Protection & preservation for email
Encryption

Microsoft Exchange Hosted Encryption

Internet-based support for your existing email.

Microsoft Exchange Hosted Encryption provides policy-based encryption from sender to recipient with no end-user training or software installation.

Exchange Hosted Encryption is not available through Telstra – please contact your Microsoft reseller for more information.

Download the Exchange Hosted Encryption Datasheet: Word

How It Works

View of an Exchange Hosted Service screen

Solution Overview

Transparent Encryption and Email Delivery

When a user sends an email message, it travels to the Microsoft global network through a Transport Layer Security (TLS)-encrypted tunnel and is automatically encrypted at the gateway according to rules that are created and managed within the Microsoft Forefront Online Protection for Exchange module.

When a message is encrypted, a private key for the recipient is created and stored in a security-enhanced environment on the Microsoft network. The private key is made available to the message recipient when the recipient decrypts the message. The recipient does not have to pre-enrol to receive and decrypt the message. In fact, the recipient might never have received a previous email from the sender.

The Microsoft encryption process is entirely transparent to the sender, who does not need to do anything other than write and send the message as usual.

Simple Authentication and Security-Enhanced, Web-based Decryption

Upon receiving an encrypted message, the recipient authenticates their identity and sets a password to securely open encrypted messages from the Hosted Encryption service. Once this password is created, the recipient can use the same password to authenticate and view protected email quickly. Password-based authentication provides an easy and secure method to authenticate and verify a recipient's identity.

After completing the authentication and password setup process, the recipient decrypts and views the message using the Voltage Zero Download Messenger. The Zero Download Messenger is a clientless, browser-based method that enables a recipient to have confidence decrypting and reading a message and its attachments and then to reply with confidence. Furthermore, the encrypted message remains in the recipient's email inbox for access at any time.

Service Benefits

Sends encrypted email messages to anyone, regardless of the recipient's system configuration
Decrypt and read email with confidence, without installing client software
Provides strong, automated encryption with a cost-effective infrastructure
Consistently and automatically helps protect sensitive information and data leaving your email gateway
Helps manage compliance with security and privacy requirements such as HIPAA and Gramm-Leach-Bliley
Eliminates the need for key and certificate management
Generates keys quickly
Minimises up-front capital investment
Integrates with existing email infrastructure
Helps administrators to have time for other projects

More Information

Technical Requirements

Forefront Online Protection for Exchange and Exchange Hosted Encryption work with any email platform
Exchange Hosted Encryption requires Forefront Online Protection for Exchange
The Microsoft Exchange Hosted Services Directory Synchronisation tool is optional and requires:
- Windows Server 2003 SP2
- Active Directory (single-forest topology)
- Microsoft Exchange Server 2003 SP2 or Microsoft Exchange Server 2007 (required for Safelist aggregation synchronisation feature)
- Microsoft .NET Framework 2.0
Exchange Hosted Archive and Exchange Hosted Continuity require Microsoft Exchange Server 2000(SP3), 2003(SP1) and 2007
Web applications are accessible via a Web browser (Internet Explorer 6 or 7, Firefox 2.0 or higher)