Enable encryption to help meet your compliance obligations
Microsoft 365 uses some of the strongest encryption protocols available - data is encrypted by default, at rest and in transit.
- For data at rest, data is encrypted at the physical disk with BitLocker and in applications with service encryption.
- Data in transit is encrypted with TLS (Transport Layer Security) as it moves across the network.
For more granular control of data in transit, you can encrypt data at the content level, with Message Encryption and Azure Information Protection.
If you have specific compliance obligations to provide and control your encryption keys, Microsoft 365 provides several options like Customer Key, which lets you add another layer of encryption that belongs to you, not Microsoft.