- cross-posted to:
- europe@lemmy.ml
- cross-posted to:
- europe@lemmy.ml
cross-posted from: https://lemmy.ml/post/13035348
Following its investigation, the EDPS has found that the European Commission (Commission) has infringed several key data protection rules when using Microsoft 365. In its decision, the EDPS imposes corrective measures on the Commission.
The EDPS has found that the Commission has infringed several provisions of Regulation (EU) 2018/1725, the EU’s data protection law for EU institutions, bodies, offices and agencies (EUIs), including those on transfers of personal data outside the EU/European Economic Area (EEA).
The biggest tool in the M365 suite will vary by organization.
Outlook is huge. It integrates well with Microsoft Exchange which can either be self-hosted or you can just pay Microsoft to handle it (generally recommended these days) the calendar integrates with Microsoft Teams where you can create a calendar event, have it create a Teams Meeting, then add your attendees from your Outlook contacts (which will also have all accounts from Active Directory searchable) then after the Teams meeting you can directly email a followup to all meeting attendees within outlook. Outlook will also very nicely handle emailing files as SharePoint links and giving access to the users you’re emailing to (again, integrating with Active Directory for authentication and listing users to set permissions) and when you and another user are both editing a document on SharePoint it allows easy collaboration in Word/Excel/PowerPoint much like how Google Docs work when sharing with edit permissions. These workflows are huge for a hybrid/remote workforce or for inter-office collaboration.
On the server & administration side of things Active Directory (AD) is a juggernaut. It has integrations into many web services (basically anything with a “sign in with Microsoft” button), many programs one might install onto a computer also support using your AD login as authentication, which means fewer passwords for users to remember and fewer passwords for admins to reset and manage for onboarding, offboarding and provide login assistance to. AD also directly integrates with file shares where you can set detailed permissions based on the users and groups in AD. AD also gives you access to Group Policies which allows you to heavily manage and configure your users workstations. This is where admins can restrict access to settings users should never touch, restrict the ability to install software, remove bloatware, restrict access to certain browser functions etc. and of course you manage all of this using Microsoft Remote Desktop Protocol or Microsoft Powershell which authenticates against AD. Most organizations use AD as a single source of truth on who works in the organization, with the HRMS (Human Resources Management Software) directly integrating with AD and automatically creating and deactivating users, applying groups based on the user’s job title, etc.
For a real world example, I currently manage a SAAS product as one of my primary duties (it’s like Salesforce without being Salesforce) we have extensive permissions setup within this SAAS product which we have to manually apply for every user that joins, leaves or changes positions. I’m currently pushing for AD integration since I spend about 8 hours every week on concerns that would be automated away by integrating the SAAS product I manage with AD, letting AD groups automatically set the users permissions and using single sign-on with AD, and this would also tie into a larger upcoming project of shifting some shared accounts for high-turnover positions into named accounts as it would ideally integrate with an ongoing project that’s ramping up to overhaul our current HRMS workflow and automatically create/deactivate users with appropriate permissions as they join/leave the company. This is the power of AD, it’s a single, industry standard database and authentication server that often runs entire organization’s security and infrastructure because of it’s heavy integration and potential for automation