Quick Tip: Office 365 Service Trust Portal
The Office 365 Service Trust Portal (STP) is a service feature in Office 365 designed to provide deeper information on how Microsoft manages security, compliance and privacy.
Through the STP you can get direct access to a wide variety of compliance / audit reports and trust resources, including SOC and ISO documentation.
In addition to the various resources referenced above, the following is a sample of the other content available through the Service Trust Portal:
| Title | Abstract |
| Office 365 Secure Score (currently in preview) | The Office 365 Secure Score is designed to help you analyze and act to improve your security risk in Office 365…think of it as a credit score for your security. | Blog: Finding and Fixing Risk in Office 365 |
| Auditing and Reporting in Office 365 | Describes the auditing and reporting features in Office 365 and Azure Active Directory and the various audit data that is available to customers via the Office 365 Security & Compliance Center, remote PowerShell, and the Management Activity API. |
| Controlling Access to Office 365 and Protecting Content on Devices | Describes the Conditional Access features in Office 365 and Microsoft Enterprise Mobility + Security, and how they are designed with built-in data security and protection to keep company data safe, while empowering users to be productive on the devices they love. |
| Data Encryption Technologies in Office 365 | Provides an overview of the various encryption technologies that are used throughout Office 365, including features deployed and managed by Microsoft and features managed by customers. |
| Data Resiliency in Office 365 | Describes how Microsoft prevents customer data from becoming lost or corrupt in Exchange Online, SharePoint Online, and Skype for Business, and how Office 365 protects customer data from malware and ransomware. |
| Defending Office 365 Against Denial of Service Attacks | Discusses different types of Denial of Service attacks and how Microsoft defends Office 365, Azure, and their networks against attacks. |
| Microsoft Threat, Vulnerability, and Risk Assessment of Datacenter Physical Security | Provides an overview regarding the risk assessment of Microsoft datacenters, including potential threats, controls and processes to mitigate threats, and indicated residual risks. |
| Office 365 Administrative Access Controls | Provides details on Microsoft’s approach to administrative access and the controls that are in place to safeguard the services and processes in Office 365. For purposes of this document, Office 365 services include Exchange Online, Exchange Online Protection, SharePoint Online, and Skype for Business. Additional information about some Yammer Enterprise access controls is also included in this document. |
| Office 365 Customer Security Considerations | Provides organizations with quick access to the security and compliance features in Office 365 and considerations for using them. | Office Blog Announcement |
| Office 365 End of Year Security Report and Pen Test Summary 2015 | Office 365 End of Year Security Report and Pen Test Summary for CY 2015. |
| Office 365 Mapping of CSA Cloud Control Matrix 3.0.1 | Provides a detailed overview of how Office 365 maps to the security, privacy, compliance, and risk management controls defined in version 3.0.1-11-24-2015 of the Cloud Security Alliance's Cloud Control Matrix. |
| Office 365 Risk Management Lifecycle | Provides an overview of how Office 365 identifies, evaluates, and manages identified risks. |
| Office 365 Security Incident Management | Describes how Microsoft handles security incidents in Microsoft Office 365. |
| Privacy in Office 365 | Describes Microsoft’s privacy principles and internal privacy standards that guide the collection and use of customer and partner information at Microsoft and give employees a clear framework to help ensure that we manage data responsibly. |
Additional Resources: