The latest versions of Office applications and useful business tools accessible anytime, anywhere
China
China
Cloud App Microsoft 365 - Main Features -
A cloud solution optimized for the Chinese market, aligned with Chinese business practices, laws and regulations.
Office 365 Features
Use both the installation version and online version of Office applications!
So long as you have a web browser, Office Online enables you to use Word, Excel, PowerPoint, and OneNote with devices that do not have Office installed. In addition to viewing documents, you can perform basic editing.
Office applications can be installed on up to 15 devices per ID.
Applications are licensed on a per user basis, not a per device basis. The license allows each user to install the applications on up to 15 devices. Therefore, you can use Office applications from your desired devices according to your purposes-- for example, use a PC in the office, a tablet when you are outside the office, and your Mac at home when working from home.
Concurrent editing dramatically reduces rework
A file stored on SharePoint can be opened and edited simultaneously by multiple people using Office applications or Office Online. You can see who is editing which part of the file, enabling you to dramatically reduce rework.
The latest versions of applications are automatically applied from the cloud
For Microsoft 365 Apps for business/enterprise, once an application has been upgraded to the latest version on the cloud, the application is installed automatically, sparing the system administrator the trouble of updating the application (you can choose how to apply updated programs). Thus, you can continuously use Office applications to which the latest features and security updates have been applied.
Other features
- Automatic application of the latest security updates
Standard 50 GB large-capacity mailbox
Office 365 offers a 50 GB mailbox as standard. You can create a personal archive mailbox and maintain the archive online.
Peace of mind thanks to thorough spam countermeasures
In addition to detecting spam by multiple filters including sender, receiver, and sender ID, past detection results are also employed.
Further, you can configure settings to receive only emails sent from specific domains and written in specific languages. In addition, Exchange Online Protection, a feature that enables multi-layered defense, is provided as standard.
Check your team's schedule immediately
Check the group schedule to know your team members' schedules. You can check a selected member's schedule to learn when he/she will be free, helping you to adjust your team's meeting schedule.
Use the features from almost all devices
In addition to PCs and Macs, you can use the features from almost any kind of device through a web browser, dedicated app, or ActiveSync.
Because data is managed on the cloud, devices synchronize automatically.
Other features
- Schedule management
- Facility/equipment reservation
- Contact management
- Task management
Permissions management per file, library, and site
SharePoint allows you to manage permissions--for example, per file, library, or site.
If you store files on SharePoint or OneDrive for Business, you can directly specify the persons who need to share each file from an Office application.
Team site to facilitate information sharing
You can use a team site for sharing information on a team or project basis. By using a template, you can easily build a message board for sending out information and a document library for collaborative work.
OneDrive for Business: large-capacity personal storage
OneDrive for Business allows you to use personal storage of up to 1 TB per ID.
By using the OneDrive for Business synchronization app, you can synchronize OneDrive for Business with local device folders.
Other features
- Document management function
- Building sharing sites easily using templates
User-friendly interface
Easy synchronization between the cloud and PC
Access from anywhere using multiple devices
Efficient collaboration
Other features
- Secure, safe, useful cloud storage
- Storage capacity: 1 TB (assigned per Office 365 user)
- Manage application versions.
- Use the apps offline, too.
- A synchronization app is also available.
Communication tools for enhanced teamwork
Use features such as online meetings, phone calls, chat, file sharing, and real-time collaboration.
Create a team for a customer's project to realize prompt communication.
EMS
User authentication, devices, applications, and data are properly managed and protected for enhanced security
Cloud-based authentication brings Office 365 and Intune together
Authentication base provided as a cloud service
Because the authentication base is provided as a cloud service, you can authenticate from anywhere.
Access business applications in a secure environment from any device, whether in or outside the office.
Linkage with various SaaS apps on the Internet
You can use the same authentication method for a variety of applications provided by Office 365.
Since you no longer have to manage the ID and password per application, you can reduce the risk of loss of IDs and passwords.
Secure single sign-on (SSO)
Configure multi-factor authentication and conditional access settings per user.
Realize access controls that meet the needs of the situation, such as a more robust authentication method for use from outside the office or use by subcontractors.
| * | The Microsoft Intune license is required for device-based access control. |
Features for managing mobile devices and mobile apps
Unified management of multiple devices
Device management can be unified under the same policies regardless of device OS and usage location.
Prevention of theft and loss of mobile devices
Policies can be used to apply appropriate security settings to mobile devices.
Features for locking devices and deleting data remotely are also available, enabling you to prevent the theft of data on the device.
Deployment and protection of business applications
Perform application deployment for registered devices all at once and control extraction of data to non-business applications by protecting application data.
| * | An Azure Active Directory Premium license is required for device-based access control. |
Categorizing/encrypting files in cloud storage or on devices to protect data
File categorization and encryption
File content is evaluated based on policies defined by the administrator, and encryption can be set to be applied automatically.
Permissions-based control
Access permissions are set per file category, enabling you to share files among internal and external users within the scope of intended permissions.
Tracking and handling of unauthorized access
Track access to files, and if cases of unauthorized access are found, you can revoke access permissions, preventing unauthorized take-out, loss, and theft of internal data.
| * | An Azure Information Protection Premium P2 license is required for the automatic labeling function. |
| * | The Azure Information Protection Viewer is required for external users to open encrypted files. |
Advanced Threat Analytics (ATA)
On-premise solution that detects attacks on credentials and unauthorized behavior to prevent serious damage.
This solution monitors the actions and behaviors of Active Directory users. If an abnormal action or behavior related to credentials is detected, the organization administrator is informed of such fact.
Microsoft Defender for Identity
An Azure service that detects attacks aimed at credentials on an on-premise Active Directory.
Unlike ATA, use of this service enables you to manage the management server on the cloud.
Microsoft Cloud App Security (MCAS)
The cloud application environment is protected by three features: Cloud Discovery, App Connector, and Proxy Protection.
In addition to monitoring the abnormal behavior of cloud applications and user activities, you can manage user login and activities.
Windows 10
Security feature that provides greater functionality than Windows (R) 10 Pro and protects your system from evolving cyberattacks and targeted threats
Authentication information will never be stolen even if the system is infiltrated.
Storing authentication information in a secure environment
Important authentication information is stored in a secure environment independent of the environment in which Windows (R) OS operates, which denies access to malware that has infiltrated Windows (R) OS.
Even if a device is infected by malware and local administrator access has been stolen, you can prevent the damage from spreading.
| * | This feature can be set and managed using group policies, the command prompt, and PowerShell. |
Common problems until now
- Because authentication information is stored in Windows OS as hash values, it can be stolen by an attacker.
- An attacker who has stolen authentication information can break into devices on the company network one after another and eventually obtain illicit access to the company's overall administrator accounts. (Pass the Hash attack)
Solution with Windows 10
- Credential Guard restricts access to authentication information.
- Because authentication information is isolated in a virtual machine, authentication information is cut off so that attackers cannot steal the hash values.
With respect to targeted threats, which are one of the issues we must address these days, people tend to focus only on measures that address the gateways to the attack, as seen in targeted email and zero-day attacks.
If you analyze attack techniques, however, you will come to realize it is important to protect authentication information and account information as well. Credential Guard protects your authentication information from attackers, preventing Pass the Hash attacks and thus protecting the company's overall administrator authority as well as preventing theft of data.
Executing only verified applications and protecting devices
Only verified applications are permitted to be executed
Execution of malware, such as targeted email attacks and applications unauthorized by the administrator, is blocked.
Unlike measures that rely on a conventional blacklist (in which known malware must be registered in advance), this feature can also protect against zero-day attacks.
Possible to start protecting the device from boot processing upon starting the device
Because the device is started by secure boot, it is possible to prevent operation of malware transmitted to master boot upon starting the device.
Common problems until now
- An attacker sends a spoofed email to prompt the email recipient to execute a malicious application.
- The device is infected with malware, and a backdoor to a server is created.
- The attacker launches an attack through the backdoor to steal data.
Solution with Windows 10
- Device Guard limits execution to only verified applications.
- Execution of malware is blocked; therefore, the system is protected from targeted and zero-day attacks.
The methods employed by targeted email attacks evolve continuously. Attackers use a variety of spoofing techniques to deceive receivers. It is not enough to tell users not to open suspicious emails.
In addition, new viruses and variants as well as zero-day attacks cannot be prevented by traditional anti-virus software. Device Guard protects your devices from becoming infected with malware.
OS standard client
A behavior sensor built into the OS enables you to record the details of various behaviors in the form of logs.
There is no need to expand and manage agents on devices.
This enables you to attain extremely high performance.
High detection accuracy
Based on enormous amounts of data collected, stored, and analyzed by Microsoft, detection is carried out according to a knowledge base that employs the results of machine learning and security analyses.
The data is always kept up-to-date, allowing you to recognize signs of attacks as well.
Prompt, flexible response
Obvious threats will be removed automatically upon detection. Moreover, it is possible for the administrator to select the desired action flexibly for the target client device from the console.
Microsoft Defender for Endpoint functional examples
Monitoring with up-to-date information
Collected data is analyzed using up-to-date information. The administrator does not have to do anything. This feature can recognize not only new threats but also signs of an attack.
Prompt action
You can take the necessary actions for the target client device from the management console, including stopping a specific suspicious program or disconnecting from the network.
Identifying root causes
You can investigate through which channels an incident spread and what kind of impacts an incident has had as far back as 180 days ago.
Security integrated management
By linking your system with the Microsoft Defender series, you can perform comprehensive security monitoring and management.
Please consult a KDDI consultant.
Related Solutions
- Using digital tools to enhance communication in the new normal
For work-style reform during the global COVID-19 pandemic
Telework has increased rapidly due to COVID-19 and is now drawing attention not just as a step to prevent the spread of COVID-19 but as a new style of work. Meanwhile, telework presents problems and concerns associated with workers not going to the office.
Here are concrete solutions to address such concerns.
- Resolving chronic shortages of human resources at overseas locations
Faster routine work, so you can focus on your core business
As human resource shortages become increasingly severe in Japan, there are significant impacts on overseas locations as it has become difficult to dispatch personnel from Japan.
Meanwhile, hiring local personnel overseas can also be difficult, as it is challenging to secure highly skilled people or train people, and their retention rate is low. Initiatives are needed to address issues related to such human resource shortages.
What is the best solution for your problem?
Please consult a KDDI consultant.