhone Calls

Push NotificationOne-Time-Passcode

(OTP) Token

Out-of-Band* Call TextOne-Time Passcode

(OTP) by Text

*Out of band refers to being able to use a second factor with no modification to the existing app UX.

Device Management

Device wipe

Selective Wipe

Walled Garden

Devices

Device Management

Microsoft Intune

Mobile Device Management

Built-In Built-in Microsoft Intune

Conditional Access

Selective Wipe

Advanced Application Management

LoB app

Native E-mail

Browser

LoB

• First-time access to corporate resources (Exchange, OneDrive for Business) is conditional on the device being managed

• Selectively wipe corporate data and apps from devices

• Manage line of business apps alongside as Office Mobile Apps in “walled garden”

• Administrator can manage policy around how data is shared between managed and non-managed apps

• Give users familiar, full-featured Office applications; maintain document formatting across platforms

IT manages apps using Intune, including Office Mobile Apps, and “wrapped” LOB apps.

Data sharing is controlled by IT policy

Personal data remains personal

Office 365 and Intune protectdata on mobile devices without sacrificing user productivity

Managing Office Mobile Apps with Intune

LoB

E-Discovery and Compliance

ELECTRONIC INFORMATION INCLUDESEmails, documents, presentations, databases, instant messages, and social media posts

Identifying, collecting and producing electronically stored information in response to a litigation, investigation or regulatory request

COMPLEX PROCESSES AND TECHNOLOGIESSheer volume of electronic data produced and stored

WHAT IS EDISCOVERY?

DYNAMIC ELECTRONIC DATAPreserving original content and metadata is required to eliminate claims of tampering

40% OF LARGE ORGANIZATIONS HAVE ONE OR MORE LAWSUITS WITH $20+ MILLION AT ISSUE

MEDIAN LITIGATION BUDGET, EXCLUDING SETTLEMENT COSTS, IS $1.2 MILLION

LEGAL COSTS FOR THE BIGGEST U.S. BANKS ALONE TOTALED $30 BILLION IN 2014

WHY EDISCOVERY IS IMPORTANT

Norton Rose Fulbright – Litigation Trends Survey May 2015Bloomberg January 2015

“We’re taking advantage of the legal hold and eDiscovery features that are built into Microsoft Office 365 to handle internal issues when necessary. We used to use a patchwork of best-of-breed products for archiving and eDiscovery. Now everything is together in one solution, and we no longer have to pay for those external products.”

HAY GROUP

OFFICE 365 EDISCOVERY ENABL ING IN -PLACE, INTELL IGENT ED ISCOVERY, QU ICKLY IDENT IFY ING RELEVANT DATA WHILE DECREAS ING COST AND R ISK

Preserve Identify Search Analyze Review

Identifying Relevant Data

SIMPLIFYING EDISCOVERY WITH OFFICE 365IN-PLACE HOLDPreserve content in-place, in real time

SEARCH, ANALYTICS, AND EXPORTFind up to date and relevant content quickly and export for review

ACROSS THE SERVICESharePoint, Skype for Business, OneDrive for Business, Exchange and Public Folders

Demo

We Offer Complete Office 365 Migration Solutions

AgileAscend is a

Complete Fixed Price

On Identity Management and Email Migration

Project Team Assures Your Success

of Your Data is Our Key Priority

Solution Focused

Expert Protection

Includes of 100% of

Your Active Mailboxes

Migration

AgileAscend Migration PackagesAgileAscend Essentials

Mailbox Migration& Change Management

Ideal with IT staff and ample resources

AgileAscend PremiumClient Deployment

& User SupportIdeal with few IT staff or

requiring accelerated migration

Full Project Management Comprehensive Quality Assurance Process Server side Data Migration Change management and Training for IT Team Post-migration Support for IT Team OnDemand Training for Smooth User

Onboarding

Installation of Office 365 components (sign-on client, Lync) on client workstations

Configuration of Outlook & Lync End User Support ensuring service access and

provide a centralized service desk for issues post-migration

Complete Client Deployment Progress Reporting

Complete Migration

AgileAscend Sample Project Timeline

Week 4

Week 3

Week 2

Week 1PROJECT

TYPICALLY PRESENTS A

4-6 WEEK TIMELINE FROM KICK

OFF TO

COMPLETION

* The exact time depends on the number of mailboxes, amount of data, available bandwidth, optimal transfer rate, and other factors.

INTRO Intro to Team: Project Lead, Support Lead & Project ManagerData collectionDiscoveryVerification of Data collectedPrepare Identity and Security FrameworkConfigure Hybrid Exchange

Weekend Migrationof mailboxes (single phase)

ORBegin Hybrid Exchange MoveThis could be several days to weeks depending on various

factors*

PLANNING

PILOT

MIGRATE

3 Change Management4 IT Admin Training

1 Validate MX & Mailflow

2 Pilot Migration

12

34

AgileProtect for Office 365

SharePoint Online

Exchange Online

OneDrive for Business

Microsoft Azure

AgileProtect

Backup and Recovery Services

Next Steps:Let’s discuss your project today! Ask about EOY project

pricing!

< TODO >Contact: Sales@AgileIT.com

(Trial Licenses Available)

Call: 619.292.0800Click: www.agileit.com

Q/A

www.AgileIT.com