Encryption Risks and Protections

Microsoft follows a control and compliance framework that focuses on risks to the Microsoft 365 service and to customer data. Microsoft implements a large set of technology and process-based methods (referred to as controls) to mitigate these risks. Identification, evaluation and mitigation of risks via controls is a continuous process.

The implementation of controls within various layers of our cloud services such as facilities, network, servers, applications, users (such as Microsoft administrators) and data form a defense-in-depth strategy. The key to this strategy is that many different controls are implemented at different layers to protect against the same or similar risk scenarios. This multi-layered approach provides fail-safe protection in case a control fails for some reason.

Some risk scenarios and the currently available encryption technologies that mitigate them are listed below. These scenarios are in many cases also mitigated via other controls implemented in Office 365.

Encryption Technology Services Key Management Risk Scenario Value
BitLocker Exchange Online, SharePoint Online, and Skype for Business Microsoft Disks or servers are stolen or improperly recycled. BitLocker provides a fail-safe approach to protect against loss of data due to stolen or improperly recycled hardware (server/disk).
Service encryption SharePoint Online, Skype for Business, and OneDrive for Business; Exchange Online (on roadmap) Microsoft Internal or external hacker tries to access individual files/data as a blob. The encrypted data cannot be decrypted without access to keys. Helps to mitigate risk of a hacker accessing data.
Customer Key SharePoint Online, OneDrive for Business, Exchange Online, and Skype for Business Customer N/A (This feature is designed as a compliance feature; not as a mitigation for any risk.) Helps customers meet internal regulation and compliance obligations, and the ability to leave the service and revoke Microsoft's access to data
TLS between Microsoft 365 and clients Exchange Online, SharePoint Online, OneDrive for Business, Skype for Business, Teams, and Yammer Microsoft, Customer Man-in-the-middle or other attack to tap the data flow between Microsoft 365 and client computers over Internet. This implementation provides value to both Microsoft and customers and assures data integrity as it flows between Microsoft 365 and the client.
TLS between Microsoft datacenters Exchange Online, SharePoint Online, OneDrive for Business, and Skype for Business Microsoft Man-in-the-middle or other attack to tap the customer data flow between Microsoft 365 servers located in different Microsoft datacenters. This implementation is another method to protect data against attacks between Microsoft datacenters.
Azure Rights Management (included in Microsoft 365 or Azure Information Protection) Exchange Online, SharePoint Online, and OneDrive for Business Customer Data falls into the hands of a person who should not have access to the data. Azure Information Protection uses Azure RMS which provides value to customers by using encryption, identity, and authorization policies to help secure files and email across multiple devices. Azure RMS provides value to customers where all emails originating from Microsoft 365 that match certain criteria (i.e., all emails to a certain address) can be automatically encrypted before they get sent to another recipient.
S/MIME Exchange Online Customer Email falls into the hands of a person who is not the intended recipient. S/MIME provides value to customers by assuring that email encrypted with S/MIME can only be decrypted by the direct recipient of the email.
Office 365 Message Encryption Exchange Online, SharePoint Online Customer Email, including protected attachments, falls in hands of a person either within or outside Microsoft 365 who is not the intended recipient of the email. OME provides value to customers where all emails originating from Microsoft 365 that match certain criteria (i.e., all emails to a certain address) are automatically encrypted before they get sent to another internal or an external recipient.
SMTP TLS with partner organization Exchange Online Customer Email is intercepted via a man-in-the-middle or other attack while in transit from a Microsoft 365 tenant to another partner organization. This scenario provides value to the customer such that they can send/receive all emails between their Microsoft 365 tenant and their partner's email organization inside an encrypted SMTP channel.

Encryption technologies available in multi-tenant environments

Encryption Technology Implemented by Key Exchange Algorithm and Strength Key Management* FIPS 140-2 Validated
BitLocker Exchange Online AES 256-bit AES external key is stored in a Secret Safe and in the registry of the Exchange server. The Secret Safe is a secured repository that requires high-level elevation and approvals to access. Access can be requested and approved only by using an internal tool called Lockbox. The AES external key is also stored in the Trusted Platform Module in the server. A 48-digit numerical password is stored in Active Directory and protected by Lockbox. Yes, for servers that use AES 256-bit**
SharePoint Online AES 256-bit AES external key is stored in a Secret Safe. The Secret Safe is a secured repository that requires high-level elevation and approvals to access. Access can be requested and approved only by using an internal tool called Lockbox. The AES external key is also stored in the Trusted Platform Module in the server. A 48-digit numerical password is stored in Active Directory and protected by Lockbox. Yes
Skype for Business AES 256-bit AES external key is stored in a Secret Safe. The Secret Safe is a secured repository that requires high-level elevation and approvals to access. Access can be requested and approved only by using an internal tool called Lockbox. The AES external key is also stored in the Trusted Platform Module in the server. A 48-digit numerical password is stored in Active Directory and protected by Lockbox. Yes
Service Encryption SharePoint Online AES 256-bit The keys used to encrypt the blobs are stored in the SharePoint Online Content Database. The SharePoint Online Content Database is protected by database access controls and encryption at rest. Encryption is performed using TDE in Azure SQL Database. These secrets are at the service level for SharePoint Online, not at the tenant level. These secrets (sometimes referred to as the master keys) are stored in a separate secure repository called the Key Store. TDE provides security at rest for both the active database and the database backups and transaction logs. When customers provide the optional key, the customer key is stored in Azure Key Vault, and the service uses the key to encrypt a tenant key, which is used to encrypt a site key, which is then used to encrypt the file level keys. Essentially, a new key hierarchy is introduced when the customer provides a key. Yes
Skype for Business AES 256-bit Each piece of data is encrypted using a different randomly generated 256-bit key. The encryption key is stored in a corresponding metadata XML file which is also encrypted by a per-conference master key. The master key is also randomly generated once per conference. Yes
Exchange Online AES 256-bit Each mailbox is encrypted using a data encryption policy that uses encryption keys controlled by Microsoft (on roadmap) or by the customer (when Customer Key is used). Yes
TLS between Microsoft 365 and clients/partners Exchange Online Opportunistic TLS supporting multiple cipher suites The TLS certificate for Exchange Online (outlook.office.com) is a 2048-bit SHA256RSA certificate issued by Baltimore CyberTrust Root.

The TLS root certificate for Exchange Online is a 2048-bit SHA1RSA certificate issued by Baltimore CyberTrust Root.
Yes, when TLS 1.2 with 256-bit cipher strength is used
SharePoint Online TLS 1.2 with AES 256

Data Encryption in OneDrive for Business and SharePoint Online
The TLS certificate for SharePoint Online (*.sharepoint.com) is a 2048-bit SHA256RSA certificate issued by Baltimore CyberTrust Root.

The TLS root certificate for SharePoint Online is a 2048-bit SHA1RSA certificate issued by Baltimore CyberTrust Root.
Yes
Skype for Business TLS for SIP communications and PSOM data sharing sessions The TLS certificate for Skype for Business (*.lync.com) is a 2048-bit SHA256RSA certificate issued by Baltimore CyberTrust Root.

The TLS root certificate for Skype for Business is a 2048-bit SHA256RSA certificate issued by Baltimore CyberTrust Root.
Yes
Microsoft Teams TLS 1.2 with AES 256

Frequently asked questions about Microsoft Teams – Admin Help
The TLS certificate for Microsoft Teams (teams.microsoft.com, edge.skype.com) is a 2048-bit SHA256RSA certificate issued by Baltimore CyberTrust Root.

The TLS root certificate for Microsoft Teams is a 2048-bit SHA256RSA certificate issued by Baltimore CyberTrust Root.
Yes
TLS between Microsoft datacenters All Microsoft 365 services TLS 1.2 with AES 256

Secure Real-time Transport Protocol (SRTP)
Microsoft uses an internally managed and deployed certification authority for server-to-server communications between Microsoft datacenters. Yes
Azure Rights Management (included in Microsoft 365 or Azure Information Protection) Exchange Online Supports Cryptographic Mode 2, an updated and enhanced RMS cryptographic implementation. It supports RSA 2048 for signature and encryption, and SHA-256 for hash in the signature. Managed by Microsoft. Yes
SharePoint Online Supports Cryptographic Mode 2, an updated and enhanced RMS cryptographic implementation. It supports RSA 2048 for signature and encryption, and SHA-256 for signature. Managed by Microsoft, which is the default setting; or

Customer-managed, which is an alternative to Microsoft-managed keys. Organizations that have an IT-managed Azure subscription can use BYOK and log its usage at no extra charge. For more information, see Implementing bring your own key. In this configuration, nCipher HSMs are used to protect your keys. For more information, see nCipher HSMs and Azure RMS.
Yes
S/MIME Exchange Online Cryptographic Message Syntax Standard 1.5 (PKCS #7) Depends on the customer-managed public key infrastructure deployed. Key management is performed by the customer, and Microsoft never has access to the private keys used for signing and decryption. Yes, when configured to encrypt outgoing messages with 3DES or AES256
Office 365 Message Encryption Exchange Online Same as Azure RMS (Cryptographic Mode 2 - RSA 2048 for signature and encryption, and SHA-256 for signature) Uses Azure Information Protection as its encryption infrastructure. The encryption method used depends on where you obtain the RMS keys used to encrypt and decrypt messages. Yes
SMTP TLS with partner organization Exchange Online TLS 1.2 with AES 256 The TLS certificate for Exchange Online (outlook.office.com) is a 2048-bit SHA256RSA certificate issued by Baltimore CyberTrust Root.

The TLS root certificate for Exchange Online is a 2048-bit SHA1RSA certificate issued by Baltimore CyberTrust Root.
Yes, when TLS 1.2 with 256-bit cipher strength is used

*TLS certificates referenced in this table are for US datacenters; non-US datacenters also use 2048-bit SHA256RSA certificates.

**Most servers in the Exchange Online multi-tenant environment have been deployed with AES 256-bit encryption for BitLocker. Servers using AES 128-bit are being phased out.

Encryption technologies available in Government cloud community environments

Encryption Technology Implemented by Key Exchange Algorithm and Strength Key Management* FIPS 140-2 Validated
BitLocker Exchange Online AES 256-bit AES external key is stored in a Secret Safe and in the registry of the Exchange server. The Secret Safe is a secured repository that requires high-level elevation and approvals to access. Access can be requested and approved only by using an internal tool called Lockbox. The AES external key is also stored in the Trusted Platform Module in the server. A 48-digit numerical password is stored in Active Directory and protected by Lockbox. Yes
SharePoint Online AES 256-bit AES external key is stored in a Secret Safe. The Secret Safe is a secured repository that requires high-level elevation and approvals to access. Access can be requested and approved only by using an internal tool called Lockbox. The AES external key is also stored in the Trusted Platform Module in the server. A 48-digit numerical password is stored in Active Directory and protected by Lockbox. Yes
Skype for Business AES 256-bit AES external key is stored in a Secret Safe. The Secret Safe is a secured repository that requires high-level elevation and approvals to access. Access can be requested and approved only by using an internal tool called Lockbox. The AES external key is also stored in the Trusted Platform Module in the server. A 48-digit numerical password is stored in Active Directory and protected by Lockbox. Yes
Service Encryption SharePoint Online AES 256-bit The keys used to encrypt the blobs are stored in the SharePoint Online Content Database. The SharePoint Online Content Databases is protected by database access controls and encryption at rest. Encryption is performed using TDE in Azure SQL Database. These secrets are at the service level for SharePoint Online, not at the tenant level. These secrets (sometimes referred to as the master keys) are stored in a separate secure repository called the Key Store. TDE provides security at rest for both the active database and the database backups and transaction logs. When customers provide the optional key, the Customer Key is stored in Azure Key Vault, and the service uses the key to encrypt a tenant key, which is used to encrypt a site key, which is then used to encrypt the file level keys. Essentially, a new key hierarchy is introduced when the customer provides a key. Yes
Skype for Business AES 256-bit Each piece of data is encrypted using a different randomly generated 256-bit key. The encryption key is stored in a corresponding metadata XML file which is also encrypted by a per-conference master key. The master key is also randomly generated once per conference. Yes
Exchange Online AES 256-bit Each mailbox is encrypted using a data encryption policy that uses encryption keys controlled by Microsoft or by the customer (when Customer Key is used). Yes
TLS between Microsoft 365 and clients/partners Exchange Online Opportunistic TLS supporting multiple cipher suites The TLS certificate for Exchange Online (outlook.office.com) is a 2048-bit SHA256RSA certificate issued by Baltimore CyberTrust Root.

The TLS root certificate for Exchange Online is a 2048-bit SHA1RSA certificate issued by Baltimore CyberTrust Root.
Yes, when TLS 1.2 with 256-bit cipher strength is used
SharePoint Online TLS 1.2 with AES 256 The TLS certificate for SharePoint Online (*.sharepoint.com) is a 2048-bit SHA256RSA certificate issued by Baltimore CyberTrust Root.

The TLS root certificate for SharePoint Online is a 2048-bit SHA1RSA certificate issued by Baltimore CyberTrust Root.
Yes
Skype for Business TLS for SIP communications and PSOM data sharing sessions The TLS certificate for Skype for Business (*.lync.com) is a 2048-bit SHA256RSA certificate issued by Baltimore CyberTrust Root.

The TLS root certificate for Skype for Business is a 2048-bit SHA256RSA certificate issued by Baltimore CyberTrust Root.
Yes
Microsoft Teams Frequently asked questions about Microsoft Teams – Admin Help The TLS certificate for Microsoft Teams (teams.microsoft.com; edge.skype.com) is a 2048-bit SHA256RSA certificate issued by Baltimore CyberTrust Root.

The TLS root certificate for Microsoft Teams is a 2048-bit SHA256RSA certificate issued by Baltimore CyberTrust Root.
Yes
TLS between Microsoft datacenters Exchange Online, SharePoint Online, Skype for Business TLS 1.2 with AES 256 Microsoft uses an internally managed and deployed certification authority for server-to-server communications between Microsoft datacenters. Yes
Secure Real-time Transport Protocol (SRTP)
Azure Rights Management Service Exchange Online Supports Cryptographic Mode 2, an updated and enhanced RMS cryptographic implementation. It supports RSA 2048 for signature and encryption, and SHA-256 for hash in the signature. Managed by Microsoft. Yes
SharePoint Online Supports Cryptographic Mode 2, an updated and enhanced RMS cryptographic implementation. It supports RSA 2048 for signature and encryption, and SHA-256 for hash in the signature. Managed by Microsoft, which is the default setting; or

Customer-managed (also known as BYOK), which is an alternative to Microsoft-managed keys. Organizations that have an IT-managed Azure subscription can use BYOK and log its usage at no extra charge. For more information, see Implementing bring your own key.

In the BYOK scenario, nCipher HSMs are used to protect your keys. For more information, see nCipher HSMs and Azure RMS.
Yes
S/MIME Exchange Online Cryptographic Message Syntax Standard 1.5 (PKCS #7) Depends on the public key infrastructure deployed. Yes, when configured to encrypt outgoing messages with 3DES or AES-256.
Office 365 Message Encryption Exchange Online Same as Azure RMS (Cryptographic Mode 2 - RSA 2048 for signature and encryption, and SHA-256 for hash in the signature) Uses Azure RMS as its encryption infrastructure. The encryption method used depends on where you obtain the RMS keys used to encrypt and decrypt messages.

If you use Microsoft Azure RMS to obtain the keys, Cryptographic Mode 2 is used. If you use Active Directory (AD) RMS to obtain the keys, either Cryptographic Mode 1 or Cryptographic Mode 2 is used. The method used depends on your on-premises AD RMS deployment. Cryptographic Mode 1 is the original AD RMS cryptographic implementation. It supports RSA 1024 for signature and encryption and supports SHA-1 for signature. This mode continues to be supported by all current versions of RMS, except for BYOK configurations that use HSMs.
Yes
SMTP TLS with partner organization Exchange Online TLS 1.2 with AES 256 The TLS certificate for Exchange Online (outlook.office.com) is a 2048-bit SHA256RSA certificate issued by Baltimore CyberTrust Root.

The TLS root certificate for Exchange Online is a 2048-bit sha1RSA certificate issued by Baltimore CyberTrust Root.

Be aware that for security reasons, our certificates do change from time to time.
Yes

*TLS certificates referenced in this table are for US datacenters; non-US datacenters also use 2048-bit SHA256RSA certificates.