When discussing Office 365 capabilities, it becomes clear that many customers need a better way to secure and manage their data in the context of their legal and regulatory needs.

These three topics arise in nearly every conversation:

  1. How well can I control my data?
  2. How well can I secure my data?
  3. How do I know what is happening with my data?

Microsoft understands that offering greater transparency and control is essential to earning and maintaining customer trust — especially for industry verticals to whom security is necessary for compliance.

Therefore, the Microsoft Office 365 E5 plan introduces the following three capabilities, which build upon and deeply enhance security features and controls that have always been a part of the E3 suite: Customer Lockbox, Advanced Threat Protection and Advanced eDiscovery. These features provide “customers with visibility into actions taken” related to their data, enhance security and increase control over access to data in Office 365.

Customer Lockbox Adds Level of Data Access Protection

Although Microsoft has always maintained the practice of allowing as few manual touches to data as possible in Office 365, Microsoft’s server administrators do sometimes have to enter a customer’s environment to fix a problem. When this occurs, Customer Lockbox helps put control of access into the customer’s hands.

All Microsoft administrators go through stringent vetting, including background checks, fingerprinting and annual security training. So, there’s already a “lockbox” process for all maintenance and service that requires access to customer data. For access to any customer environment, the following workflow is in place: (a) The customer requests assistance; (b) A Microsoft engineer receives the request and submits a Lockbox request to access customer data; (c) A Microsoft manager then reviews the request and either approves or rejects it; (d) If approved, the engineer is granted temporary access to a single server with a one-time-use, high-entropy password. For all Office 365 plans, this process is carefully audited and logged, and Microsoft executives review customer data access logs monthly to ensure appropriate use of the process.


microsoft lockbox

Microsoft’s traditional Lockbox process for Office 365 customer data.

Customer Lockbox further extends privacy by including the customer as the administrator of the Office 365 environment in the final step in the approval process. Even after the Microsoft manager gives approval to the engineer, Customer Lockbox sends a notification to the customer if any further action requires approval. In addition, the customer, as the administrator of the Office 365 environment, is given access to review audit logs.


enhanced lockbox

Microsoft’s enhanced Customer Lockbox process.

With Customer Lockbox enabled, data is completely divorced from Microsoft’s standard operational practices; Microsoft has NO access without the customer’s final approval, even after the initial request for assistance, and the ONLY way for Microsoft to gain access to data is through an invitation from the customer.


email notification


An example of the email notification sent to the tenant administrator to approve a Microsoft engineer’s access to customer data.

data access request

Data access requests can be approved or rejected from the admin center where these requests are logged.


Advanced Threat Protection (ATP) Complements EOP

All Office 365 services that include Exchange Online also include Exchange Online Protection (EOP). EOP blocks spam and malware at the IP address level to protect against attackers who may regularly change their email address. EOP also uses machine learning to evaluate mail based on user behavior. For example, how many people have marked a sender as junk, what is the reputation of the sender and how often are they sending bulk messages? The administrator then has the ability to create policies around how potentially malicious mail is handled and who is notified.

Advanced Threat Protection (ATP) builds upon EOP’s anti-malware capabilities that not only include protection against known threats, but also protect the company from previously unknown threats (zero-day attacks).


exchange admin center

The Exchange Admin Center allows easy configuration of policies related to potential malware.


ATP first uses its “Safe Attachment” technology to send mail through its sandbox environment’s detonation chamber. Within the detonation chamber, key aspects of the message are studied — is it running an executable, requesting access privileges or calling registry keys? Based on the message’s behavior, it is classified on a risk-level continuum from low to medium to known spammer.

malicious attachment

A malicious attachment redirected to the administrator based on this administrator’s policy.

The administrator is able to set advanced policies dictating behavior of messages containing questionable attachments.

Another technology utilized is called “safe links.” When a user opens an email that includes a link, it opens in a protective shell to protect the device and network from malicious websites.


users notified

Users are notified if a malicious link is clicked. Administrators can adjust policies to block users from continuing to these websites.

Where EOP provides time-of-delivery protection, ATP further protects users with time-of-click protection, because attackers often switch the destination of the link after emails have been received.

Administrators are given deep reporting tools that enable them to analyze every click.


advanced threats

An example of an Advanced Threat Protection (ATP) reporting dashboard. Admins have full visibility into actions taken by ATP.

Office 365 Advanced eDiscovery Improves File Sorting for Discovery

Microsoft already changed the face of eDiscovery with E3’s portal-based “eDiscovery Center,” a user-friendly interface for discovery across all user data, including email and SharePoint online content. Office 365 Advanced eDiscovery enables customers to bring additional data with network connectivity and drive shipping. Due to a recent acquisition by Microsoft of the eDiscovery firm Equivio, a number of truly advanced eDiscovery technologies are now built into the E5 offering.

According to a Bloomberg report, more than 90 percent of U.S. corporations topping $1 billion in revenue were engaged in litigation in 2009 at an average per-case eDiscovery cost of $1.5 million. The absolute best internal solutions are vital for avoiding non-compliance fines and worries.

With E3’s eDiscovery Center, data is always live and up to date, and in-place holds are location- and query-based to reduce the content under isolation.

Office 365 Advanced eDiscovery expands eDiscovery and includes additional machine learning tools to identify relevant data specific to legal and compliance needs. These tools, when used properly, can dramatically cut eDiscovery costs:

  • Themes — utilizes clustering technologies that bring together content on a conceptual level based on common keywords
  • Email threading — reconstructs email threads from unstructured data in order to simplify email review and provide accurate context
  • Near duplicates — reduces the quantity of items needing review
  • Predictive coding — trains the system to identify relevant documents, minimizing the need to manually sift through potential matches

Data sets can then be exported using downloads, electronic discovery reference model (EDRM) XML (a growing industry standard for data exchange that works with most popular review tools), personal storage tables (PSTs), native files, lists and feeds.

Even with these advanced eDiscovery tools, eDiscovery partner relationships are still important due to their expertise in the field of eDiscovery, knowledge of how the tools work and the relationships they maintain within the eDiscovery market.

Pricing and Purchasing Options

The E5 suite is currently available to new customers for a monthly MSRP cost of $35 per user. Existing E3 customers can step up to E5 for an additional $15 per user. Add-on licensing is available for customers who prefer single component add-ons for existing Office 365 plans:


New Office 365 Security Add-ons Price
Advanced Threat Protection $2
Customer Lockbox $2
Office 365 Advanced eDiscovery $8


For more information, contact a CDW account manager or leave a comment below.