Security & Compliance

Home / Links / Best Practices and Recommendations / Security & Compliance

Security & Compliance


Security Documentation library – This library of content provides a set of documents and resources to help you on your security journey

Recommendations & Best Practice

Security Development Lifecycle Portal – offers updated practices that should be used during the development process, to build more secure software by reducing the number and severity of vulnerabilities accidentally introduced into software. The practices cover a broad range of topics, from training and threat modeling, to managing the security risk of using third-party components, and security testing.
Operational Security Assurance (OSA) – outlines aligned practices to apply during the operational lifecycle of cloud services, making them more resilient to attack from real and potential cybersecurity threats. These include elements such as using Multi-Factor Authentication (MFA), protecting secrets, protecting against DDOS attacks, and penetration testing.
Secure DevOps – The Secure DevOps model provides a great foundation to improve security. SDL and OSA practices aligned with automation, monitoring, collaboration, and fast and early feedback provide a great opportunity to improve security. Practices outlined here include tooling and automation and continuous learning and monitoring.
Open Source Security


O365 Security and Compliance resources – If your organization needs to protect your data or comply with legal or regulatory standards, you’re in the right place. The areas in this link are your first stop for learning about security and compliance in Office 365.
Action plan for GDPR – This article includes a prioritized action plan you can follow as you work to meet the requirements of the General Data Protection Regulation (GDPR).
Office 365 Information Protection for GDPR – The Office 365 Security & Compliance Center is designed to help you manage compliance features across Office 365 for your organization.