Security Configurations feature functionality for SharePoint Online, Microsoft Teams, and OneDrive for Business in M365

First things first, let us get the terms straight. The following is a list of Microsoft 365 integrated features in SharePoint Online, OneDrive and Team:

1.??????User Authentication: This option refers to the different ways in which users can authenticate to access these services. Multi-Factor Authentication (MFA) requires users to provide an additional form of authentication, such as a code sent to their mobile device, in addition to their password. Conditional Access allows organizations to define access policies based on a user's location, device, or other factors. Password Policies enable organizations to enforce strong password requirements, such as minimum length and complexity. Account Lockout Policies help prevent brute-force attacks by locking out a user's account after a certain number of failed login attempts.

?

2.??????Data Encryption: Data Encryption at Rest and in Transit protects data from unauthorized access. Data Encryption at Rest ensures that data is encrypted when it is stored, while Data Encryption in Transit ensures that data is encrypted when it is transmitted over a network. Customer Key allows organizations to control and manage their own encryption keys, providing an additional layer of security.

?

3.??????External Sharing: This option enables users to share content with external users outside the organization. Sharing Links with Expiration means that shared links expire after a certain period, limiting the amount of time that content is accessible. Guest Access with Approval and Control enables organizations to approve or deny external access requests and control what external users can do with the shared content. External Sharing Report provides information on who has access to shared content.

?

4.??????Compliance: Compliance Manager and Compliance Score help organizations assess their compliance posture against industry and regulatory standards. Data Loss Prevention (DLP) helps prevent the accidental sharing of sensitive information by monitoring and blocking attempts to share such data. Retention Policies allow organizations to retain content for a certain period before it is automatically deleted. eDiscovery enables organizations to search for and export content for legal or compliance purposes.

?

5.??????Device Management: Mobile Device Management (MDM) and Mobile Application Management (MAM) enable organizations to manage and secure mobile devices and apps used to access these services. Intune Integration enables organizations to use Microsoft Intune, a cloud-based endpoint management solution, to manage devices and apps.

?

6.??????Threat Protection: Advanced Threat Protection (ATP) provides advanced protection against sophisticated threats, such as phishing and malware attacks. Anti-Malware Protection helps protect against malware and viruses. Safe Attachments and Safe Links provide additional protection by scanning email attachments and links for malware and other threats. Office 365 Threat Intelligence provides insights into threats and helps organizations prioritize their response to them.

?

7.??????Identity and Access Management: Azure Active Directory (AAD) provides identity and access management for these services. Identity Protection helps identify and remediate potential identity threats, such as compromised credentials. Privileged Identity Management (PIM) helps organizations manage and monitor privileged access to these services. Access Reviews enable organizations to periodically review and verify access to these services.

?

8.??????Auditing and Reporting: Audit Logs and Audit Reports provide detailed information on user activity, such as logins, file accesses, and administrative actions. Activity Alerts provide notifications for specific user activities or events. Usage Analytics provides insights into how these services are being used, such as which files are being accessed and how often.

?

General availability table of security configuration options for SharePoint Online, Microsoft Teams, and OneDrive for Business: Since SharePoint Online and OneDrive for Business work on the same architectural framework, they are interlinked to MS Teams.

Security Configuration Options/Capabilities

?

?Changing any of the security control can impact the features and capabilities of SharePoint Online, Microsoft Teams, and OneDrive for Business in the following ways:

?

1. Disabling user authentication controls can make it easier for unauthorized users to access resources.
2. Disabling data encryption controls can make sensitive information vulnerable to theft or exposure.
3. Disabling external sharing controls can prevent collaboration with external users or organizations.
4. Disabling compliance controls can result in noncompliance with regulatory and legal requirements.
5. Disabling device management controls can make it harder to secure and manage devices that access organizational resources.
6. Disabling threat protection controls can increase the risk of cyber attacks.
7. Disabling identity and access management controls can make it harder to manage and control user identities and access to resources.
8. Disabling auditing and reporting controls can make it harder to detect and investigate security incidents and compliance violations.

?

Table below shows the impacts of toggling any of the security-based control on SharePoint Online, MS Teams and OneDrive for Business

?Security configuration is an essential aspect of managing the data and resources of an organization. In SharePoint Online, Microsoft Teams, and OneDrive for Business, there are several security configuration options that organizations can toggle to secure their data and resources.

?

The security configuration options can be broadly categorized into eight categories.

?

1.??????User Authentication

2.??????Data Encryption

3.??????External Sharing

4.??????Compliance

5.??????Device Management

6.??????Threat Protection

7.??????Identity and Access Management

8.??????Auditing and Reporting.

When toggling a security control in SharePoint Online, Microsoft Teams, and OneDrive for Business, it impacts the features and capabilities available to users within the organization. For example, enabling Multi-Factor Authentication (MFA) as a security control can increase the security of the user authentication process. However, it may require additional steps from the user when logging in. Enabling Data Encryption at Rest and in Transit can help protect data when it is stored and transmitted, but it may impact the performance of the service.

?External Sharing controls can help organizations manage how resources are shared with users outside of the organization, which can impact the collaboration capabilities available to users. Compliance controls can help organizations adhere to legal, regulatory, and industry-specific requirements, but it may require additional effort to manage and enforce compliance policies.

?

Device Management controls can help organizations manage and control the devices used to access organizational resources, but it may limit the devices and applications available to users. Threat Protection controls can help organizations protect against cyber threats, but it may impact the performance of the service and the user experience.

?Identity and Access Management controls can help organizations manage and control user identities and access to resources, but it may limit the flexibility and agility of the organization. Auditing and Reporting controls can help organizations monitor and report on activities within the organization, but it may impact the performance of the service and the user experience.

Please follow me for more articles and useful tips!

linkedin.com/in/komaro

linkedin.com/legasystems

youtube.com/legasystems