Encryption in Microsoft 365 (2024)

Table of Contents
In this article What is encryption, and how does it work in Microsoft 365? Encryption for data at rest and data in transit Microsoft 365 Crypto Update What if I need more control over encryption to meet security and compliance requirements? How do I... FAQs
  • Article

Encryption is an important part of your file protection and information protection strategy. This article provides an overview of encryption for Microsoft 365. Get help with encryption tasks like how to set up encryption for your organization and how to password-protect Microsoft 365 documents.

  • For information about certificates and technologies like TLS, see Technical reference details about encryption in Microsoft 365.

  • For an overview of how to configure or set up encryption for your organization, see Set up encryption in Microsoft 365 Enterprise.

Tip

If you're not an E5 customer, use the 90-day Microsoft Purview solutions trial to explore how additional Purview capabilities can help your organization manage data security and compliance needs. Start now at the Microsoft Purview compliance portal trials hub. Learn details about signing up and trial terms.

See Also
Cloud Key Management | CSADecryption: What is Decryption & How Does it Protect Your Data?

What is encryption, and how does it work in Microsoft 365?

The encryption process encodes your data (referred to as plaintext) into ciphertext. Unlike plaintext, ciphertext can't be used by people or computers unless and until the ciphertext is decrypted. Decryption requires an encryption key that only authorized users have. Encryption helps ensure that only authorized recipients can decrypt your content. Content includes files, email messages, calendar entries, and so on.

Encryption by itself doesn't prevent content interception. Encryption is part of a larger information protection strategy for your organization. By using encryption, you help ensure that only authorized parties can use the encrypted data.

You can have multiple layers of encryption in place at the same time. For example, you can encrypt email messages and also the communication channels through which your email flows. With Microsoft 365, your data is encrypted at rest and in transit, using several strong encryption protocols, and technologies that include Transport Layer Security/Secure Sockets Layer (TLS/SSL), Internet Protocol Security (IPSec), and Advanced Encryption Standard (AES).

Encryption for data at rest and data in transit

Examples of data at rest include files that you uploaded to a SharePoint library, Project Online data, documents that you uploaded in a Skype for Business meeting, email messages and attachments that you stored in folders in your mailbox, and files you uploaded to OneDrive for Business.

Examples of data in transit include mail messages that are in the process of being delivered, or conversations that are taking place in an online meeting. In Microsoft 365, data is in transit whenever a user's device is communicating with a Microsoft server, or when a Microsoft server is communicating with another server.

With Microsoft 365, multiple layers and kinds of encryption work together to secure your data. The following table includes some examples, with links to additional information.

Kinds of ContentEncryption TechnologiesResources to learn more
Files on a device. These files can include email messages saved in a folder, documents saved on a computer, tablet, or phone, or data saved to the Microsoft cloud.BitLocker in Microsoft data centers. BitLocker can also be used on client machines, such as Windows computers and tablets
Distributed Key Manager (DKM) in Microsoft data centers
Customer Key for Microsoft 365		Windows IT Center: BitLocker
Microsoft Trust Center: Encryption
Cloud security controls series: Encrypting Data at Rest
How Exchange Online secures your email secrets
Service encryption with Customer Key
Files in transit between users. These files can include Microsoft 365 documents or SharePoint list items shared between users.TLS for files in transitData Encryption in OneDrive for Business and SharePoint Online
Skype for Business Online: Security and Archiving
Email in transit between recipients. This email includes email hosted by Exchange Online.Microsoft Purview Message Encryption with Azure Rights Management, S/MIME, and TLS for email in transitMessage Encryption
Email encryption in Microsoft 365
How Exchange Online uses TLS to secure email connections in Microsoft 365
Chats, messages, and files in transit between recipients using Microsoft Teams.Teams uses TLS and MTLS to encrypt instant messages. Media traffic is encrypted using Secure RTP (SRTP). Teams uses FIPS (Federal Information Processing Standard) compliant algorithms for encryption key exchanges.Encryption for Teams

Microsoft 365 Crypto Update

In late August 2023, Microsoft Purview Information Protection began to use Advanced Encryption Standard (AES) with 256-bit key length in Cipher Block Chaining mode (AES256-CBC). By October 2023, AES256-CBC became the default for encryption of Microsoft 365 Apps documents and emails. You might need to take action to support this change in your organization. For more information, see Technical reference details about encryption.

What if I need more control over encryption to meet security and compliance requirements?

Microsoft 365 provides Microsoft-managed solutions for volume encryption, file encryption, and mailbox encryption in Microsoft 365. In addition, Microsoft provides encryption solutions that you can manage and control. These encryption solutions are built on Azure.

To learn more, see the following resources:

  • What is Azure Rights Management?

  • Activate Rights Management in the admin center

  • Set up Information Rights Management (IRM) in SharePoint admin center

  • Overview of Customer Key

  • Double Key Encryption

How do I...

To do this taskSee these resources
Set up encryption for my organizationSet up encryption in Microsoft 365 Enterprise
View details about certificates, technologies, and TLS cipher suitesTechnical details about encryption
Work with encrypted messages on a mobile deviceView encrypted messages on your Android deviceView encrypted messages on your iPhone or iPad
Encrypt a document using password protection. (Password protection isn't supported in a browser. Use desktop versions of Word, Excel, and PowerPoint for password protection.)Add or remove protection in your document, workbook, or presentation. Choose an Add protection section, and then see Encrypt with Password.
Remove encryption from a documentAdd or remove protection in your document, workbook, or presentation. Choose a Remove protection section, and then see Remove password encryption.

Plan for Microsoft 365 security and information protection capabilities

Secure your business data with Microsoft 365 for business

Microsoft Stream Video level encryption and playback flow

Encryption in Microsoft 365 (2024)

FAQs

How to Encrypt in Microsoft 365? ›

In message that you are composing, click File > Properties. Click Security Settings, and then select the Encrypt message contents and attachments check box.

Read On
In which two ways does Microsoft 365 Encrypt data? ›

With Microsoft 365, your data is encrypted at rest and in transit, using several strong encryption protocols, and technologies that include Transport Layer Security/Secure Sockets Layer (TLS/SSL), Internet Protocol Security (IPSec), and Advanced Encryption Standard (AES).

Discover More Details
Is Office 365 encrypted by default? ›

In the service, encryption is used in Microsoft 365 by default; you don't have to configure anything. For example, Microsoft 365 uses Transport Layer Security (TLS) to encrypt the connection, or session, between two servers.

Continue Reading
Does Microsoft 365 business include encryption? ›

Your admin can define rules to automatically encrypt messages that meet certain criteria. For instance, your admin can create a rule that encrypts all messages sent outside your organization or all messages that mention specific words or phrases. Any encryption rules will be applied automatically.

See Details
How do I make Office 365 secure? ›

10 Best Practices to Ensure Microsoft Office 365 Security
  1. Enable Multi-Factor Authentication.
  2. Train Your Organization's Employees.
  3. Manage User Accounts and Permissions.
  4. Configure Microsoft Defender for Office 365.
  5. Use Microsoft Purview Information Protection.
  6. Disable Auto-Forwarding for Email.
  7. Protect All Devices.
Feb 18, 2023

Find Out More
Is Office 365 Onedrive encrypted? ›

Content protection: Each file is encrypted at rest with a unique AES256 key. These unique keys are encrypted with a set of master keys that are stored in Azure Key Vault.

Tell Me More
How to check if email is encrypted in Office 365? ›

How can I tell if the message I sent was encrypted? Check the email in your Sent emails. You should see a message under your profile and the To line that shows an information icon, with a message about the encryption level for the email. For example, “Encrypt-Only – This message is encrypted.

Show Me More
What kind of encryption does Microsoft use? ›

Microsoft uses its own security certificates and associated keys to encrypt TLS connections for data-in-transit.

Explore More
How to encrypt data in OneDrive? ›

Step-by-Step How To Encrypt OneDrive Folder
  1. Step 1: Evaluate Your Encryption Options. ...
  2. Step 1.5: Enable BitLocker (Windows) or FileVault (Mac) ...
  3. Step 2: Create an Encrypted Container. ...
  4. Step 3: Regularly Update Your Encryption Keys and Passwords.

Continue Reading
Is Microsoft 365 confidential? ›

Office 365 Message Encryption is an easy-to-use service that lets email users send encrypted messages to people inside or outside their organization. For more information, see Encryption in the Microsoft Cloud.

Show Me More

What security does Microsoft 365 have? ›

It's important to be aware of the Microsoft security features you have while using a Microsoft 365 for business account: Antiphishing, antispam, and antimalware protection for email. Multi-factor authentication (MFA), which can prevent hackers from taking over if they know your password.

Read The Full Story
How do I encrypt an email in Office 365 subject line? ›

There are two ways to send an encrypted message in Office 365. Start a new email and type the word "Encrypt" or "Encrypted" (without quotation marks) in the subject line of the email.

See Details
How do I set up encryption in Office 365? ›

To encrypt a single message:
  1. Compose your message in Outlook.
  2. Click on "Files" and click "File Properties."
  3. Under "Security Settings," select "Encrypt message contents and attachments."
  4. Click "Send" to send your encrypted message.
Apr 11, 2023

Get More Info Here
How do I encrypt a document in Office 365? ›

Protect a document with a password
  1. Go to File > Info > Protect Document > Encrypt with Password.
  2. Type a password, press OK, type it again and press OK to confirm it.
  3. Save the file to make sure the password takes effect.

Continue Reading
Does Office 365 encryption encrypt attachments? ›

Attachments are also encrypted

If you choose the Encrypt option, recipients with Outlook.com and Microsoft 365 accounts can download attachments without encryption from Outlook.com, the Outlook mobile app, new Outlook, or the Mail app in Windows 10.

View More
How do I Encrypt a Microsoft document? ›

Protect a document with a password
  1. Go to File > Info > Protect Document > Encrypt with Password.
  2. Type a password, press OK, type it again and press OK to confirm it.
  3. Save the file to make sure the password takes effect.

View Details
How do I password protect an email in Outlook 365? ›

In the top menu, click on the "Options" tab. Click on the "Permissions" drop-down menu and select "Encrypt-Only." Send your encrypted email as usual. If you wish to add additional security measures, such as requiring a password for decryption, click on "Protect" and select the desired options before sending the email.

See More
How do I send an encrypted email in Outlook 365 Web? ›

To add or remove digital encryption from an individual message that you're composing:
  1. Go to the top of the message and select more options. > Message options.
  2. Select or deselect Encrypt this message (S/MIME).

Learn More
How do I read an encrypted email in Office 365? ›

If you are a Microsoft 365 user, click the attachment. A new page will open in your web browser stating that you have received an encrypted message. If you are a non-Microsoft 365 user, click on the link in the body of the message. You will see two options to view the message: "Sign in" or “Use a one-time passcode.”

Discover More Details
Top Articles
Blockchain Architecture Layers: A Comprehensive Guide - Hacken
Your top debt collection questions answered | Consumer Financial Protection Bureau
Frases para un bendecido domingo: llena tu día con palabras de gratitud y esperanza - Blogfrases
Umbc Baseball Camp
Tmf Saul's Investing Discussions
Jesus Calling December 1 2022
Die Windows GDI+ (Teil 1)
Sissy Transformation Guide | Venus Sissy Training
Tyrunt
Lesson 1 Homework 5.5 Answer Key
Southland Goldendoodles
Xm Tennis Channel
shopping.drugsourceinc.com/imperial | Imperial Health TX AZ
Pvschools Infinite Campus
R/Afkarena
Beau John Maloney Houston Tx
Tcgplayer Store
Craiglist Tulsa Ok
Transfer and Pay with Wells Fargo Online®
Unity - Manual: Scene view navigation
Welcome to GradeBook
Moving Sales Craigslist
Td Small Business Banking Login
Craigslist Appomattox Va
MLB power rankings: Red-hot Chicago Cubs power into September, NL wild-card race
Robeson County Mugshots 2022
Rqi.1Stop
Phoebus uses last-second touchdown to stun Salem for Class 4 football title
Craigslist Lewes Delaware
Xfinity Outage Map Fredericksburg Va
Weldmotor Vehicle.com
Keyn Car Shows
2004 Honda Odyssey Firing Order
Maisons près d'une ville - Štanga - Location de vacances à proximité d'une ville - Štanga | Résultats 201
Town South Swim Club
24 Hour Drive Thru Car Wash Near Me
Airg Com Chat
Rubmaps H
Lil Durk's Brother DThang Killed in Harvey, Illinois, ME Confirms
Teenage Jobs Hiring Immediately
Tendermeetup Login
Movies123.Pick
Chs.mywork
My.lifeway.come/Redeem
062203010
White County
Tlc Africa Deaths 2021
Worland Wy Directions
The Machine 2023 Showtimes Near Roxy Lebanon
Home | General Store and Gas Station | Cressman's General Store | California
Noelleleyva Leaks
Subdomain Finer
Latest Posts
PCI, CVSS, & risk scoring FAQs
How to Mix Bitcoins and Send Bitcoin Anonymously - Comparitech
Article information

Author: Moshe Kshlerin

Last Updated:

Views: 5876

Rating: 4.7 / 5 (57 voted)

Reviews: 80% of readers found this page helpful

Author information

Name: Moshe Kshlerin

Birthday: 1994-01-25

Address: Suite 609 315 Lupita Unions, Ronnieburgh, MI 62697

Phone: +2424755286529

Job: District Education Designer

Hobby: Yoga, Gunsmithing, Singing, 3D printing, Nordic skating, Soapmaking, Juggling

Introduction: My name is Moshe Kshlerin, I am a gleaming, attractive, outstanding, pleasant, delightful, outstanding, famous person who loves writing and wants to share my knowledge and understanding with you.