Will o365/SharePoint Online 2013 Content be encrypted at rest?

I think o365 exchange email content might already be encrypted at rest  - basically meaning that even if you are able to get your hands on the hard drives or backup tapes, you can't really do anything with them as that data will only work with set MS hardware that has the keys.

But, when will (if not already or ever) SPO content be afforded the same level of prote

December 13th, 2013 10:35pm

I believe the entire environment is encrypted at rest.
Free Windows Admin Tool Kit Click here and download it now
December 13th, 2013 10:36pm

I've been unable to find anything on the MS sites to confirm this. Would anybody have link to confirm this?
December 14th, 2013 3:37pm

This is something that Microsoft is looking on improving as they don't document this (unlike Google and Amazon).
Free Windows Admin Tool Kit Click here and download it now
December 14th, 2013 5:38pm

Anybody else want to chime in on this? Sounds like some sort of conspiracy to hide even the slightest information on how these data centers work?
December 19th, 2013 10:24pm

From Security in Office 365 White Paper (Word document):

Encrypted data

Customer data in Office 365 exists in two states:

  • At rest on storage media
  • In transit from a data center over a network to a customer device

All email content is encrypted on disk using BitLocker Advanced Encryption Standard (AES) encryption. Protection covers all disks on mailbox servers and includes mailbox database files, mailbox transaction log files, search content index files, transport database files, transport transaction log files, and page file OS system disk tracing/message tracking logs.

Office 365 also transports and stores secure/multipurpose Internet mail extensions (S/MIME) messages. Office 365 will transport and store messages that are encrypted using client-side, third-party encryption solutions such as Pretty Good Privacy (PGP). 

This applies to all data in Office 365, including SharePoint data (search content index files, database files, transaction log files, etc) in SharePoint O

Free Windows Admin Tool Kit Click here and download it now
December 20th, 2013 12:24am

awesome!
December 27th, 2013 10:37pm

Has anyone been able to get confirmation from Microsoft? The white paper and excerpt posted by Jason specifically calls out email.

"Protection covers all disks on mailbox servers and includes mailbox database files, mailbox transaction log files, search content index files, transport database files, transport transaction log files, and page file OS system disk tracing/message tracking logs."

We have financial services and healthcare clients that are required (by law) to have certain types of data encrypted at rest. We have to be able to provide documentation, or a statement from Microsoft, that all data is (or can be) indeed encrypted at rest (particularly documents started in SharePoint Online).

I know about IRM/MRS but this does not state the at rest data is encrypted. It says that files accessed/downloaded are encrypted as they are accessed. I interpret this to mean the at rest data is NOT encrypted.

Free Windows Admin Tool Kit Click here and download it now
February 18th, 2014 8:53pm

Meant to follow up on this.  Our Microsoft Account Rep said that for SharePoint Online - Data is NOT encrypted at rest even after I forwarded that document to them. But they did say they were working on it.
February 19th, 2014 5:11am

Meant to follow up on this.  Our Microsoft Account Rep said that for SharePoint Online - Data is NOT encrypted at rest even after I forwarded that document to them. But they did say they were work
Free Windows Admin Tool Kit Click here and download it now
February 19th, 2014 7:24pm

Trevor,

Can you provide a link or direct Microsoft source to confirm this?

It's just that this information has to come from Microsoft and we need to be able to point to the information for our security teams.

Mike

February 20th, 2014 7:10pm

I too am interested in finding documentation for this area. I am only able to find definite information on Exchange data however I am in the same circumstance where I need documentation to provide to another team, saying that data at rest in SharePoint Online is also encrypted.
Free Windows Admin Tool Kit Click here and download it now
February 21st, 2014 7:34pm

I would like to know the official documented answer from Microsoft on this as well. No second hand yes it is or no it isn't. 

I would like to create a list in SP online and store proprietary company info in it. Nothing like passwords but stuff I wouldn't want in the cloud unencrypted.

January 28th, 2015 9:24pm

http://roadmap.office.com/en-us?legRedir=true&CorrelationId=3d54e3ff-7acb-476a-b3c6-b0a177b7b714#L-36-1627

Not sure if it can get any more official than this.

It looks like the announcement was made on Oct 28th 2014 meaning there was a lot of bad advice in this thread saying it was encrypted, when it sounds like SharePoint Online was not encrypted at rest! That's why on this kind of stuff it's important to have official word from Microsoft!

http://blogs.office.com/2014/10/28/office-365-latest-innovations-security-compliance/





  • Proposed as answer by jlongjr Wednesday, January 28, 2015 6:34 PM
  • Edited by jlongjr Wednesday, January 28, 2015 6:39 PM
Free Windows Admin Tool Kit Click here and download it now
January 28th, 2015 9:33pm

jlongjr: The Office 365 whitepaper is correct as of when it was published and to my knowledge is still correct today. The feature you linked to in the roadmap is for introducing an advanced file encryption feature that allows users to encrypt files individually with unique keys. This feature doesn't change the existing storarge-level encryption infrastructure.
January 28th, 2015 10:56pm

It's still nice to have official documentation on this. I found a white paper on the subject with the following.

Our latest encryption feature with which content in OneDrive for Business and SharePoint Online will be encrypted at rest will start rolling out to customers soon. With this, the encryption technology in Office 365 moves beyond a single encryption key per disk to deliver a unique encryption key per file. With this technology, every file stored in SharePoint Onlineincluding OneDrive for Business foldersis encrypted with its own key, and subsequent updates to the file are encrypted with their own unique key as well. Your organizations files will be distributed across multiple Microsoft Azure Storage containers, each with separate credentials, rather than storing them all in a single database.  By spreading encrypted files across storage locations, encrypting the map of file locations itself, and physically separating master encryption keys from both content and the file map, this new encryption storage technology makes OneDrive for Business and SharePoint Online a highly secure environment for your data.

http://www.microsoft.com/en-us/download/confirmation.aspx?id=26552

So the drive has always been encrypted but now all files will be encrypted. I will assume that since files are stored in the share point database this applies to the database as well. I wish I had a more clear answer on this.

But at this point for me it's clear there are many different layers of encryption and at no point is data ever transmitted or stored unencrypted. At least I hope.

  • Edited by jlongjr Wednesday, January 28, 2015 9:16 PM
Free Windows Admin Tool Kit Click here and download it now
January 29th, 2015 12:15am

The SharePoint team just published a blog post today that discusses how encryption works for OneDrive for Business and SharePoint Online.

It contains the same information found in the whitepaper I originally linked. Data is encrypted at rest using Bitlocker on the drives.

The whitepaper is official document

January 30th, 2015 8:20pm

The SharePoint team just published a blog post today that discusses how encryption works for OneDrive for Business and SharePoint Online.

It contains the same information found in the whitepaper I originally linked. Data is encrypted at rest using Bitlocker on the drives.

The whitepaper is official document

Free Windows Admin Tool Kit Click here and download it now
January 31st, 2015 12:43am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics