Office 365's E-Mail Encryption Service Hits General Availability

Microsoft's Office 365 Message Encryption service, unveiled in November, is now commercially available, the company announced this week.

The service is available at no additional cost via Office 365 E3 and E4 subscription plans, or via a Windows Azure Rights Management subscription at $2 per user per month.

"It's high time that commercial-grade consumer products started emphasizing better cryptographic capability," said Gary McGraw, chief technology officer at Cigital, a Dulles, Va.-based software security consulting firm, via e-mail. "It's up to users to make use of it."

Microsoft describes Office 365 Message Encryption as an enhancement to its Exchange Hosted Encryption service, and users of that service will get upgraded to the new service sometime this quarter. Organizations using Exchange Hosted Encryption will get a notice about four weeks before the upgrade, according to Microsoft's upgrade page.

The Office 365 Message Encryption service is also available for Exchange Server 2013 users. The service gets accessed either through Microsoft's recently updated Exchange Online Protection service or "by using hybrid mail-flow," according to Microsoft's announcement.

Office 365 Message Encryption features "policy-based encryption," according to Microsoft's description. It lets IT pros set the rules for when e-mails will get encrypted, using either a graphical user interface or PowerShell. Microsoft claims that the encrypted e-mail is "delivered directly to [the] recipient's inbox and not to a Web service." In addition, Microsoft claims that the service "eliminates the need for certificate maintenance."

Microsoft's Q&A on Office 365 Message Encryption explains that the service uses five security elements. It uses the Secure/Multipurpose Internet Mail Extensions (S/MIME) standard, which generates client-side encryption keys, although Microsoft takes away the trouble of an organization having to set up S/MIME. It uses the Transport Layer Security (TLS) protocol that's typically used for Internet transactions, as well as Secure Sockets Layer encryption. Microsoft's own Information Rights Management service is used to prevent information designated as sensitive from being "printed, forwarded or copied." It also includes Microsoft's BitLocker hard-drive encryption technology.

The service is rolling out in the context of massive U.S. National Security Agency electronic spying details leaked by whistle-blower Edward Snowden, including the notion that widely used cryptographic standards can be cracked by that agency. In addition, U.S.-based Microsoft is subject to U.S. laws that make information stored on Microsoft's servers in the United States subject government disclosure without a public legal process or notification to the user of the service, in some cases. Microsoft, hoping to expand its cloud operations abroad, apparently has reacted to that circumstance by promising European Union countries that their data can be stored outside the United States.

Microsoft has received bad publicity on the cloud privacy front by allegations from Snowden-leaked documents that it was one of the first of many service provider companies to join the NSA's PRISM program, which purportedly allows NSA agents to simply take information from Microsoft's servers, although Microsoft and other cloud service providers have repeatedly denied that capability. The FBI also reportedly approached a Microsoft engineer to create a backdoor to BitLocker.

It's also not clear what happens to encrypted messages using the Office 365 Message Encryption service when they get routed through Microsoft's server infrastructure. Brad Smith, Microsoft's general counsel and executive vice president of Legal and Corporate Affairs, has promised that traffic for Office 365, Windows Azure, and SkyDrive (now called "OneDrive") will get Perfect Forward Secrecy encryption by default sometime by the end of this year.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.


  • The 2020 Microsoft Product Roadmap

    From the next major update to Windows 10 to the next generations of .NET and PowerShell, here's what's on tap from Microsoft this year.

  • 2020 Microsoft Conference Calendar: For Partners, IT Pros and Developers

    Here's your guide to all the IT training sessions, partner meet-ups and annual Microsoft conferences you won't want to miss. (Now updated with COVID-19-related event changes.)

  • Curvey Stone Steps Graphic

    Microsoft Makes Run at 5G, Edge Computing with Azure Edge Zones

    Microsoft is promising to enable new edge computing scenarios for partners and developers with Azure Edge Zones, which became available as a preview this week.

  • Microsoft's Entire 2020 Event Lineup Going 'Digital-First'

    In response to concerns about the ongoing coronavirus (COVID-19) pandemic, Microsoft is transitioning all of its big conferences in 2020 to be online only.

RCP Update

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.