Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 578
  • Last Modified:

How secure is Office 365 Message Encryption?

Hi,

As rather a security novice I'm looking more for advised opinion than a solution to a problem but I'll try and grant credit for the most useful response(s).

We use Office 365 and I've had requests for communicating potentially sensitive data securely to external parties. In the past I've used PGP and feel that the communication part of that is pretty secure if otherwise following good practice. It's not the easiest solution to implement, however, and so I have been looking at Office 365 Message Encryption. I can't find any negative comment about this, which I'd like to believe is a good thing, and yet it seems to me that there is a big loophole. In a PGP solution, whatever I send leaves my PC encrypted and it would be pretty useless to anyone who may intercept along the way. With Office 365 Message Encryption I understand that the encryption is done at the server. My connection to the server may be secure but I still take that to mean that Microsoft is receiving basically a clear text copy of my message that they may store or pass on. The message is of course encrypted further down the line but with a mind to also protecting against potential legal and/or government access I don't want anyone to be able to see it.

Is my understanding of the O365 message encryption service correct or does anyone know of something that also cuts out any possible Microsoft access? And of course without soliciting any commercially aimed contributions I'd be interested to know of any other truly secure and yet simple to implement solutions that people use.

Many thanks for you comments.
Chris
0
CDaunt
Asked:
CDaunt
1 Solution
 
R_EdwardsCommented:
Chris,
     in a nutshell, no the Microsoft admins that control the office 365 servers cannot read your encrypted email.  the encryption that is used is unique for each site for office 365.  here are a few sites that explain it.

http://technet.microsoft.com/en-us/library/dn569285.aspx

http://technet.microsoft.com/en-us/library/dn569286.aspx

Have a Merry Christmas.

-=Richard
0
 
CDauntAuthor Commented:
Hi Richard,

Thanks for your feedback. Info on one of the links that I hadn't seen and is useful. I'd still love to find an independent take and review of this. Almost everything I have found is either Microsoft's own material or articles that are little more than a rehash of Microsoft's media statements,

Have a great Christmas too.

Best
Chris
0

Featured Post

Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as the high-speed power of the cloud.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now