Microsoft Online Services

Home > Products > Exchange Hosted Encryption

Protection & preservation for e-mail encryption

Internet-based support for your existing e-mail.

Microsoft Exchange Hosted Encryption provides policy-based encryption from sender to recipient with no end-user training or software installation. Exchange Hosted encryption requires Microsoft Forefront Online Protection for Exchange.

How encryption works with Forefront Online Protection for Exchange

Technical info

Datasheets	Product Demo	Technical Requirements
Exchange Hosted Encryption: Word	Webcast	PDF (583 KB)

Exchange Hosted Encryption solution overview

Transparent encryption and e-mail delivery

When a user sends an e-mail message, it travels to the Microsoft global network through a Transport Layer Security (TLS)-encrypted tunnel, and is automatically encrypted at the gateway according to rules created and managed within the Microsoft Forefront Online Protection for Exchange module.

When a message is encrypted, a private key for the recipient is created and stored in a security-enhanced environment on the Microsoft network. The private key is made available to the message recipient when the recipient decrypts the message. The recipient does not have to pre-enroll to receive and decrypt the message. In fact, the recipient may have never received a prior e-mail from the sender.

The Microsoft encryption process is entirely transparent to the sender, who does not need to do anything other than write and send the message as usual.

Simple authentication and security-enhanced, web-based decryption

Upon receiving an encrypted message, the recipient authenticates their identity and sets a password to securely open encrypted messages from the Hosted Encryption service. Once this password is created, the recipient can use the same password to quickly authenticate and view protected e-mail. Password-based authentication provides an easy and secure method to authenticate and verify a recipient's identity.

After completing the authentication and password setup process, the recipient decrypts and views the message using the Voltage Zero Download Messenger. The Zero Download Messenger is a clientless, browser-based method that enables a recipient to have confidence decrypting and reading a message and its attachments and then to reply with confidence. Furthermore, the encrypted message remains in the recipient's e-mail inbox for access at any time.

Exchange Hosted Encryption Service benefits

• Sends encrypted e-mail messages to anyone, regardless of the recipient's system configuration
• Decrypts and read e-mail with confidence, without installing client software
• Provides strong, automated encryption with a cost-effective infrastructure
• Consistently and automatically helps protect sensitive information and data leaving your e-mail gateway
• Helps manage compliance with security and privacy requirements such as HIPAA and Gramm-Leach-Bliley
• Eliminates need for key and certificate management
• Generates keys on the fly
• Minimizes up-front capital investment
• Integrates with existing e-mail infrastructure
• Helps free up administrator time to focus on other projects

Exchange Hosted Encryption additional information

Exchange Hosted Encryption technical requirements

• Forefront Online Protection for Exchange and Exchange Hosted Encryption work with any e-mail platform
• Exchange Hosted Encryption requires Forefront Online Protection for Exchange
• The Directory Synchronization tool is optional, and requires:
  • Supported Operating Systems:
    Windows Server 2003 Service Pack 2
    Windows Server 2008 Enterprise
    Windows Server 2008 Standard
  • Active Directory (single-forest topology)
  • Microsoft Exchange Server 2003, Service Pack 2 or Microsoft Exchange Server 2007 and higher (required for the Safe Senders feature)
  • Microsoft .NET Framework 3.5
• Web applications are accessible via a Web browser (Internet Explorer 7 or higher; Firefox 3.5 or higher; Safari 3)