Solved

How secure is Office 365 Message Encryption?

Posted on 2014-12-17
2
514 Views
Last Modified: 2014-12-22
Hi,

As rather a security novice I'm looking more for advised opinion than a solution to a problem but I'll try and grant credit for the most useful response(s).

We use Office 365 and I've had requests for communicating potentially sensitive data securely to external parties. In the past I've used PGP and feel that the communication part of that is pretty secure if otherwise following good practice. It's not the easiest solution to implement, however, and so I have been looking at Office 365 Message Encryption. I can't find any negative comment about this, which I'd like to believe is a good thing, and yet it seems to me that there is a big loophole. In a PGP solution, whatever I send leaves my PC encrypted and it would be pretty useless to anyone who may intercept along the way. With Office 365 Message Encryption I understand that the encryption is done at the server. My connection to the server may be secure but I still take that to mean that Microsoft is receiving basically a clear text copy of my message that they may store or pass on. The message is of course encrypted further down the line but with a mind to also protecting against potential legal and/or government access I don't want anyone to be able to see it.

Is my understanding of the O365 message encryption service correct or does anyone know of something that also cuts out any possible Microsoft access? And of course without soliciting any commercially aimed contributions I'd be interested to know of any other truly secure and yet simple to implement solutions that people use.

Many thanks for you comments.
Chris
0
Comment
Question by:CDaunt
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 8

Accepted Solution

by:
R_Edwards earned 500 total points
ID: 40504530
Chris,
     in a nutshell, no the Microsoft admins that control the office 365 servers cannot read your encrypted email.  the encryption that is used is unique for each site for office 365.  here are a few sites that explain it.

http://technet.microsoft.com/en-us/library/dn569285.aspx

http://technet.microsoft.com/en-us/library/dn569286.aspx

Have a Merry Christmas.

-=Richard
0
 

Author Closing Comment

by:CDaunt
ID: 40512474
Hi Richard,

Thanks for your feedback. Info on one of the links that I hadn't seen and is useful. I'd still love to find an independent take and review of this. Almost everything I have found is either Microsoft's own material or articles that are little more than a rehash of Microsoft's media statements,

Have a great Christmas too.

Best
Chris
0

Featured Post

Free Tool: Postgres Monitoring System

A PHP and Perl based system to collect and display usage statistics from PostgreSQL databases.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Adoption of Microsoft’s Enterprise Mobility and Security solution and Office 365 will re-order the File Sync and Share market Microsoft has stated that its Enterprise Mobility + Security (EMS) is the fastest growing product in the history of the …
This Experts Exchange video Micro Tutorial shows how to tell Microsoft Office that a word is NOT spelled correctly. Microsoft Office has a built-in, main dictionary that is shared by Office apps, including Excel, Outlook, PowerPoint, and Word. When …
how to add IIS SMTP to handle application/Scanner relays into office 365.

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question