Solved

How secure is Office 365 Message Encryption?

Posted on 2014-12-17
2
494 Views
Last Modified: 2014-12-22
Hi,

As rather a security novice I'm looking more for advised opinion than a solution to a problem but I'll try and grant credit for the most useful response(s).

We use Office 365 and I've had requests for communicating potentially sensitive data securely to external parties. In the past I've used PGP and feel that the communication part of that is pretty secure if otherwise following good practice. It's not the easiest solution to implement, however, and so I have been looking at Office 365 Message Encryption. I can't find any negative comment about this, which I'd like to believe is a good thing, and yet it seems to me that there is a big loophole. In a PGP solution, whatever I send leaves my PC encrypted and it would be pretty useless to anyone who may intercept along the way. With Office 365 Message Encryption I understand that the encryption is done at the server. My connection to the server may be secure but I still take that to mean that Microsoft is receiving basically a clear text copy of my message that they may store or pass on. The message is of course encrypted further down the line but with a mind to also protecting against potential legal and/or government access I don't want anyone to be able to see it.

Is my understanding of the O365 message encryption service correct or does anyone know of something that also cuts out any possible Microsoft access? And of course without soliciting any commercially aimed contributions I'd be interested to know of any other truly secure and yet simple to implement solutions that people use.

Many thanks for you comments.
Chris
0
Comment
Question by:CDaunt
2 Comments
 
LVL 8

Accepted Solution

by:
R_Edwards earned 500 total points
ID: 40504530
Chris,
     in a nutshell, no the Microsoft admins that control the office 365 servers cannot read your encrypted email.  the encryption that is used is unique for each site for office 365.  here are a few sites that explain it.

http://technet.microsoft.com/en-us/library/dn569285.aspx

http://technet.microsoft.com/en-us/library/dn569286.aspx

Have a Merry Christmas.

-=Richard
0
 

Author Closing Comment

by:CDaunt
ID: 40512474
Hi Richard,

Thanks for your feedback. Info on one of the links that I hadn't seen and is useful. I'd still love to find an independent take and review of this. Almost everything I have found is either Microsoft's own material or articles that are little more than a rehash of Microsoft's media statements,

Have a great Christmas too.

Best
Chris
0

Featured Post

Can’t get the mobile email signature right?

Not having any luck when trying to create an email signature for mobile devices? Does the formatting keep messing up? Make sure you have great email signatures on all devices by using Exclaimer Cloud - Signatures for Office 365.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

We are happy to announce a brand new addition to our line of acclaimed email signature management products – CodeTwo Email Signatures for Office 365.
In 2017, ransomware will become so virulent and widespread that if you aren’t a victim yourself, you will know someone who is.
Migrating to Microsoft Office 365 is becoming increasingly popular for organizations both large and small. If you have made the leap to Microsoft’s cloud platform, you know that you will need to create a corporate email signature for your Office 365…
A simple description of email encryption using a secure portal service. This is one of the choices offered by The Email Laundry for email encryption. The other choices are pdf encryption which creates an encrypted pdf of your email and any attachmen…

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now