Encryption in Office 365

Encryption is an important part of your file protection and information protection strategies. Read this article to get an overview of encryption used for all versions of Office 365, and get help with encryption tasks, from setting up encryption for your organization to password-protecting Office documents.

At a high level, encryption is the process of encoding your data (referred to as plaintext) into ciphertext that cannot be used by people or computers unless and until the ciphertext is decrypted. Decryption requires an encryption key that only authorized users have. Encryption helps ensure that only authorized recipients can decrypt your content, such as email messages and files.

Encryption by itself does not prevent content, such as files, email messages, calendar entries, and so on, from getting into the wrong hands. Encryption is part of a larger information protection strategy for your organization. By using encryption, you can help ensure that only those who should be able to use encrypted data are able to.

You can have multiple layers of encryption in place at the same time. For example, you can encrypt email messages and also the communication channels through which your email flows. With Office 365, your data is encrypted at rest and in transit, using several strong encryption protocols, and technologies that include Transport Layer Security/Secure Sockets Layer (TLS/SSL), Internet Protocol Security (IPSec), and Advanced Encryption Standard (AES).

Examples of data at rest include files that have been uploaded to a SharePoint library, Project Online data, documents that have been uploaded in a Skype for Business meeting, email messages and attachments that are stored in folders in your Office 365 mailbox, and files uploaded to OneDrive for Business.

Examples of data in transit include mail messages that are in the process of being delivered, or conversations that are taking place in an online meeting. In Office 365, data is in transit whenever a user's device is communicating with an Office 365 server, or when an Office 365 server is communicating with another server.

With Office 365, you can have multiple layers and kinds of encryption working together to secure your data. The following table includes some examples, with links to additional information.

Kinds of Content

Encryption Technologies

Resources to learn more

Files on a device. This can include email messages saved in a folder, Office documents saved on a computer, tablet, or phone, or data saved to the Microsoft cloud.

BitLocker in Microsoft datacenters. BitLocker can also be used on client machines, such as Windows computers and tablets

Distributed Key Manager (DKM) in Microsoft datacenters

Customer Key for Office 365

Windows IT Center: BitLocker

Microsoft Trust Center: Encryption

Cloud security controls series: Encrypting Data at Rest

How Exchange Online secures your email secrets

Controlling your data in Office 365 using Customer Key

Files in transit between users. This can include Office documents or SharePoint list items shared between users.

TLS for files in transit

Data Encryption in OneDrive for Business and SharePoint Online

Skype for Business Online: Security and Archiving

Email in transit between recipients. This includes email hosted by Exchange Online.

Office 365 Message Encryption with Azure Rights Management, S/MIME, and TLS for email in transit

Office 365 Message Encryption (OME)

Email encryption in Office 365

How Exchange Online uses TLS to secure email connections in Office 365

In addition to Microsoft-managed solutions of volume encryption, file encryption, and mailbox encryption in Office 365, customer-managed options can be used to meet more stringent security and compliance requirements. Such solutions use Azure Rights Management (Azure RMS) together with Office 365.

See the following resources to learn more:

How do I...

To do this task

See these resources

Set up encryption for my organization

Set up encryption in Office 365 Enterprise

View details about certificates, technologies, and TLS cipher suites in Office 365

Technical details about encryption in Office 365

Work with encrypted messages on a mobile device

View encrypted messages on your Android device

View encrypted messages on your iPhone or iPad

Encrypt a document using password protection

Note: Currently, password protection is not supported in Office Online. Use desktop versions of Word, Excel, and PowerPoint for password protection.

Add or remove protection in your document, workbook, or presentation (Choose an Add protection section, and then see Encrypt with Password)

Remove encryption from a document

Add or remove protection in your document, workbook, or presentation (Choose a Remove protection section, and then see Remove password encryption)

Related topics

Plan for Office 365 security and information protection capabilities
Security and Compliance in Office 365 for business - Admin Help

Connect with an expert
Contact us
Expand your skills
Explore training

Was this information helpful?

Thank you for your feedback!

Thank you for your feedback! It sounds like it might be helpful to connect you to one of our Office support agents.

×