Late last year, Microsoft embarked on a comprehensive engineering effort to strengthen encryption across our networks and services in light of concerns about government surveillance. Since then, we’ve made great progress in several key areas. For instance, Office 365 has rolled out the general availability of message encryption. Outlook.com is now further protected by Transport Layer Security, or TLS, encryption for both outbound and inbound email. OneDrive now has Perfect Forward Secrecy, or PFS, encryption support. ExpressRoute has been added to Microsoft Azure enabling businesses to create private connections between Azure datacenters and infrastructure on their premises or in a colocation environment. And Microsoft Azure Guest OS and all Azure subscriptions using a Guest OS for cloud services now benefit from TLS/SSL cipher suite enhancements and PFS by default.
This month we’re pleased to share additional encryption advancements, notably in Microsoft Azure and Office 365, which are designed to further protect customer data using best-in-class encryption.
- Microsoft Azure Operational Insights – This next generation cloud service we are launching in preview provides log collection, search, dashboard visualization and operational intelligence for modern IT operations. Customers who use this service will benefit from its best-in-class encryption whereby communications in-transit between our customers and the service are encrypted using PFS. This provides an added layer of security when transferring customer data to the service.
- Microsoft Azure Site Recovery – This service now provides best-in-class security and data encryption to help ensure that your application data is always secure when it replicates to Azure. Virtual Machine (VM) data at rest stored in Azure can also be encrypted using a customer-managed encryption key. This service can help organizations protect important applications by coordinating the replication and recovery of private clouds across sites, whether you’re protecting dozens – or hundreds of VMs. Using this service, you can manage the replication of applications to your own second site, a hoster’s site, or even use Azure as your disaster recovery site and avoid the expense and complexity of building and managing your own secondary location.
- OneDrive for Business & SharePoint Online – Last spring we announced our intent to include even more file encryption capabilities in our SharePoint and OneDrive for Business. Today we are excited to announce that we have rolled out advanced encryption at rest for SharePoint Online and OneDrive for Business called per-file encryption. Per-file encryption technology encrypts every individual file stored in SharePoint Online and OneDrive for Business with its own unique key, and also encrypts each subsequent update to the file with an additional unique key. This granular level of encryption vastly reduces the risk of unauthorized access to the content.
These encryption advancements are important milestones and reinforce our commitment to increasing protections for customer data across our network and services. For more information, I encourage you to check out the blog posts from Microsoft Azure and Office 365.