Office 365 DFARS Frequently Asked Questions (and Answers) - Part 5

    There are a lot of questions surrounding the upcoming DFARS requirements for DoD Contractors. What does it mean for your business? What happens if you're not compliant in time? To help guide you through the process, here are some questions and answers that you may need to know.  

    DFARS_FAQ_24.png24. How does Office 365 secure personally identifiable information (PII)?

    Microsoft Data Loss Prevention allows an organization to continually monitor for PII and many other types of compliance data across Exchange Online, OneDrive for Business and SharePoint Online.




    25. Does O365 provide documentation and material in case of an incident?

    Office 365 can provide audit and activity reports that are crucial to properly documenting and responding to an incident.



    DFARS_FAQ_26.png26. If O365 requires licenses for every user, what is the best way to work with subcontracts when having to share documents and access information? Do we provide them licenses or do they use their own?

    Office 365 provides the ability of external users to access information within the customer’s environment when invited by a licensed user and allowed by the security configuration of the organization.  Depending on the specific needs and requirements, this may be enough to provide the external needs of your user base. 


    DFARS_FAQ_27.png27. Does O365 provide any remediation strategies for after an incident occurs?

    Microsoft does not dictate specific procedural controls for an organization when responding to an incident.  These vary by organization and may or may not include technical controls from within Office 365. 

    DFARS_FAQ_28.png28. Can Microsoft employees access our tenant data? What controls are in place to keep our data private?

    Microsoft is not able to access your data without your consent.  Please see the Microsoft Privacy Policy for detailed information.  If you provide consent during a support request, a Microsoft support technician can gain access to your tenant for the specific incident that is bounded by a specific time requirement. 

    If you would like to further limit this access, Microsoft highly recommends enabling your Customer Lockbox. Once enabled, Microsoft can only access the content that you allow access to through the Customer Lockbox.

    Note: This FAQ is part of a series. Check out the previous FAQ's here: FAQ #1FAQ #2, and FAQ# 3, and FAQ #4

    Be sure to subscribe and get notified when there's a new post, or check back soon for the next post in the series!

    New Call-to-action



    Subscribe Here!

    Recent Posts

    Posts by Topic

    see all