Security features were emphasized in Microsoft's keynotes, and among the product announcements at this year's Ignite were two new features added to the Office 365 Advanced Threat Protection: URL Detonation, which analyzes hyperlinks in files to see if they lead to malicious sites, and Dynamic Delivery, which scans file attachments for security threats -- yet lets users preview the content without delay.
I spoke with Alym Rayani, the director of Office Security and Compliance, about some of the new security features coming to Microsoft Office 365.
Q. Let’s talk about how Office 365 Advanced Threat Protection protection is getting extended to Word, Excel, PowerPoint, SharePoint Online and OneDrive for Business. Are there protection features that are specific to each application?
A. In general, there are umbrella features that look for all kinds of attacks. The two most common attacks come through attachments and links, so we’re looking for instances where those might be present and there’s risk. Links and attachment sharing isarewhere we’re going to roll out to protect our customers. That’s why we’re starting with email, but you’ll see us providing more depth and more breadth across our application stack.
Q. Are there concerns specific to OneDrive?
A. Certainly, file-sharing services are one of those places where attachments are moving around. Either your file comes through a 3rd-party file sharing service or email, you’re getting the protection.
Q. Let’s talk about "dynamic delivery," which "enables users to receive email immediately with a placeholder attachment while the actual attachment undergoes scanning.” What information can people see in the attachments? Are there specific file types this works on — or is it on any attachment?
A. Everyone needs email faster — we’re trying to keep it secure without losing productivity. With dynamic delivery, we're trying to reduce latency. A typical attachment takes three to four minutes to scan — we’re trying to push the performance envelope but it will never be zero. So what we did is take the useful info out of the attachment, then go off and scan the attachment. And because the customer has the mailbox with us, we can put the attachment in once we're done scanning.
Q. The tools here are mostly for offsetting user gaffes and pooling intelligence. What about actively trying to shape user behavior to reduce incidents overall?
From the security perspective, we’re just starting to get into the intelligence aspect of it. The whole goal is to make Office 365 easier to administer, so it’s a natural place we’re going. We haven’t done anything from the end user perspective, but in the future, if we see that it benefits the customer or people ask for it, we’ll do it.
We’re trying to focus on the right alerts and the right information to alert people.
Advanced Threat Protection has been in market 15 days and we’re getting a good amount of customer feedback.
Q. What is some of the customer feedback?
A. Dynamic delivery was born out of a demand from customers to move faster through email scanning. The reports are a response to what users wanted to see. They wanted to see how security threats moved across organization - -we’re bringing a broader view, a broader perspective.
Q. Do individual users have cause to be concerned about these monitoring tools and what they're scanning?
A. Security is more effective when you can see trends. It’s less the notion “my boss is watching me” and more the notion “how is the system looking and what’s happening?” On the analytics side, we certainly emphasize privacy.