Security Advisor

Office 365 Getting Encrypted Messaging in 2014

Microsoft on Thursday announced that Office 365 Message Encryption -- a service that will encrypt e-mails being sent to an outside source -- will go live early next year.

The service aims to provide "sensitive business communications with an additional level of protection against unauthorized access," and is ideal for protecting financial and private data, according to Microsoft.

Microsoft's Office 365 Message Encryption, which may look to be a reactionary move after this year's privacy concerns centering around the NSA document leaks, will be available for free for Office 365 E3 and E4 users and will be included in the Windows Azure Rights Management service.

While Microsoft is treating Office 365 Message Encryption as a new service, it's actually just building upon the company's previous encryption message technology.

"Office 365 Message Encryption is the new version of Exchange Hosted Encryption (EHE)," said Microsoft in a blog post announcing the service. "This version includes all of the capabilities of EHE plus new features, such as the ability to apply your company's branding to encrypted messages. Like EHE, Office 365 Message Encryption works with Office 365 mailboxes as well as with on-premises mailboxes that use Exchange Online Protection."

Once administrators activate the new service and set transport rules either through a Web-based portal or PowerShell, all messages meeting those rules will be automatically encrypted before leaving its point of origin. The recipient then receives the encrypted message as an e-mailed attachment and must sign in with the proper Office 365 ID or Microsoft Account credentials before the message will be readable.

Figure 1. An encrypted message as seen from the recepient.

Also, if the recepient responds to the protected e-mail, the reply is automatically encrypted.

Microsoft said its Office 365 Message Encrypton service will utilize multiple encryption and security features, including:

  • Transport Layer Security (TLS), which protects the message in the mail server;
  • Secure Socket Layer (SSL), which encrypts the message as it travels from the mail server to Office 365 servers;
  • Bitlocker, used to encrypt the data on the datacenter harddrives;
  • Information Rights Management, which blocks an encrypted message from being forwarded, copied or printed without authorization;
  • Secure/Multipurpose Internet Mail Extensions (S/MIME), which will allow users to include client-side encryption keys.

Microsoft isn't the only online services company looking to step up its encryption capabilities in the wake of the NSA surveillance accusations. Yahoo this week also annouced that all user data traveling through its datacenters will be encrypted sometime in 2014 and its e-mail service will start employing the Secure Sockets Layer (SSL) encryption standard with a 2048-bit key on Jan. 8, 2014.


About the Author

Chris Paoli is the site producer for and


  • Google IDs on Azure Active Directory B2B Service Now at 'General Availability'

    Microsoft announced on Wednesday that users of the Google identity and access service can use their personal log-in IDs with the Azure Active Directory B2B service to access resources as "guests."

  • Top 4 Overlooked Features of a Data Backup Strategy

    When it comes to implementing an airtight backup-and-recovery plan, these are the four must-have features that many enterprises nevertheless tend to forget.

  • Microsoft Bolsters Kubernetes with Azure Confidential Computing

    Microsoft on Tuesday announced various developments concerning the use of Kubernetes, an open source container orchestration solution fostered by Google.

  • Windows Will Have Support for Encrypted DNS

    Microsoft announced this week that the Windows operating system already has support for an encrypted Domain Name System option that promises to add greater privacy protections for Internet connections.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.