Solved

How secure is Office 365 Message Encryption?

Posted on 2014-12-17
2
526 Views
Last Modified: 2014-12-22
Hi,

As rather a security novice I'm looking more for advised opinion than a solution to a problem but I'll try and grant credit for the most useful response(s).

We use Office 365 and I've had requests for communicating potentially sensitive data securely to external parties. In the past I've used PGP and feel that the communication part of that is pretty secure if otherwise following good practice. It's not the easiest solution to implement, however, and so I have been looking at Office 365 Message Encryption. I can't find any negative comment about this, which I'd like to believe is a good thing, and yet it seems to me that there is a big loophole. In a PGP solution, whatever I send leaves my PC encrypted and it would be pretty useless to anyone who may intercept along the way. With Office 365 Message Encryption I understand that the encryption is done at the server. My connection to the server may be secure but I still take that to mean that Microsoft is receiving basically a clear text copy of my message that they may store or pass on. The message is of course encrypted further down the line but with a mind to also protecting against potential legal and/or government access I don't want anyone to be able to see it.

Is my understanding of the O365 message encryption service correct or does anyone know of something that also cuts out any possible Microsoft access? And of course without soliciting any commercially aimed contributions I'd be interested to know of any other truly secure and yet simple to implement solutions that people use.

Many thanks for you comments.
Chris
0
Comment
Question by:CDaunt
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 8

Accepted Solution

by:
R_Edwards earned 500 total points
ID: 40504530
Chris,
     in a nutshell, no the Microsoft admins that control the office 365 servers cannot read your encrypted email.  the encryption that is used is unique for each site for office 365.  here are a few sites that explain it.

http://technet.microsoft.com/en-us/library/dn569285.aspx

http://technet.microsoft.com/en-us/library/dn569286.aspx

Have a Merry Christmas.

-=Richard
0
 

Author Closing Comment

by:CDaunt
ID: 40512474
Hi Richard,

Thanks for your feedback. Info on one of the links that I hadn't seen and is useful. I'd still love to find an independent take and review of this. Almost everything I have found is either Microsoft's own material or articles that are little more than a rehash of Microsoft's media statements,

Have a great Christmas too.

Best
Chris
0

Featured Post

[Webinar] Code, Load, and Grow

Managing multiple websites, servers, applications, and security on a daily basis? Join us for a webinar on May 25th to learn how to simplify administration and management of virtual hosts for IT admins, create a secure environment, and deploy code more effectively and frequently.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

My attempt to use PowerShell and other great resources found online to simplify the deployment of Office 365 ProPlus client components to any workstation that needs it, regardless of existing Office components that may be needing attention.
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question