I had an interesting discussion recently with a customer about email encryption in Office 365.
M365 - Exchange Online Center
ENow Software's Microsoft Exchange Online blog built by Microsoft MVPs for IT/Sys Admins.
With the ever-increasing number of services and features in Office 365, keeping up with all the changes can be a challenge. Keeping an eye on all the different ways a user can do harm, either willingly or by mistake, is not an easy task, either.
While the on-premises versions of Exchange and SharePoint do offer some form of auditing, many organizations were surprised to find out that things were quite different after their move to the cloud. There was barely any auditing in the beginning, even for tasks performed by administrators, and in other areas it was very limited. (For example, until recently, auditing owner actions was not possible in Exchange Online). It took several years for Microsoft to address those issues, but now we have a role-based, searchable, exportable, unified log across (almost) all Office 365 workloads and operations, as well as the corresponding APIs. In case you are not familiar with the unified audit log, the article "Search the audit log in the compliance center" is a good starting point.
For Exchange administrators, Office 365 is at the forefront of considerations for the future of email. When thinking about Office 365, my initial thoughts are, "what about security, compliance, and 3rd party systems that integrate with my current Exchange On-Premises implementation?" After thinking further about what Office 365 means for any organization, I created this article which dives into a few key considerations for Office 365 as it relates to email and hopefully helps you decide what's best for your organization.
Organization Size and SLA’s
As I started investigating Office 365 I quickly learned that the general perception is that it's great for small companies. Two major reasons that stand out are cost affordability and these organizations have few 3rd party systems that integrate with their current Exchange On-Premises configurations. For large to mid-sized companies the conversation changed a bit; primarily related to organizational SLA models. Microsoft offers a 99% SLA, but this is not on ALL services to be available at the same time. For example, they will not guarantee that ActiveSync, Outlook Web App and mailboxes will have 99% up-time cumulatively. ActiveSync could be down, but mailbox access could be up. What is acceptable to your organization? With all the facts up front you can better set expectations for your company; regardless of size, if you choose to move your email into the cloud.
Security and Compliance