Microsoft Forms, Power Automate, SharePoint Security, Backup and Sever Management

Yoon, Yina 20 Reputation points


Could you confirm that my below understanding is correct?

Microsoft Forms, Power Automate, and SharePoint are products of the Microsoft Corporation. Microsoft Forms and Power Automate are hosted on the Microsoft Azure cloud platform, and SharePoint is also a cloud service managed by Microsoft.

Microsoft provides security, backup, and server management for these cloud services, ensuring that your data is stored and managed securely.

  • How to protect your data

To protect your data, Microsoft 365 requires two-step verification of your identity. This prevents credentials from being used without a second factor and mitigates the impact of a compromised password.

  • How to protect data in transit and at rest

When a user uploads a document in Microsoft SharePoint, the data is transferred from the user's device over the Internet to a Microsoft data center, or between Microsoft data centers in different geographic regions. These data transfers are protected using encryption and only allow secure access. We don't make authenticated connections over HTTP, but instead redirect to HTTPS.

Data at rest is protected in the following ways

  • Physical protection: Only a limited number of essential personnel have access to the data center and their identities are verified with multiple authentication factors, including smart cards and biometrics. There are on-premises security personnel, motion sensors, and video surveillance, and intrusion detection alerts monitor for unusual activity.
  • Network protection: Networks and identities are separated on Microsoft's network.

Dedicated Active Directory domains are used to manage services, test and production domains are separated, and the production domain is divided into multiple isolated domains for reliability and security.

  • Application security: Engineers who build features follow a secure development lifecycle. Automated and manual analysis helps identify possible vulnerabilities, and the Microsoft Security Response Center helps triage incoming vulnerability reports and assess mitigations.
  • Content protection: Data is encrypted at the disk level using BitLocker encryption and at the file level using keys.

The Microsoft 365 Anti-malware engine, software for detecting and removing malicious code from computer systems, scans documents upon upload to check for content that matches anti-virus signatures (pattern data for detecting malware), which are updated in real time. To limit the risk of content being downloaded to untrusted devices, synchronization is limited to devices in the specified domain.

  • To manage content at rest

Configure information rights management policies to restrict content downloads from SharePoint document libraries.

Evaluate your use of Azure Information Protection. Azure Information Protection is a cloud-based information protection service for identifying, classifying, and protecting confidential information created and shared within an organization. With Azure Information Protection, you can classify information such as documents, emails, and files created in your organization and control access to that information. It also provides a plan of action in the event of a breach, which can help keep confidential information safe.

  • Highly available, always recoverable

Data centers are geographically distributed and fault-tolerant. Data is mirrored in at least two data centers to mitigate the impact of natural disasters or service-impacting outages. Metadata backups are retained for 14 days and can be restored to any point in time within 5 minutes, and in the event of a ransomware attack, can be rolled back using version history (enable and configure versioning for lists or libraries) and restored using the Recycle Bin or Site Collection Recycle Bin. If an item is removed from the Site Collection Recycle Bin, you can access the backup by calling Support within 14 days.

  • Continuous validation

To keep your data center secure, we continuously monitor it, and it starts with inventory. An inventory agent scans each subnet looking for neighbors and performs a state capture for each machine. Once you have an inventory, you can monitor the health of your machines and remediate issues. The inventory security patch train applies patches, updates antivirus signatures, and stores known good configurations. There is role-specific logic to ensure that only a certain percentage of machines are patched or replaced at a time. Have automated workflows to identify machines that don't meet policy and queue them for replacement.

The "red team" in Microsoft 365 is made up of intrusion specialists who look for every opportunity to gain unauthorized access. The "blue team" consists of defense engineers who focus on prevention, detection, and recovery. They build intrusion detection and response technologies.

SharePoint Server
SharePoint Server
A family of Microsoft on-premises document management and storage systems.
2,291 questions
SharePoint Server Management
SharePoint Server Management
SharePoint Server: A family of Microsoft on-premises document management and storage systems.Management: The act or process of organizing, handling, directing or controlling something.
2,889 questions
0 comments No comments
{count} votes

Accepted answer
  1. Emily Du-MSFT 43,831 Reputation points Microsoft Vendor

    Yes, the understanding about Security, Backup and Sever Management of Microsoft Forms, Power Automate, SharePoint is correct.

    If there is any question, please feel free to let me know.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    1 person found this answer helpful.
    0 comments No comments

0 additional answers

Sort by: Most helpful