Data Encryption Technologies

in Office 365
Published: June 2015

© 2015 Microsoft Corporation. All rights reserved. This document is provided "as-is." Information and views expressed in this document, including URL and other Internet Web site
references, may change without notice. You bear the risk of using it. Some examples are for illustration only and are fictitious. No real association is intended or inferred. This document does
not provide you with any legal rights to any intellectual property in any Microsoft product. You may copy and use this document for your internal, reference purposes. This document is
confidential and proprietary to Microsoft. It is disclosed and can be used only pursuant to a non-disclosure agreement.
Document type: Controlled (Microsoft Confidential - handed to customer under NDA)
Document stage: Published
Next review: December 2015
Feedback: CXP Risk Assurance Documentation – cxprad@microsoft.com

Introduction
The security, privacy, and integrity of customer data within Microsoft Office 365 is a high priority for
Microsoft. We protect customer content by using a variety of technologies and processes. Among the
technologies we use are various forms of encryption. Within Office 365, customer data is encrypted at
rest and while in transit through the use of service-side controls. Office 365 also includes several
encryption features that are customer-managed, but irrespective of customer configuration, customer
data stored within Office 365 is protected.

This document provides an overview of the various encryption technologies that are currently available
or recently announced for Office 365, including features deployed and managed by Microsoft, and
features available to and managed by Office 365 customers. This document also discusses some
common risks to data, and how encryption protects data in those scenarios.

Service-side Encryption Technologies

Office 365 uses service-side technologies that encrypt customer data at rest and in transit. For customer
data at rest, Office 365 uses volume-level and file-level encryption. For customer data in-transit, Office
365 uses multiple encryption technologies for communications between datacenters and between
clients and servers, such as Secure Sockets Layer (SSL), Transport Layer Security (TLS), and Internet
Protocol Security (IPSec).

Encryption of Customer Data at Rest

Encryption at rest is provided by two technologies: BitLocker volume-level encryption, and per-file
encryption in Skype for Business Online and SharePoint Online.

Volume-level encryption
Office 365 uses BitLocker to encrypt customer data at rest at the volume-level. BitLocker encryption is a
data protection feature that is integrated with Windows. BitLocker is one of the technologies used to
safeguard against threats in case there are lapses in other processes or controls (e.g., access control or
recycling of hardware) that could lead to someone gaining physical access to disks containing customer
data. In this case, BitLocker eliminates the potential for data theft or exposure as a result of lost, stolen,
or inappropriately decommissioned computers and disks.

BitLocker is deployed with Advanced Encryption Standard (AES) 128-bit+ encryption on disks containing
customer content in Exchange Online, SharePoint Online, and Skype for Business Online applications in
Office 365 enterprise service. BitLocker uses FIPS-compliant algorithms to ensure that keys are never
stored or sent over the wire in the clear. Office 365 stores the master keys in a secured share, only
accessible by individuals who have been screened and approved. The credentials for the keys are stored
in a secret store, which requires a high level of elevation and approvals to access. All elevated access is
both approved and logged by a group other than the group requesting access.

File-level encryption
Skype for Business Online and SharePoint Online include file-level encryption.
Document type: Controlled (Microsoft Confidential - handed to customer under NDA)
Document stage: Published
Next review: December 2015
Feedback: CXP Risk Assurance Documentation – cxprad@microsoft.com

Skype for Business Online

In Skype for Business Online, customer data at rest may be stored in the form of files or presentations
that have been uploaded by meeting participants. The Web Conferencing server encrypts data content
using AES with a 128-bit key. The encrypted data content is stored on a file share. Each piece of content
is encrypted using a different randomly generated 128-bit key. The encryption key is stored in a
corresponding metadata XML file which is also encrypted by a per-conference master key. The master
key is also randomly generated once per conference. When a piece of content is shared in a conference,
the Web Conferencing server instructs the conferencing clients to download the encrypted content via
HTTPS. It sends the corresponding key to clients so that the content can be decrypted.

The Web Conferencing server also authenticates conferencing clients before it allows the clients access
to conference content. When joining a Web conference, each conferencing client establishes a SIP dialog
with the conferencing focus component running inside the front-end server over TLS first. The
conferencing focus passes to the conference client an authentication cookie generated by the Web
Conferencing server. The conferencing client then connects to the Web Conferencing server presenting
the authentication cookie to be authenticated by the server.

SharePoint Online
In SharePoint Online, all content is encrypted, potentially with multiple AES 256-bit keys and distributed
across the datacenter as follows. Every step of this encryption is FIPS 140-2 compliant.

 Each file is broken into one or more chunks, depending on file size. Each chunk is encrypted
using its own unique key.
 When a file is updated, the update is handled in the same way: the change is broken into one or
more chunks and each chunk is encrypted with a separate unique key.
 All of these chunks – files, pieces of files, and update deltas – are stored as blobs in Azure
storage that are randomly distributed across multiple Azure storage accounts.
 The set of encryption keys for these chunks of content is itself encrypted using an
independently-generated master key.
o The encrypted keys are stored in the SharePoint Content Database.
o The master key to decrypt the keys to the shreds is stored in a separate secure store
called the Key Store.
 The “map” used to re-assemble the file is stored in the SharePoint Content Database along with
the encrypted keys, separately from the master key needed to decrypt them.
 Each Azure storage account has its own unique credentials per access type (read, write,
enumerate and delete). Each set of credentials is held in the secure Key Store and is regularly
refreshed.

As described above, there are three different types of stores, each with a distinct function:

 Content is stored as encrypted blobs in Azure storage. The key to each chunk of content is
encrypted and stored separately in the Content Database. The content itself holds no clue as to
how it can be decrypted.
 The Content Database is a SQL Server database. It holds the map required to locate and
reassemble all of the content blobs held in Azure storage as well as the keys needed to encrypt
those blobs. However, the set of keys is itself encrypted. The master key is held in a separate
Key Store.
Document type: Controlled (Microsoft Confidential - handed to customer under NDA)
Document stage: Published
Next review: December 2015
Feedback: CXP Risk Assurance Documentation – cxprad@microsoft.com

 The Key Store is physically separate from the Content Database and Azure storage. It holds the
credentials for each Azure storage container and the master key to the set of encrypted keys
held in the Content Database.

Each of these three storage components – the Azure blob store, the Content Database and the Key Store
– is physically separate. The information held in any one of the components is unusable on its own.
Without access to all three, it is impossible to retrieve the keys to the chunks, decrypt the keys to make
them usable, associate the keys with their corresponding chunks, decrypt each chunk, or reconstruct a
document from its constituent chunks.

The master keys, which protect the per-blob keys, are stored in two locations:

1. First, the secure store (a built-in SharePoint secret store) which is protected by the Farm Key.
2. Second, the master keys are backed-up in the central SharePoint Secret Store.

These keys are updated (and the blob keys re-encrypted) every 60 days. The credentials used to access
the Azure storage containers are also held in the central SPO Secret Store, and delegated to each
SharePoint farm as needed. These credentials are Azure storage SAS signatures, with separate
credentials used to read or write data, with policy applied so that they auto-expire every 60 days.
Different credentials are used to read or write data (not both) and SharePoint farms are not given
permissions to enumerate.

For all customers, all customer content is being protected by unique, per-file keys that are always
unique and not shared with any other SPO customer. When a file is uploaded, encryption is performed
by SharePoint within the context of the upload request, before being sent to Azure storage. When a file
is downloaded, SharePoint retrieves your encrypted content from Azure based on your unique
document identifier, and decrypts the content before sending it to the user. Azure has no ability to
decrypt, or even identify or understand content or to whom it belongs. All of the encryption and
decryption happens in the same systems that enforce tenant isolation, which is Azure Active Directory
and SharePoint Online.

Note: For Office 365 Government customers, data blobs are stored in Azure Government
Storage. In addition, access to SharePoint keys in Office 365 Government is limited to Office 365
staff has have been specifically screened. Azure Government operations staff do not have access
to the SharePoint key store that is used for encrypting data blobs.

For more information data encryption in SharePoint, see Data Encryption in OneDrive for Business and
SharePoint Online.

Encryption of Customer Data In-transit

In addition to protecting customer data at rest, Office 365 uses encryption technologies to protect
customer data in-transit. Data is in-transit when a client machine communicates with an Office 365
server, or when an Office 365 server communicates with another Office 365 server. All customer-facing
servers negotiate a secure session using TLS with client machines. This applies to various protocols such
as HTTP, POP3, etc., that are used by clients such as Outlook, Skype for Business, and Outlook Web App.
Document type: Controlled (Microsoft Confidential - handed to customer under NDA)
Document stage: Published
Next review: December 2015
Feedback: CXP Risk Assurance Documentation – cxprad@microsoft.com

All implementation details such as the version of TLS being used, whether or not Perfect Forward
Secrecy (PFS) is enabled, the order of cipher suites, etc., are available publicly. One way to see these
details is to use a third-party Web site, such as Qualys SSL Labs (www.ssllabs.com). Below are the links
to automated test pages from Qualys that display information for the following services:

 Office 365 Portal

 Exchange Online
 SharePoint Online
 Skype for Business Online (formerly Lync Online) (SIP)
 Skype for Business Online (formerly Lync Online) (Web)
 Exchange Online Protection

For Exchange Online Protection, URLs vary by tenant names; however, all customers can test Office 365
using microsoft-com.mail.protection.outlook.com.

As for traffic between datacenters, Microsoft deploys applications so that the Customer Content in this
traffic is encrypted using TLS or IPSec. All traffic between Microsoft datacenters is encrypted: this
includes both application-layer encryption for the customer data itself, and network transport layer
encryption for the communication of the customer data.

Customer-managed Encryption Technologies

Along with the encryption technologies in Office 365 that are managed by Microsoft, Office 365 also
includes encryption features that customers can manage and configure. These technologies, which offer
a variety of ways to encrypt customer data at rest or in-transit, are:

 Rights Management Services

 Secure Multipurpose Internet Mail Extension
 Office 365 Message Encryption
 TLS for SMTP messages to partners

Information on these technologies can also be found in the Office 365 service descriptions.

In addition, Microsoft has recently announced a feature called Advanced Encryption for Email. This
builds on the per-file encryption features in SharePoint and OneDrive for Business that are described
above. Similar encryption will be introduced for Exchange Online. This new layer of content-level
encryption uses keys that are protected using hardware security modules certified to FIPS 140-2 Level 2.
This new advanced encryption for email will be provided in Office 365 by the end of CY 2015. For more
information, see Enhancing transparency and control for Office 365 customers.

Azure Rights Management

Azure Rights Management (Azure RMS) uses encryption, identity, and authorization policies to help
secure your files and email across multiple platforms and devices—phones, tablets, and PCs.
Information can be protected both within and outside your organization because protection remains
with the data. Azure RMS provides persistent protection of all file types, protects files anywhere,
supports business-to-business collaboration, and a wide range of Windows and non-Windows devices.
Document type: Controlled (Microsoft Confidential - handed to customer under NDA)
Document stage: Published
Next review: December 2015
Feedback: CXP Risk Assurance Documentation – cxprad@microsoft.com

Azure RMS protection can also augment data loss prevention (DLP) policies. But very importantly,
authorized people and services (such as search and indexing) can continue to read and inspect the data
that Azure RMS protects, which is not easily accomplished with other information protection solutions,
such as S/MIME. This ability is sometimes referred to as “reasoning over data” and is a crucial element
in maintaining control of your organization’s sensitive data.

Microsoft offers Azure RMS for both Office 365 and on-premises servers and services. Azure RMS is
integrated with Office 365 and recommended for all Office 365 customers. To configure Office 365 to
use Azure RMS, see Configure IRM to use Azure Rights Management. If you operate on-premises Active
Directory (AD) RMS server then you can also Configure IRM to use an on-premises AD RMS server, but
we strongly recommend you to migrate to Azure RMS to use new features like secure collaboration with
other organizations.

When you protect content with Azure RMS, Azure RMS uses a 2048-bit RSA asymmetric key with SHA-
256 hash algorithm for integrity to encrypt the content. The symmetric key for Office documents and
email is AES 128-bit (CBC mode with PKCS#7 padding).

In a default Azure RMS implementation, Microsoft generates and manages the root key that is unique
for each tenant. Customers can manage the lifecycle of the root key in Azure RMS with SharePoint
Online by using a method called Bring your Own Key (BYOK) that allows you to generate your key
protected by Hardware Security Module (HSM) on-premises and stay in control of this key after transfer
to Microsoft’s FIPS 140-2 validated HSMs. Access to the root key is always limited to Office 365
applications (such as Exchange Online and SharePoint Online) and is not given to any personnel. In
addition, customers can access a near real-time log showing all access to the root key at any time. For
more information, see Logging and Analyzing Azure Rights Management Usage.

Azure Rights Management helps mitigates threats such as wire-tapping, man-in-the-middle attacks, data
theft, and unintentional violations of organizational sharing policies. At the same time, any unwarranted
access of customer data in-transit or at rest by an unauthorized user who does not have appropriate
permissions is prevented via policies that follow that data, thereby mitigating the risk of that data falling
in the wrong hands either knowingly or unknowingly and providing data loss prevention functions.

Secure Multipurpose Internet Mail Extension

Secure/Multipurpose Internet Mail Extensions (S/MIME) is a standard for public key encryption and
digital signing of MIME data. S/MIME is defined in RFCs 3369, 3370, 3850, 3851, and others. It allows a
user to encrypt an email and digitally sign an email. An email that is encrypted using S/MIME can only be
decrypted by the recipient of the email using their private key, which is only available that recipient. As
such the emails cannot be decrypted by anybody other than the recipient of the email.

Microsoft supports S/MIME in Office 365. Public certificates are distributed to the customer’s on-
premises Active Directory and stored in attributes that can be replicated to an Office 365 tenant. Users
can compose, encrypt, decrypt, read, and digitally sign emails between two users in an organization
using Outlook, Outlook Web App, and Exchange ActiveSync clients. For more information, see S/MIME
encryption now in Office 365.
Document type: Controlled (Microsoft Confidential - handed to customer under NDA)
Document stage: Published
Next review: December 2015
Feedback: CXP Risk Assurance Documentation – cxprad@microsoft.com

Office 365 Message Encryption

Office 365 message encryption (OME) is a mechanism to apply encryption on emails that originate from
Office 365. OME requires activation of Windows Azure RMS in customer’s Office 365 tenant. With OME,
tenant administrators can create transport rules that encrypt emails if they match certain criteria.
Encrypted messages can be sent inside or outside of customer’s tenant. External users can use either an
Office 365 account (from their company), a Microsoft account, or a one-time passcode to decrypt the
email they have received.

Like Azure Rights Management, OME also mitigates threats such as wire-tapping and man-in-the-middle
attacks, and other threats, such as unwarranted access of data by an unauthorized user who does not
have appropriate permissions.

Transport Layer Security

If you want to ensure secure communication with a partner, you can use inbound and outbound
connectors to provide security and message integrity. You can configure forced inbound and outbound
TLS on each connector, using a certificate. Using an encrypted SMTP channel can prevent data in emails
from being stolen via a man-in-the-middle attack.

Risks and Protection

Microsoft follows a control and a compliance framework that focuses on risks to the Office 365 service
and to customer data. Microsoft implements a large set of technology and process-based methods
(referred to as controls) to mitigate these risks. Identification, evaluation and mitigation of risks via
controls is a continuous process. The implementation of controls within various layers of the service
such as facilities, network, servers, applications, users (such as Microsoft administrators) and data form
a defense-in-depth strategy. The key to this strategy is that many different controls at different layers of
the service are implemented to protect against the same or similar risk scenarios. The multi-layered
approach provides fail-safe protection in case a control fails for some reason.

Some risk scenarios and the encryption technologies that mitigate them are listed below. These
scenarios are in many cases also mitigated via other controls implemented in Office 365.

Encryption Applies to Implementation Risk scenario Value

Technology
BitLocker Exchange Service Disks or servers in Office 365 are BitLocker provides a fail-
Online, implemented stolen or improperly recycled. safe approach to protect
SharePoint against loss of data due
Online, Skype to stolen or improperly
for Business recycled hardware
Online (server / disk).
Per-file encryption Skype for Service Internal or external hacker tries The encrypted data
Business Online implemented to access individual files / data cannot be decrypted
as a blob without access to keys.
Helps to mitigate risk of
a hacker accessing data.
Per-file encryption SharePoint Service Internal or external hacker tries The encrypted data
Online implemented to access individual files / data cannot be decrypted
as a blob. without access to keys.
There is an attempt to access Helps to mitigate risk of
data across tenant a hacker accessing data
Document type: Controlled (Microsoft Confidential - handed to customer under NDA)
Document stage: Published
Next review: December 2015
Feedback: CXP Risk Assurance Documentation – cxprad@microsoft.com

and cross tenant access

of data.
SSL/TLS between Exchange Service Man-in-the-middle or other This implementation
Office 365 and clients Online, implemented attack to tap the data flow provides value to both
SharePoint between Office 365 and client Microsoft and
Online, Skype computers over Internet. customers and assures
for Business data integrity as it flows
Online between Office and the
client.
SSL/TLS between Exchange Service Man-in-the-middle or other This implementation is
Microsoft Online, implemented attack to tap the customer data another fail safe method
datacenters SharePoint flow between Office 365 servers to protect data against
Online, Skype located in different Microsoft attacks between
for Business datacenters. Microsoft datacenters.
Online
Rights Management Exchange Customer Data falls into the hands of a RMS provides value to
Service Online, managed person who should not have customers by using
SharePoint access to the data. encryption, identity, and
Online authorization policies to
help secure files and
email across multiple
devices.
S/MIME Exchange Customer Email falls into the hands of a S/MIME provides value
Online managed person who is not the intended to customers by
recipient. assuring that email
encrypted with S/MIME
can only be decrypted
by the direct recipient of
the email.
Office 365 Message Exchange Customer Email falls in hands of a person OME provides value to
Encryption Online managed either within or outside Office customers where all
365 who is not the intended emails originating from
recipient of the email. Office 365 that match
certain criteria (i.e. all
emails to a certain
address) are
automatically encrypted
before they get sent to
another internal or an
external recipient.
SMTP TLS with Exchange Customer Email is intercepted via a man- This scenario provides
partner organization Online implemented in-the-middle or other attack value to the customer
while in transit from an Office such that they can send
365 tenant to another partner / receive all emails
organization. between their Office
365 tenant and their
partner’s email
organization inside an
encrypted SMTP
channel.

Summary
Protection of customer data stored within and transmitted by these services is of paramount
importance to Microsoft. We use technologies and controlled processes to protect data. Among those
Document type: Controlled (Microsoft Confidential - handed to customer under NDA)
Document stage: Published
Next review: December 2015
Feedback: CXP Risk Assurance Documentation – cxprad@microsoft.com

technologies is data encryption. Within Office 365, customer data is encrypted both at rest and while in
transit. Office 365 includes several encryption features that provide data protection out-of-the-box,
some of which are customer-managed and some of which are deployed as service-side controls.

The encryption technologies that are built into Office 365 and managed by Microsoft protect customer
data from specific risk scenarios and also provide failsafe in case other implemented controls fail to
protect customer data. The encryption technologies that are provided to customers enable them to add
additional layers of protection to their Office 365 content and data based on their own risk profiles.