Saturday, November 15, 2014

Current Office 365 Encryption Solutions

The question comes up a lot on is does Office 365 support encryption? The answer is Yes and there are lots of encryption solutions implemented.
A great resource that you should always start at is the Office 365 Trust Center - You should also review the Office 365 Security Whitepaper located here -
I usually break this down into a couple different views. Encryption in Transit, Encryption at Rest and Payload Encryption.

Encryption in Transit
All Office 365 traffic / data is encrypted in using SSL/TLS to client machines connecting to the service. Read about this in the Office 365 Security Whitepaper.

Encryption at Rest
BitLocker has been deployed to encrypt data at rest inside of Office 365.
Additionally for OneDrive for Business and SharePoint Online a new file based encryption solution has been implemented. Read about both of theses in the Office 365 Security Whitepaper.

Payload Encryption
There are additional solutions that customers can choose to utilize with Office 365 to encrypt data.

S/MIME was actually the original intent of why I was writing this blog; but I figured it was worth communicating that encryption is more than just S/MIME. S/MIME encryption of email is supported with Office 365. Please review these two article for more information: and

UPDATE 1/2/2015 - Shortly after I wrote this blog, a really good article was created here -

Rights Management Service (RMS) is supported as well. Office 365 supports both Windows RMS or Azure RMS. You can use RMS is a great solution to assist with DLP for email and documents. You have the ability to create policy to encrypt data. For SharePoint Online please review the Service Description here - For Exchange Online please review

Office 365 Message Encryption (OME) is another solution that is available to you. This is another solution provided that allows you administrators to create policy to encrypt data that is leaving the organization. For detailed information, please review this -

Additionally in Exchange Online Protection (EOP) you have the ability to enforce Transport Layer Security (TLS) for SMTP messages to partners. For more information, please review the following -

No comments: