Hello,
I am trying to understand how encryption and decryption of a mailbox works when using Azure Key Vaults to store the encryption keys
Here is the scenario
There are two azure subscriptions, both US based. There is a key provisioned in each key vault which will be used for encryption of data which resides in Office 365 for example Exchange Online. We create a data encryption policy using the two keys and apply the keys to Exchange online mailbox.
My questions are
What is being encrypted the mailbox or each individual message in the mailbox ?
How does outlook reads encrypted mailbox, does it gets decrypted when access by the mailbox owner
How are these encryption keys read, are they read for every mailbox or are they cached ?
what happens if the azure key vaults are down, will the users still be able to access their mailbox