Solutions for Microsoft Office 365 Email Security

Microsoft Office 365 is quickly becoming the go-to option for email collaboration in the cloud.

Office 365 gives you all of benefits of Exchange, without the administration costs of an on-premise solution. With Office 365, your email system will always be up-to-date, and your users have access to their email anytime, anywhere. Microsoft even guarantees 99.9% uptime! With this in mind, it is no surprise that a recent survey of IT decision makers found that 37% of organizations moving to the cloud will choose Office 365 within the next 24 months or less.1  But even with the noted benefits, there are security and archiving limitations that must be considered.

Office 365: Security Limitations

Office 365 features a number of security capabilities, including antivirus and antispam filtering, and it includes physical access controls that use multiple authentication schemes at its data centers that are managed by Microsoft Global Foundation Services. Even with these security features, there are some security functions that are missing, including:

  • Spam Quarantine – There is no end-user access to spam quarantine. Exchange Online Plans 1 and 2 do not provide for administrator management of the quarantine.
  • Spam Filter Support – Redundant spam filters (in parallel with Office 365’s built-in spam protection) are not supported.
  • Advanced Threat Protection – Office 365 does not include advanced and targeted threat protection techniques—such as real-time link following—to emulate the contents for malware.
  • Blacklist Support – There is no support for blacklists in Office 365 P1.
  • URL Reputation – There is no means by which to take action on an email containing a link strictly based off the URL reputation alone.
  • Spam Reports – Neither the Small Business nor Small Business Premium product provide reports of received or sent spam, or malware detections in received or sent email.
  • Inbound Protection/Detection – Phishing and spear phishing detection capabilities are not included in Office 365.
  • Mobile Security – There is no support to help users determine whether a link received in email their mobile device safe.
  • Filtering – Instant messaging and file filtering are not available.
  • Data Provisioning – Multiple-tenant architecture means that multiple customer environments are running on the same server. Data can be stored on dedicated hardware, but there is an additional cost for this service.

Based on these security concerns, it is apparent that Office 365 could leave your organization vulnerable to attacks and it does not provide the full protection that an enterprise needs. But there’s more!

Want more information? Click HERE to download this FREE PDF “Why Third Party Archiving is Essential to Office 365”

Office 365: Archiving Limitations

Important Considerations with Office 365 Archiving

Exchange Online/Office 365 Archiving is great for organizations that want to archive Exchange or Office 365 email. However, there are several deficiencies you need to be aware of before you make the commitment, especially if you are in a highly regulated industry. Office 365 Archiving lacks critical capabilities which leaves your organization at risk for data loss and compliance violations.

  • No Archiving Support For Additional Email Platforms – Office 365 does not archive Google Apps or GroupWise email.
  • No Support For Monitoring & Archiving Mobile Devices – Office 365 does not archive iOS, Android or BlackBerry.
  • No Support For Monitoring, Alerting & Archiving Social Media – Office 365 does not monitor or archive your employees social media posts on services like Facebook, Twitter, LinkedIn, or Yammer.
  • No Support For Monitoring, Alerting & Archiving Instant Messaging – Office 365 does not archive instant message communication like Google Talk/Chat, AOL IM (AIM), and Yahoo! Messenger.
  • No Support For Monitoring, Alerting & Archiving Web Searches – What are your employees searching for on Bing, Google, Yahoo!, Wikipedia and YouTube?
  • No direct access to your data – Your messaging data is stuck in the Microsoft cloud. What happens if it goes down, or you need to move your data on-premise, or to another platform.
  • No support for PDF export – Archived data export in Office 365 is limited to PST format. Organizations may need or want other exporting formats, including PDF for eDiscovery and court mandated searches. PST export also has potential for lost metadata.
  • No Stand Alone Archive Viewer – No ability to export the archive to a stand-alone format for external teams for eDiscovery.
  • No Centralized Access to all social, mobile, or email electronic communication – You cannot access multiple email platforms running mixed environments, nor have centralized access to all archived email, social media or mobile communications.
  • Lack of single-instance storage (SIS) – Multiple copies of the same message, attachment and appointment are archived in each recipient’s mailbox, increasing storage space needs.
  • No ability to search, access or publish your other electronic intellectual property for regulatory investigations or eDiscovery – Office 365 only archives your organization’s email. How will you perform discovery for other forms of electronic data, including files, documents or other unstructured data for litigation & compliance requests.
  • Difficulty migrating platforms and potential data loss – If your organization decides to migrate to a new email platform, you would have to export the archive to PST files and download the exported files. The PST files would then need to be imported into the new archive. This migration path could cause the loss of metadata information, and does not allow for complete data migration.

A Third-Party Solution is Needed for Archiving and Security in Office 365

Office 365 is a great collaboration solution from the world’s leading software company. It provides a number of useful features that your organization needs for collaboration. And to ensure full protection and compliance, you must implement third-party archiving and a complete security solution, like GWAVA Messaging Security and Retain Unified Archiving. Third party archiving, the solution. Click for more information about the need for third-party archiving in Office 365.


1. Proskauer:  Social Media in the Workplace Around the World 3.0 Survey

Photo Credit: Cloud Protection – Cityscape by Perspecsys is licensed under CC BY 2.0 (edited wording)

Information for this post was obtained from the Osterman Research Whitepaper, “The Need for Third-Party Security, Compliance and Other Capabilities in Microsoft Office 365” 

Avatar photo
Share this post:

Leave a Reply

Your email address will not be published. Required fields are marked *