Q: What is it?
Encryption is the process by which information is encoded so that only an authorized recipient can decode and consume the information. Office 365 uses encryption in two ways: One is by implementing encryption in the service and the second is by offering it to you as a customer control. In the service, we make use of encryption in the platform, where it works by default and you don’t have to configure anything. For example, Office 365 uses Transport Layer Security (TLS) to encrypt the connection, or session, between two servers.
Here’s how email encryption typically works: A message is encrypted, or transformed from plain text into unreadable ciphertext, either on the sender’s machine, or by a central server while the message is in transit. The message remains in ciphertext while it’s in transit in order to protect it from being read in case the message is intercepted. Once the message is received by the recipient, the message is transformed back into readable plain text in one of two ways: The recipient’s machine uses a key to decrypt the message, or A central server decrypts the message on behalf of the recipient, after validating the recipient’s identity.
Watch this video for an introduction to Encryption in Office 365.
Note: S/MIME is not enabled at this time. We are looking into the best ways to leverage IRM.
Q: How do I encrypt a message?
To encrypt a message to a recipient include ‘encrypt’ or ‘encryption’ in the subject line of the message.
Q: Is there anything that external recipients have to do in order to read and reply to email messages that are encrypted with Office 365 Message Encryption?
Recipients outside your organization who receive Office 365 encrypted messages can view them in one of two ways:
- By signing in with a Microsoft account or a work or school account associated with Office 365. For details, see Send, view, and reply to encrypted messages.
- By using a one-time passcode. To learn more, see Use a one-time passcode to view an encrypted message.