Set up encryption in Office 365 Enterprise

Encryption can protect your content from being read by unauthorized users. Because encryption in Office 365 can be done using various technologies and methods, there isn't one single place where you turn on or set up encryption. This article provides information about various ways you can set up or configure encryption as part of your information protection strategy.

Tip: If you are looking for more technical details about encryption, see Technical reference details about encryption in Office 365.

With Office 365, several encryption capabilities are available by default. Additional encryption capabilities can be configured to meet certain compliance or legal requirements. The following table describes several encryption methods for different scenarios.


Encryption Methods

Files are saved on Windows computers

Encryption at the computer level can be done using BitLocker on Windows devices. As an enterprise administrator or IT Pro, you can set this up using the Microsoft Deployment Toolkit (MDT). See Set up MDT for BitLocker.

Files are saved on mobile devices

Some kinds of mobile devices encrypt files that are saved to those devices by default. With Mobile Device Management for Office 365, you can set policies that determine whether to allow mobile devices to access data in Office 365. For example, you can set a policy that allows only devices that encrypt content to access Office 365 data. See Create and deploy device security policies.

For additional control over how mobile devices interact with Office 365, you can consider adding Microsoft Intune. See Choose between MDM for Office 365 and Microsoft Intune.

You need control over the encryption keys used to encrypt your data in Microsoft's data centers

As an Office 365 administrator, you can control your organization's encryption keys and then configure Office 365 to use them to encrypt your data at rest in Microsoft's data centers.

People are communicating via email (Exchange Online)

As an Exchange Online administrator, you have several options for configuring email encryption. These include:

See Email encryption in Office 365.

Files are accessed from team sites or document libraries (OneDrive for Business or SharePoint Online)

When people are working with files saved to OneDrive for Business or SharePoint Online, TLS connections are used. This is built into Office 365 automatically. See Data Encryption in OneDrive for Business and SharePoint Online.

Files are shared in online meetings and IM conversations (Skype for Business Online)

When people are working with files using Skype for Business Online, TLS is used for the connection. This is built into Office 365 automatically. See Security and Archiving (Skype for Business Online).

Additional information

To learn more about file protection solutions that include encryption options, see File Protection Solutions in Office 365.

Expand your Office skills
Explore training
Get new features first
Join Office Insiders

Was this information helpful?

Thank you for your feedback!

Thank you for your feedback! It sounds like it might be helpful to connect you to one of our Office support agents.