Encryption
Manage encryption settings for data at rest and in transit across Microsoft 365 services.
Encryption Coverage
| Service | At Rest | In Transit |
|---|---|---|
| Exchange Online | BitLocker + service encryption | TLS 1.2 |
| SharePoint Online | BitLocker + per-file encryption | TLS 1.2 |
| OneDrive | BitLocker + per-file encryption | TLS 1.2 |
| Teams | BitLocker | TLS 1.2 + SRTP |
Customer Key
Optional customer-managed encryption keys (BYOK) for additional control:
- Requires Azure Key Vault
- Provides data purge capability
- Available for Exchange, SharePoint, and Teams
Message Encryption
- Office 365 Message Encryption — Encrypt emails sent externally
- S/MIME — Certificate-based email encryption
- Information Rights Management — Persistent protection with usage rights
API Reference
GET /api/security/encryption/status— Get encryption statusGET /api/security/encryption/customer-key— Get Customer Key status
Last updated on