This article is more than 1 year old

Microsoft crams Office 365 docs into Edge-style sandboxes to thwart malware infections

Your guide to some of the security enhancements announced this week

Ignite Amid the flood of news from Microsoft's Ignite conference in Florida this week, Redmond dropped word of several new features and additions to its cloud services aimed at protecting user data.

Office 365 will be getting additional security protections through Application Guard, the sandboxing tool Microsoft debuted with its Edge browser. The idea is that Application Guard will isolate documents, preventing malicious code from escaping the app and damaging the rest of the system. The feature is currently in limited preview.

"You will be able to open an untrusted Word, Excel, or PowerPoint file in a virtualized container. View, print, edit, and save changes to untrusted Office documents—all while benefiting from that same hardware-level security," said Microsoft Security corporate VP Rob Lefferts. "If the untrusted file is malicious, the attack is contained and the host machine untouched.

Admins will also get additional tools to detect potential malware attacks and account theft in Office 365 with a new set of Advanced Threat Protection compromise alerts and automatic detection tools.

Fluid Framework: same content, collaboration, different applications

Imagine OLE reinvented for the web and that's 90% of Microsoft's Fluid Framework: We dig into O365 collaborative tech


Advanced Threat Protection for Microsoft Defender will also get new alert options to help admins spot and remove cloud apps installed by users without administrator approval. Microsoft says the new features will be "single click," allowing admins to easily zap unauthorized services.

Admins wanting a bit of extra help with their security will be offered an experts-on-demand service through ATP to help with security investigations and assessments. Microsoft also said it will be adding more planning and reporting options for the Secure Score assessment tool.

For Azure, Microsoft is kicking the Sentinel service into general availability. First debuted at RSA earlier this year as a security information and event management (SIEM) system for the cloud platform, Azure Sentinel allows admins to better spot potential attacks.

Even Mac users are being invited in on the security bonanza, as Redmond says later this month it will be rolling out a port of its Enterprise Detection service for Apple fanbois. For those wanting to stick with Windows, Microsoft said its line of firmware-protected secure core PCs are on track to hit the market this holiday season. ®

More about


Send us news

Other stories you might like