Exchange and Outlook Blog

Microsoft Office 365: Security and On-Premises Requirements

At the Cloud Fest 1-day conference in Denver last week, one of the first things Microsoft's David Chow said during his opening keynote was, "There's no glory in running email anymore." There probably weren't many Exchange Server administrators in the room because there was no laughter. I mean, seriously: when was there ever glory in running email?

The point Chow was making, of course, is that businesses don't want to focus on running an email system such as Exchange, which means that considering a service such as Microsoft Office 365 makes a lot of sense. Let Microsoft make it their business to manage email so that you can focus on whatever your business's goals are. Right? Chow is director of product management for Office 365, so that's a message he's well-positioned to make.

I won't bore you with all the details of the keynote, which in many ways was geared toward introducing the audience to what Office 365 has to offer. However, Chow did make a number of points about the Microsoft service that, even if you've heard them, are worth repeating.

Naturally, security and trust are always top concerns for anyone considering hosted email. In a move to help alleviate some of these concerns for its customers, Microsoft has established a website, The Office 365 Trust Center. On this page, you'll find clear statements of Microsoft's privacy and security policies related to Office 365 as well as multiple links to deeper information. Key to note, Microsoft performs no data mining or analytics on your Office 365 data -- an obvious swipe at Google.

The Trust Center includes information about Microsoft's data center security and how the company adheres to regulatory standards. Office 365 is certified for ISO 27001, a widely recognized security benchmark, and also follows the EU Safe Harbor and EU Model Clauses for all customers. You can view several videos on the Trust Center page that give you a nice overview of the Microsoft data centers and Office 365 operational policies.

Chow's keynote touched on another point about Office 365 that I haven't heard discussed as much. Essentially Chow said that to get to the cloud, there might be some technology you need to deploy on-premises. You're still going to need to manage sign-on and authentication to the cloud, typically with some type of Active Directory (AD) integration. If you want to offer your users a single sign-on experience, or 2-factor authentication, things get more complicated.

Likewise, if your organization needs to maintain a hybrid environment -- some user mailboxes in Microsoft's cloud and others in your own on-premises Exchange Server environment -- you can expect an extra layer of complexity. As an IT pro, there's perhaps something comforting in thinking about this complexity: Just because your company decides to outsource email doesn't mean your job has to go away; it just shifts into different areas.

The other key themes from Chow's keynote centered around availability, resilience, and mobility. In a way, I suppose you could say these are all just facets of what the Exchange team has been talking about as anytime, anywhere access, but here extended to the wider platform of Office 365. With mobile clients now available for Microsoft Lync and mobile integration with SharePoint, it seems clear the company plans to continue in this direction.

The talk about Office 365 and its policy against data mining reminded me of the Microsoft parody about the Gmail Man from last summer. And now I see they've resurrected that spot in response to Google's recent privacy policy changes. Just in case you haven't seen this funny spoof, I'll leave you with a touch of humor today. You can watch the clip below.

Follow B. K. Winstead on Twitter at @bkwins
Follow Windows IT Pro on Twitter at

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.