SBP Blog

Microsoft Office 365 Message Encryption: send encrypted emails, regardless of the destination - Part 2

Mar 31, 2014 by BogdanZ

In the first part of the article we've noted that Microsoft Office 365 Message Encryption comes as an improvement to EHE (Exchange Hosted Encryption) in terms of security, and that it offers more business plans (depending on the size of the company), so now it's high time that we've talked about how this tool works:

Microsoft Office 365 Message Encryption

So how does Microsoft Office 365 Message Encryption work?

  * Each company's admin will have to set the transport rules of the encrypted emails for matching specific criteria. These rules are then managed via a web-based interface or PowerShell and they will provide a greater amount of flexibility and control.
  * Before sending a message, the encryption service can be applied or removed and the outgoing message will get encrypted before it is delivered to the outside mail server (outside your company). See below more details:
  * Once the message is received, it will contain an encrypted attachment with instructions for how to view it. You will have to follow the instructions to authenticate with the Office 365 ID or Microsoft Account and then you will be able to view the encrypted content.

Even though we said only good things about Microsoft Message Encryption, this kind of security isn’t unbreakable. After all, this fancy encryption can be by-passed with a Microsoft Account / Office 365 ID, so this means that a broken Microsoft account also provides access to all private data, including the information transferred via the Microsoft Office 365 Message Encryption service.

Is Microsoft Office 365 Message Encryption the most accessible and safe solution on the market?

Office 365 can be regarded as the "melting pot" of encryption technologies, as it gathers the best encryption solution, such as:

 * TSL (encrypts the tunnel between mail server to help prevent snooping/eavesdropping)
 * SSL (encrypts the connection between mail clients and Office 365 servers)
 * BitLocker (encrypts the data on the hard drives in the data center, so that if someone gets unauthorized access to the machine they can't read it)
 * Information Rights Management
 * S/MIME (Secure/Multipurpose Internet Mail Extensions)

Update: Although, Office 365 Message Encryption combines several encryption technologies, recently a bug has been discovered in the OpenSSL cryptographic software library. The so-called "Heartbleed" bug allows stealing the information protected by the SSL/TLS encryption. Even more, the bug also allows attackers to steal sensitive data without leaving any kind of trace, so the victims don't even know if the system weakness have been exploited or not. Any opinions on this?

The situations in which we would need this kind of security are for example bank credit card statements, insurance companies sending policy details to customers, brokers requesting financial information for a loan application, attorneys communicating with clients, various contracts sent through mails, therapists sending confidential diagnostics to patients and the list can go on and on.

All in all, today on the market there are a lot of extra security levels (third-party softwares: FiLink Email Encryption, CipherCloud), which come in addition to the Office 365, however the best part of Message Encryption is the fact that it can send encrypted messages to any kind of destination, such as:, Yahoo, Gmail, Exchange Server, Lotus (IBM) Notes, GroupWise, Squirrel Mail etc. You name it and it will work! ;)

Tags: Microsoft  Office  software 


No comments yet.

Your Comment: