HOME       BLOG      CONTACT

 

shutterstock_184473665.jpg

Summit 7 Team Blogs

Office 365 DFARS Frequently Asked Questions (and Answers) - Part 7

 There are a lot of questions surrounding the upcoming DFARS requirements for DoD Contractors. What does it mean for your business? What happens if you're not compliant in time? To help guide you through the process, here are some questions and answers that you may need to know.  


Screen Shot 2017-12-20 at 1.33.20 PM.png

35. What are your thoughts on using a product like Duo for MFA vs. Microsoft's MFA?

Duo and other 3rd Party MFA solutions can be a great solution if needed. Microsoft's MFA solution works great if you are primarily cloud focused and don't have a need for MFA to other IT systems.

 

36. Is it possible to isolate CUI to a SharePoint collection and make that the boundary? That way it would only allow E3 licensed users to use that collection and be compliant?

No, this is not an appropriate method for compliance. You must focus on securing the information system as a whole, not a specific container within the information system.

Screen Shot 2017-12-20 at 1.33.56 PM-1.png

 

37. What is the difference between E3 and E1?

The short answer is that E3 has many features such as Data Loss Prevention as a part of the base license and this and other features are not available as add on licenses to the E1.

 

38. Where in NIST is DLP called out?

The need for DLP is called out as part of the controls within the Incident Response, System and Communications Protection and, depending on interpretation, portions of System and Information Integrity.

Screen Shot 2017-12-20 at 1.31.09 PM.png

39. Why is E3 considered the base Office365 plan? For example, besides lacking Lockbox add on, what makes Essentials not a viable platform? As you know, with Essentials, enterprise Mobility + Security E3/E5 can be added. Obviously, Office365 Business Essentials represents a more cost effective solution for small business users under 300 users. Does it all revolve around the lack of Lockbox?

 

The major capabilities that Essentials does not provide are Data Loss Prevention and eDiscovery.

40. In regards to integration of older Office products like Office 2010, does the use of Microsoft "Application Passwords" present a problem with regard to 171 compliance as it bypasses MFA?

Yes, in the strictest sense, application passwords are a bypass of the Multifactor Authentication capabilities within Office 365. If you are moving to Office 365 an have a requirement for MFA, it is highly recommended that you upgrade your clients to Office 2016 as they have the ability to support modern authentication which does support Multifactor Authentication.

Note: This FAQ is part of a series. Check out the previous FAQ's here: FAQ #1FAQ #2FAQ# 3FAQ #4, and FAQ #5, FAQ #6

Be sure to subscribe and get notified when there's a new post, or check back soon for the next post in the series!

e77401f4-f9e1-4972-9bbc-5ce1720ed262.png

SHARE THIS STORY | |
About Scott Edwards

Scott Edwards is an accomplished computer engineer and organizational leader with experience in business, project management, systems engineering, training and security. Scott’s technical experience was honed at NASA as a Senior Computer Engineer and the Chief Engineer and Engineering Manager for the NASA Datacenter.

Scott received his Bachelor of Science from the United States Military Academy and his Master of Science in Computer Science with an emphasis in Information Assurance at James Madison University. Scott proudly served as an Officer in the US Army Signal Corps with both the 2-227th Aviation Battalion in Bosnia-Herzegovina and the 1-6 Air Defense Artillery Battalion in Fort Bliss, Texas.

Currently, Scott is the President and Managing Partner of Summit 7 Systems. Summit 7 Systems is Service Disabled Veteran Owned Small Business (SDVOSB) and a Microsoft Gold Cloud Productivity Partner that specializes in Office 365 security solutions.