Hello and welcome back to this Microsoft 365 Fundamentals. Course, My name is Kristen Mico and I'm taking me through. We are currently
midway through module 32 We're currently talking about security. We're gonna be continuing on with encryption. So let's get started
in Microsoft 365 is probably a big there. This is quite a big statement, I would say in Microsoft 365 All data is encrypted by default and that's how it should be for data at rest. Data is encrypted at the physical disk with bit locker andan applications with service encryption.
So data in transit is therefore encrypted with what we call transport layer security
as it moves across the network. If you've ever seen if you have gone on to websites toe purchase something they will use TLS to as part of the encryption procedure. For more granular control of data while it's in movement, you can also encrypt data at a content level with message encryption
in emails on does your information protection
as well and also you can use customer keys. If you ever heard of the public private keys or shared keys or any kind of anything to do with encryption keys. That's you're looking at the right thing there. That's what customer keys were involved with this? Well,
all right. So we won't spend too long on encryption because it's a massive thing and is way, way bigger than marks or 365 fundamentals, that's for sure.
All right, let's have a look at zero standing access, then so zero standing access is a fancy way for saying you can loan out my details on Microsoft calls it the customer lockbox.
So they do have a nice, snazzy image, which I've pink ified because I like the color pink on a black background, as you can see with my little, uh, background in the top top Ryan Corner. But effectively the customer, if they need help,
they would contact Microsoft and never see much softer side an engineer to the ticket.
Now the engineer does his work and then realizes that he needs to do something specifically on the customer's account. So he then submits a request using what they call the customer lockbox system
Andi. This will then send an approval request so that they have multiple people from Microsoft looking at basic request. So you've got one is the engineer and then two is the manager on? Basically, the manager will look at it and he'll say, Yes, it seems valid. I
I've looked at the ticket. I've seen the problem and I understand why the engineer is asking for those details,
so he'll approve it. If he doesn't, then it will. That will basically go back to the engineer to carry on working on the ticket. But hopefully he'll approve it because the engineer is forthright and only has the best intentions for our customer.
So once it's approved by Microsoft right here, it then goes back to the customer
on the customer goes, Hey, here's my details and you can see them handing over their bits So the customer approves it and they go yet I understand the managers had to look at it. The engineers had to look at it, and it makes sense to me. So I'm gonna put my details in there.
Once they click, submit and they send it off. The engineer receives an email going. This customer has given you their lock box details.
Now, what this means is is that he can't actually see the details, but he can use the lockbox to pass those details across to whatever system is that he needs to log in as the user
thistles. Very smart in the way it's designed because it means that the user at no point has to actually give their details to the engineer. The engineer can just say, Look, would you mind doing this for you? If you think of it in a physical analogy is
you go around a friend's house and you're sat in front of the machine and the machine pops up with the admin.
If you ever seen the the admin prompt that pops up when you tried to install something, then you kind of past the keyboard to them and go. Excuse me, would you mind typing in your password for me on? Then they give you the keyboard back, that zero standing access. They haven't given you that password. They typed it. They've accessed it themselves,
and they temporarily given you access the same principle just done over the cloud environment.
And this is what we call privileged access management. It's a very key thing on Microsoft will call it the customer lockbox, but the official name for it is zero standing access. All right, keep that in mind. These are the same thing.
All right, let's stop there, shall we? As you can see, the next part up his data Discovery requests where we go into how people can get hold of their information. We're going to stop here. We're gonna come back for a part, too, because it is a long section on. Duh. I will see you there.