There are a lot of questions surrounding the upcoming DFARS requirements for DoD Contractors. What does it mean for your business? What happens if you're not compliant in time? To help guide you through the process, here are some questions and answers that you may need to know. You can check out FAQ #1 here, or FAQ #2 here.
13. Do I fully have to move to O365 or can I still use my current on-premises and do a hybrid scenario?
It is certainly possible to maintain a hybrid environment with Office 365; however, it can make the DFARS compliance process more difficult.
14. Are there any real-time dashboards that show my environment and how it’s monitoring security policies and incidences?
Yes, you can look at real time activity within the Security and Compliance center as part of the Advanced Security Management feature.
15. How does O365 protect against Brute Force attacks and Denial of Service attacks?
Microsoft provides multi-layered protection against brute force and DoS attacks. Below is a whitepaper specifically on how Microsoft provides protection against DoS: https://www.microsoft.com/en-us/download/confirmation.aspx?id=52667
16. Can O365 detect a breach and shut down access automatically?
Yes, Office 365 can have activity policies that allow you to shut down user access immediately once specific and defined parameters are met. However, this requires the Advanced Security Management and associated license(s).
17. We don’t give company owned phones to people, how can we control them accessing information on their mobile devices?
Office 365 has multiple versions of Mobile Device Management (Office 365 MDM and/or Azure Intune) available within the platform. By leveraging these capabilities, you can control what and how they access information with their personal devices.
Intune is required to manage applications and content on BYOD devices. It would take a combination of Microsoft’s Mobile Device Management (MDM), Mobile Content Management (MCM) and Mobile Application Management (MAM) for a full solution, all of which are included in the Azure Intune product stack. In a nutshell, we must ensure device security, limit corporate content to trusted device applications, and ensure corporate content doesn’t bleed into other applications and compromise security.
18. Does O365 encrypt emails being sent via Outlook?
When properly configured, Office 365 based users can send and receive encrypted email.
This FAQ is part of a series. Be sure to subscribe and get notified when there's a new post, or check back soon for the next post in the series!