About data provision

Kaspersky Security for Microsoft Office 365 protects Exchange Online mailboxes managed through Office 365. To use the full functionality of Kaspersky Security for Microsoft Office 365, you must create a user account on the website of the Right Owner (Kaspersky Lab). You can use an existing Kaspersky Business Hub account or create a new one by providing your email address, company name, and a password.

Kaspersky Lab processes and uses this information only to ensure the functionality of Kaspersky Security for Microsoft Office 365, unless you agree to use the information for other purposes (for example, to receive a news feed about Kaspersky Lab products and services to your email address).

The data may migrate between Kaspersky Security for Microsoft Office 365 servers within the same data center during technical maintenance or to ensure correct load balancing. Backup copies of the data are stored in the same data center.

By creating a user account and connecting the application to Office 365, you confirm that you are the sole owner of any data you provide and that you are entitled to provide such data.

Any information provided is protected and processed in accordance with the Kaspersky Lab Privacy Policy.

Kaspersky Security for Microsoft Office 365 may receive, store, and process the following types of data:

• Office 365 Global Administrator credentials required for authorizing the creation of a Service Account with the necessary permissions in Exchange Online.

  Administrator role in Office 365 infrastructure. Global Administrator has full access to all administrative features and other administrative roles in Office 365.

  The application does not depend on the Global Administrator account after the Service Account has been created, and does not store its credentials for future use.

• Service Account credentials used to connect the application to Office 365.

  A user account that is used to access email items in Office 365 for scanning. The Administrator should grant ApplicationImpersonation and Mailbox Search roles to this account in order to enable Anti-Virus, Anti-Spam, and Anti-Phishing protection.

• A list of all mailboxes of the protected Exchange Online organization used to promptly connect to Exchange Online after Kaspersky Security for Microsoft Office 365 is restarted.
• A list of all accepted domains in the protected Exchange Online organization used to identify the message traffic type (inbound, outbound, internal).
• Email messages and appointments, including attachments and X-headers.

  The application receives these items for scanning and processes them according to the protection settings. Email messages and items are not stored in the Kaspersky Security for Microsoft Office 365 infrastructure.

• The metadata of email messages (sender, recipient, subject, primary SMTP address of the related mailbox) displayed in Backup.
• The email address specified during registration and the corresponding IP-address.

  This information is required to ensure correct application event logging. The registration email address is also used to notify the Administrator about certain application events, including notifications about application unavailability, license expiration and update releases.

• Protection settings, including email addresses excluded from scanning.
• Statistics on Kaspersky Security for Microsoft Office 365 operations, including senders, recipients and subjects of email messages.

  These statistics are used to generate reports containing the number of detected spam messages and malicious objects, scan results, and other results, and to log application events.

• The number of mailboxes used to monitor the license restrictions.
• Web site usage statistics required to improve application performance.

The retention period for the above listed data is the following:

• 31 days after expiration of the trial license, if no commercial license has been assigned to the application.
• 181 days after expiration of the commercial license, if it has not been renewed.

After the retention period is over, all the data described above is removed from application databases. An exception to this rule is Backup data. The retention period for messages moved to Backup is 30 days. After this period is over, the messages and their metadata are permanently deleted.

Kaspersky Security for Microsoft Office 365 uses Kaspersky Security Network to improve detection of new threats and their sources. The following information obtained as a result of application operations is automatically sent to Kaspersky Lab:

• Different web addresses detected in the same message text.
• IP address belonging to the sender of the scanned message.
• Information about all of the objects and actions, namely the name, the size, and the checksums (MD5, SHA2-256, SHA1) of the scanned object, file type ID, and the executable file flag.
• Web address at which the reputation is being requested.
• Top-level domain names used in web addresses in the scanned messages.
• Checksum (MD5) of the names of files attached to the message.
• The number of IP addresses (v4 and v6) in the message header and a flag indicating the address belonging to a local or external network.
• Irreversible hash function of domain names in the header of the scanned message.
• Message scan result and spam rating.
• Attack target (company name, website name).
• Checksum (MD5) of the scanned message sender's email address.
• Web addresses from scanned messages with deleted passwords.
• Checksums (MD5) of graphic objects included in the message.
• Short text signatures composed from message text (irreversible text digests that cannot be used to recover the original text, the text itself is not transmitted) used for filtering known spam mailings and product decisions about them.
• IP-addresses of the message sender and intermediate mail servers, sender’s mail client version, message ID, information about the completion of message fields, the checksum (CRC32) of message fragments defined by markup language, sender domain names taken from the SMTP session and MIME-header, checksums (CRC23) of the sender name taken from the SMTP-session and MIME-header, checksums (CRC32) of the sender's name and domain taken from the SMTP session.

You agree to provide executable files or parts of files that could be exploited by intruders for additional examination at Kaspersky Lab.

Kaspersky Lab reserves the right to use received data to generate reports on information security risks.

Kaspersky Lab protects any information received in this way as prescribed by law and the applicable rules of Kaspersky Lab. Data are transmitted over encrypted communication channels.

Page top