Enabling greater transparency and control

Over the past few years, we have seen the security environment change and evolve. Cyber threats are reaching new levels, involving the destruction of property, and governments now act both as protectors and exploiters of technology. In this changing environment, two themes have emerged when I talk with our customers – 1) they want more transparency from their providers and more control of their data, and 2) they are looking for companies to protect their data through leading edge security features.

The explosion of mobile devices and cloud applications increases the complexity, as IT juggles the need to protect corporate information while still empowering workers to be productive using the apps and the devices of their choosing. Security has long been a top priority for Microsoft and is a key component in our development process. Security features, including strong encryption, are built into our products and services to protect our customers from cybercriminals, and we continue to drive security innovation and enhance trust boundaries.

At RSA Conference 2015 this morning, I discussed several new and existing security innovations that give Microsoft cloud customers’ greater transparency and control over their data in the Microsoft cloud.


As I stated last year at RSA, we strongly support a more open discussion on current data access policies. It is vital that the industry remains principled in its approach to security, privacy and transparency. But it is also important that we bring to life features and functionality that extend our transparency.

  • Today we are announcing enhanced activity logs of user, admin and policy related actions, which customers and partners can tap into and use as Security and Compliance signals through the new Office 365 Management Activity API. The API can be built into solutions for monitoring, analysis and compliance assurance. The solutions built with this API will provide organizations with greater visibility into actions taken on their content, for example alerting them to potential security threats and compliance concerns. Select partners participating in a pre-release program have already built early solutions using the new API, which we will release more broadly this summer as part of a private preview program. Interested customers and partners can sign up here to be included in the preview program. Learn more on the Office 365 blog.
  • For the purpose of maximizing data security and privacy, we have engineered the Office 365 service so that a majority of service operations are fully automated requiring no human interaction. In the very rare instances when a Microsoft engineer needs to log into the Office 365 service to resolve a customer issue, they need to go through multiple levels of approval within Microsoft. By the end of this year, we will enable a new Customer Lockbox for Office 365, which brings the customer into the approval loop so that they can approve or reject a Microsoft engineer’s request to log into the Office 365 service. Customer Lockbox significantly enhances both transparency and customers’ control over their content in Office 365. Learn more on the Office 365 blog.
  • Over the past month, we have discussed several new security innovations that will be coming to Windows 10. With Windows 10 Device Guard, we are enabling the Windows desktop to be locked down in a way that makes it incapable of running anything other than trusted apps. This protection is even resilient against an attacker or malware that has gained full system privilege.


Microsoft has long been committed to enabling customers to control their data by providing transparency into where it is stored, who can access it, and how Microsoft helps secure it. But customers are also now looking to have greater control over the level of security surrounding their data. We are driving innovation that will help customers take control, anticipate and prepare for new security and privacy challenges.

  • Today, Office 365 encrypts customer content at rest and in transit. In 2014, we implemented content level encryption with per-file encryption in SharePoint Online and OneDrive for Business. In the coming months, Office 365 will implement content level encryption for email in addition to the BitLocker encryption we offer today. In addition, we are working on additional security features that build upon these content level encryption enhancements. In 2016, we expect to enable the ability for customers to require Microsoft to use customer generated and controlled encryption keys to encrypt their content at rest. Should a customer choose to leave the Office 365 service, these encryption keys provide them the ability to fully revoke Microsoft’s access by leaving their content in an inaccessible state.
  • In January, we announced the preview of Azure Key Vault. Since our initial announcement, we have seen strong interest in Key Vault from customers and partners alike. In the coming months, several Azure services and partner solutions will also be announcing integration with Key Vault for encryption-at-rest, and securing passwords and other secrets. We’re also working with industry leaders like Barracuda, Check Point, Fortinet, Websense, Palo Alto Networks, F5 and Alert Logic to enable a variety of appliances such as load balancers, WAN optimizers and network security appliances in Azure.
  • We recently announced at WinHec two new identity related features that will be coming to Windows 10. Microsoft Passport, is a new two factor authentication designed to help consumers and businesses securely log-in to applications, enterprise content and online experiences without a password. In addition, we announced Windows Hello, which provides instant access to your devices and your Microsoft Passport through biometric authentication – using your face, iris or fingerprint to unlock your devices – with technology that is much safer than traditional passwords.
  • We have also seen incredible customer reception to our enterprise mobility offerings, growing our install base by 6x just in the last year. The Microsoft Enterprise Mobility Suite (EMS) brings customers enterprise grade cloud identity and access management, mobile device management and mobile app management, and data protection. EMS integrates deeply with Office365 services including Exchange Online, SharePoint Online and Skype for Business to enable productivity across devices with Office mobile apps.

In addition to greater control of their data, companies also need their technology to adhere to the compliance standards for the industries and geographic markets in which they operate. Customers can expect Microsoft to continue leading the industry in the adherence of our cloud services to industry certifications and standards.

Microsoft is unique in the breadth of mobile and cloud offerings we provide. As a result, customers benefit from a wide range of security, privacy and compliance offerings that scale across Windows and the various cloud services we deliver, from our cloud platform Microsoft Azure, to mobile offerings like our Enterprise Mobility Suite, to SaaS offerings like Office 365 and CRM Online.

We are enabling innovation and reinventing business processes – doing it responsibly with intelligent security solutions. Look for more information to follow on the above innovations in the coming months.

Tags: ,