Solved

How secure is Office 365 Message Encryption?

Posted on 2014-12-17
2
486 Views
Last Modified: 2014-12-22
Hi,

As rather a security novice I'm looking more for advised opinion than a solution to a problem but I'll try and grant credit for the most useful response(s).

We use Office 365 and I've had requests for communicating potentially sensitive data securely to external parties. In the past I've used PGP and feel that the communication part of that is pretty secure if otherwise following good practice. It's not the easiest solution to implement, however, and so I have been looking at Office 365 Message Encryption. I can't find any negative comment about this, which I'd like to believe is a good thing, and yet it seems to me that there is a big loophole. In a PGP solution, whatever I send leaves my PC encrypted and it would be pretty useless to anyone who may intercept along the way. With Office 365 Message Encryption I understand that the encryption is done at the server. My connection to the server may be secure but I still take that to mean that Microsoft is receiving basically a clear text copy of my message that they may store or pass on. The message is of course encrypted further down the line but with a mind to also protecting against potential legal and/or government access I don't want anyone to be able to see it.

Is my understanding of the O365 message encryption service correct or does anyone know of something that also cuts out any possible Microsoft access? And of course without soliciting any commercially aimed contributions I'd be interested to know of any other truly secure and yet simple to implement solutions that people use.

Many thanks for you comments.
Chris
0
Comment
Question by:CDaunt
2 Comments
 
LVL 8

Accepted Solution

by:
R_Edwards earned 500 total points
ID: 40504530
Chris,
     in a nutshell, no the Microsoft admins that control the office 365 servers cannot read your encrypted email.  the encryption that is used is unique for each site for office 365.  here are a few sites that explain it.

http://technet.microsoft.com/en-us/library/dn569285.aspx

http://technet.microsoft.com/en-us/library/dn569286.aspx

Have a Merry Christmas.

-=Richard
0
 

Author Closing Comment

by:CDaunt
ID: 40512474
Hi Richard,

Thanks for your feedback. Info on one of the links that I hadn't seen and is useful. I'd still love to find an independent take and review of this. Almost everything I have found is either Microsoft's own material or articles that are little more than a rehash of Microsoft's media statements,

Have a great Christmas too.

Best
Chris
0

Featured Post

Why do Marketing keep bothering you?

Is your marketing department constantly asking for new email signature updates? Are they requesting a different design for every department? Do they need yet another banner added? Don’t let it get you down! There is an easy way to manage all of these requests...

Join & Write a Comment

Article by: btan
Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
Companies keep a much closer eye on costs today, so changing to new Technology – Microsoft Office 365 is the smartest move to take.
This is Part 3 in a 3-part series on Experts Exchange to discuss error handling in VBA code written for Excel. Part 1 of this series discussed basic error handling code using VBA. http://www.experts-exchange.com/videos/1478/Excel-Error-Handlin…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now