Skip to main content This browser is no longer supported. Show
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support. Encryption
In this articleEncryption is an important part of your file protection and information protection strategy. This article provides an overview of encryption for Office 365. Get help with encryption tasks like how to set up encryption for your organization and how to password-protect Office documents.
Tip If you're not an E5 customer, you can try all the premium features in Microsoft Purview for free. Use the 90-day Purview solutions trial to explore how robust Purview capabilities can help your organization manage data security and compliance needs. Start now at the Microsoft Purview compliance portal trials hub. Learn details about signing up and trial terms. What is encryption, and how does it work in Office 365?The encryption process encodes your data (referred to as plaintext) into ciphertext. Unlike plaintext, ciphertext can't be used by people or computers unless and until the ciphertext is decrypted. Decryption requires an encryption key that only authorized users have. Encryption helps ensure that only authorized recipients can decrypt your content. Content includes files, email messages, calendar entries, and so on. Encryption by itself doesn't prevent content interception. Encryption is part of a larger information protection strategy for your organization. By using encryption, you help ensure that only authorized parties can use the encrypted data. You can have multiple layers of encryption in place at the same time. For example, you can encrypt email messages and also the communication channels through which your email flows. With Office 365, your data is encrypted at rest and in transit, using several strong encryption protocols, and technologies that include Transport Layer Security/Secure Sockets Layer (TLS/SSL), Internet Protocol Security (IPSec), and Advanced Encryption Standard (AES). Encryption for data at rest and data in transitExamples of data at rest include files that you've uploaded to a SharePoint library, Project Online data, documents that you've uploaded in a Skype for Business meeting, email messages and attachments that you've stored in folders in your mailbox, and files you've uploaded to OneDrive for Business. Examples of data in transit include mail messages that are in the process of being delivered, or conversations that are taking place in an online meeting. In Office 365, data is in transit whenever a user's device is communicating with a Microsoft server, or when a Microsoft server is communicating with another server. With Office 365, multiple layers and kinds of encryption work together to secure your data. The following table includes some examples, with links to additional information.
What if I need more control over encryption to meet security and compliance requirements?Microsoft 365 provides Microsoft-managed solutions for volume encryption, file encryption, and mailbox encryption in Office 365. In addition, Microsoft provides encryption solutions that you can manage and control. These encryption solutions are built on Azure. To learn more, see the following resources:
How do I...
Plan for Microsoft 365 security and information protection capabilities Best practices for securing Microsoft 365 for business plans Microsoft Stream Video level encryption and playback flow FeedbackSubmit and view feedback for Which protocol can be enabled so email is encrypted on a mobile device?SMTP MTA-STS
The SMTP Mail Transfer Agent Strict Transport Security (MTA-STS) protocol helps secure emails by enabling SMTP servers to add encryption via TLS.
What type of technology enables a cell phone to store and transmit encrypted info for making payments at checkout counter?NFC payments are considered secure because data passing between the two devices is encrypted. The security protocol followed by NFC technology is the same one used by chip-enabled payment cards, making it more secure than swiping your card at a terminal.
Which of the following would best prevent unauthorized person from remotely accessing your computer?Networking. What type of card reader does not require physical contact to occur?A contactless smart card is a card in which the chip communicates with the card reader through an induction technology similar to that of an RFID (at data rates of 106 to 848 kbit/s). These cards require only close proximity to an antenna to complete a transaction.
|