About data provision

Kaspersky Security for Microsoft Office 365 protects mailboxes managed through Office 365. To use the full functionality of Kaspersky Security for Microsoft Office 365, you must create a user account on the website of the Right Owner (Kaspersky Lab). You can use an existing Kaspersky Endpoint Security Cloud account or create a new one by providing your email address, company name, and a password.

Kaspersky Lab processes and uses this information only to ensure the functionality of Kaspersky Security for Microsoft Office 365, unless you agree to use the information for other purposes (for example, to receive a news feed about Kaspersky Lab products and services to your email address).

By creating a user account and connecting the application to Office 365, you confirm that you are the sole owner of any data you provide and that you are entitled to provide such data.

Any information provided is protected and processed in accordance with the Kaspersky Lab Privacy Policy.

Kaspersky Security for Microsoft Office 365 may receive, store, and process the following types of data:

• Office 365 Global Administrator credentials required for authorizing the creation of a Service Account with the necessary permissions in Exchange Online.

  Administrator role in Office 365 infrastructure. Global Administrator has full access to all administrative features and other administrative roles in Office 365.

  The application does not depend on the Global Administrator account after a Service Account has been created, and does not store its credentials for future use.

• Service Account credentials used to connect the application to Microsoft Office 365.

  A user account that is used to access email items in Office 365 for scanning. The Administrator should grant ApplicationImpersonation and Mailbox Search roles to this account in order to enable Anti-Virus, Anti-Spam, and Anti-Phishing protection.

• A list of all mailboxes of the protected Microsoft Exchange Online organization used to promptly connect to Microsoft Exchange Online after Kaspersky Security for Microsoft Office 365 is restarted.
• A list of all accepted domains in the protected Microsoft Exchange Online organization used to identify the message direction (inbound, outbound, or internal).
• Email messages and appointments, including attachments and X-headers.

  The application receives these items for scanning and processes them according to the protection settings. Email messages and items are not stored in the Kaspersky Security for Microsoft Office 365 infrastructure.

• The metadata of email messages (sender, recipient, subject, primary SMTP address of the related mailbox) displayed in Backup.
• The email address specified during registration and the corresponding IP-address.

  This information is required to ensure correct application event logging. The registration email address is also used to notifу the administrator about certain application evens, including notifications about application unavailability, license expiration and updates release.

• Protection settings, including email addresses excluded from scanning.
• Statistics about Kaspersky Security for Microsoft Office 365 functionality, including senders, recipients and subjects of email messages.

  These statistics are used to generate reports containing the number of detected spam and malicious objects, scanning results, etc., and to log application events.

• The number of mailboxes used to monitor the license restrictions.
• Website usage statistics that are necessary to improve the application performance.

Kaspersky Security for Microsoft Office 365 uses Kaspersky Security Network in order to improve detection of new threats and their sources. The following information obtained as a result of the application operation is automatically sent to Kaspersky Lab:

• Identification of presence of different web addresses in the same message text.
• IP-address belonging to a sender of the scanned message.
• Information about all of the objects and actions, namely the name, the size, the checksums (MD5, SHA2-256, SHA1) of the scanned object, file type ID and the executable file flag.
• Web address at which the reputation is being requested.
• Top-level domain names used in web addresses in the scanned messages.
• Checksum (MD5) of the name of a file attached to the message.
• The number of IP-addresses (v4 and v6) in the message header and a flag indicating the address belonging to a local or external network.
• Irreversible hash function of domain names in the header of the scanned message.
• Message scan result and spam rating.
• Attack target (company name, website name).
• Checksum (MD5) of the scanned message sender's email address.
• Web addresses from suspicious messages with deleted passwords.
• Checksums (MD5) of graphic objects included in the message.
• Short text signatures composed from message text (irreversible text digests that cannot be used to recover the original text from, the text itself is not transmitted) used for filtering the known spam mailings and product decisions about them.
• IP-addresses of the message sender and intermediate mail servers, sender’s mail client version, message ID, information about the filling of the message fields, the checksum (CRC32) of the message fragments defined by markup language, sender domain names taken from the SMTP-session and MIME-header, checksums (CRC23) of the sender name taken from the SMTP-session and MIME-header, the checksums (CRC32) of the sender's name and domain taken from the SMTP-session.

For additional examination at Kaspersky Lab you agree to provide executable files or parts of files that could be exploited by intruders.

Kaspersky Lab reserves the right to use the received data to generate reports on information security risks.

Kaspersky Lab protects any information received in this way as prescribed by law and applicable rules of Kaspersky Lab. Data are transmitted over encrypted communication channels.

Page top