{"id":85999,"date":"2018-10-16T09:00:11","date_gmt":"2018-10-16T16:00:11","guid":{"rendered":"https:\/\/cloudblogs.microsoft.com\/microsoftsecure\/?p=85999"},"modified":"2023-05-15T23:09:10","modified_gmt":"2023-05-16T06:09:10","slug":"secure-file-storage","status":"publish","type":"post","link":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/10\/16\/secure-file-storage\/","title":{"rendered":"Secure file storage"},"content":{"rendered":"

\"Image<\/p>\n

This is a blog series that responds to common questions we receive from customers about deployment of Microsoft 365 security solutions. In this series, you\u2019ll find context, answers, and guidance for deployment and driving adoption within your organization. Check out Collaborate Securely<\/a>, the fifth blog in our eight-blog series on deploying intelligent security scenarios.<\/em><\/p>\n

 <\/p>\n

Employees are often tasked with preparing documents that require them to gather expertise from various people, often both internal and external to their organization. This common practice can expose your company data at unsecured points along the way. To mitigate risk, Microsoft 365 has simplified and secured the process of sharing files so that employees can easily gather data, expert opinions, edits, and responses\u2014from only the right people in a single document.<\/p>\n

 <\/p>\n

How can I centrally store information, so it\u2019s discoverable by colleagues but not anyone else?<\/h3>\n

To answer this question, let\u2019s start with storage first, then move to search.<\/p>\n

Store securely<\/strong><\/p>\n

To help your employees easily discover relevant data for their projects and keep that data internal and secure, you can build a team site in SharePoint Online. If your employees need to make their notes or informal insights discoverable, but keep the information secure, deploy OneNote<\/a> and have employees password-protect their notes<\/a>.<\/p>\n

\"\"<\/p>\n

You can deploy OneNote through Microsoft Intune<\/a> to your Intune-managed employee devices, or have your employees sign in with their Microsoft Azure<\/a>\u2012provisioned ID and download OneNote to their devices. The owner of the SharePoint library<\/a>, list, or survey can change permissions<\/a> to let the right people access the data they need while restricting others. You can also empower your employees to build and maintain their own SharePoint Online team with security safeguards that you have established.<\/p>\n

Search securely<\/strong><\/p>\n

Once you\u2019ve set up your team site, SharePoint Intelligent Search and Discovery<\/a> allows both you and your employees to discover and organize relevant information from other employees\u2019 work files across Microsoft 365. It keeps your organization\u2019s documents discoverable only within your protected cloud<\/a>, according to each user\u2019s permission settings. You can also set permissions, so your employees will see only documents that you have already given them access to.<\/p>\n

\"\"<\/h3>\n

 <\/p>\n

How do I make use of automation to ensure that employees have the correct permissions?<\/h3>\n

By enabling a dynamic group<\/a> in Azure Active Directory (Azure AD)<\/a>, you will ensure that users can be automatically assigned to groups according to attributes that you define. For example, if users move to a new department, when their department name changes in Azure AD, rules will automatically assign them to new security groups defined for their new department. By using these Azure AD\u2012based advanced rules that enable complex, attribute-based, dynamic memberships for groups, you can protect organizational data on several levels.<\/p>\n

 <\/p>\n

Deployment tips from our experts<\/h3>\n