TechNet
Export (0) Print
Expand All

Encryption in Office 365

 

Topic Last Modified: 2016-07-18

Summary: Describes how Microsoft uses encryption to protect and secure your data and communications with Office 365. Also provides links to more information about how you can further secure your environment.

For more information about security in Office 365, see the Office 365 trust center.

Office 365 encrypts your data while it's on our servers and while it's being transmitted between you and Microsoft. Office 365 provides controls for end users and administrators to fine tune what kind of encryption you want to use to protect your files and email communications.

You do not need to purchase or maintain certificates for Office 365 since Microsoft uses its own certificates.

Transport Layer Security (TLS), and SSL that came before TLS, are cryptographic protocols that secure communication over a network by using security certificates to encrypt a connection between computers. Office 365 supports several versions of TLS, including:

  • TLS version 1.2 (TLS 1.2)

  • TLS version 1.1 (TLS 1.1)

  • TLS version 1.0 (TLS 1.0)

In June 2016, Office 365 began deprecating support for SHA-1 certificates for outbound or inbound connections.

All devices that connect to Office 365 need to support SHA-2. If you are currently using a certificate with SHA-1 in the certificate chain, update the chain to use SHA-2 (Secure Hash Algorithm 2) or a stronger hashing algorithm.

For more information about enforcement, see "Enforcement details" and "Schedule" in Windows Enforcement of Authenticode Code Signing and Timestamping.

In July 2015, support for the following RC4 cipher suites was discontinued:

  • TLS_RSA_WITH_RC4_128_SHA

  • TLS_RSA_WITH_RC4_128_MD5

Starting December 1, 2014, Office 365 began disabling support for Secure Sockets Layer (SSL) 3.0, the predecessor to TLS. For more information, see Security advisory 3009008. For instructions on how to ensure clients are using TLS 1.0 or higher and to disable SSL 3.0, see Protecting you against the SSL 3.0 vulnerability.

A cipher suite is a collection of encryption algorithms that TLS uses to establish secure connections. Cipher suites supported by Office 365 are listed in the following table in order of strength with the strongest cipher suite listed first. When Office 365 receives a connection request, Office 365 first attempts to connect using the topmost cipher suite then, if unsuccessful, tries the second cipher suite in the list and so on down the list. When Office 365 sends a connection request to another server or to a client, it's up to the receiving server or client to choose the cipher suite or whether TLS will be used at all.

 

Protocols Cipher suite name Key exchange algorithm/Strength Perfect Forward Secrecy support Authentication algorithm/Strength Cipher/Strength

TLS 1.2

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384

ECDH/192

Yes

RSA/112

AES/256

TLS 1.2

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256

ECDH/128

Yes

RSA/112

AES/128

TLS 1.0, 1.1, 1.2

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384

ECDH/192

Yes

RSA/112

AES/256

TLS 1.0, 1.1, 1.2

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256

ECDH/128

Yes

RSA/112

AES/128

TLS 1.2

TLS_RSA_WITH_AES_256_CBC_SHA256

RSA/112

No

RSA/112

AES/256

TLS 1.2

TLS_RSA_WITH_AES_128_CBC_SHA256

RSA/112

No

RSA/112

AES/128

TLS 1.0, 1.1, 1.2

TLS_RSA_WITH_AES_256_CBC_SHA

RSA/112

No

RSA/112

AES/256

TLS 1.0, 1.1, 1.2

TLS_RSA_WITH_AES_128_CBC_SHA

RSA/112

No

RSA/112

AES/128

TLS 1.0, 1.1, 1.2

TLS_RSA_WITH_3DES_EDE_CBC_SHA

RSA/112

No

RSA/112

3DES/192

 

For information about...See...

The different types of email encryption options in Office 365 including Office Message Encryption (OME), S/MIME, Information Rights Management (IRM).

Email encryption in Office 365

How messages are encrypted between Office 365 customers within Microsoft's own datacenters.

Certificate information for Exchange Online Protection.

How Exchange Online uses TLS to secure email connections in Office 365

Who or what can access my Office 365 email?

How Exchange Online secures your email secrets

Customizing the look and feel of encrypted messages that are sent from Office 365 account?

Add branding to encrypted messages

Using rights management with Office 365 Message Encryption.

Set up Microsoft Azure Rights Management for Office 365 Message Encryption

How do you work with encrypted messages?

Define rules to encrypt or decrypt email messages

Send, view, and reply to encrypted messages

Use a one-time passcode to view an encrypted message

Technical compliance, supported message types, privacy information, retention policies, etc.

Service information for Office 365 Message Encryption

Office 365 Messaging Encryption Portal and Viewer App privacy statement

Office 365 Message Encryption FAQ

 
Show:
© 2016 Microsoft