Encryption – Describe Zero Trust Principles for Microsoft 365

Audit Retention Policies Describe Identity Concepts Describe the Zero-Trust Model Microsoft Certification Exam Microsoft MS-900 Synchronized Identity with Pass

Encryption

Encryption, a critical part of the zero-trust strategy, is a mechanism that protects information from unauthorized access. Data stored or transmitted in clear text can potentially be intercepted or modified by bad actors. Encryption can help protect against both unauthorized access and data alteration.

Microsoft 365 implements several encryption technologies across the platform. Encryption is enforced for data in two core states:

  • At rest: In this state, data is stored in the service. This includes files and documents uploaded to OneDrive, SharePoint, and Teams, as well as email content. Data at rest is protected by BitLocker, Distributed Key Manager (DKM), and Customer Key for Microsoft 365. Depending on the service, data may also be stored in blob storage, with each chunk being encrypted using the key store.
  • In transit: This state refers to data that is transferred between clients and services, as well as between different endpoints within the service and data centers. Data in transit is protected via Transport Layer Security (TLS) and IP Security (IPsec). TLS is typically used to secure application-layer traffic between clients and services, while IPsec secures the underlying physical or logical networking connections.

In addition to the built-in encryption technologies, customers can also apply unique content encryption to files and email messages using the AIP client. Not only does AIP provide data classification services (as described earlier), but it can also be used to encrypt content at the file or document level.

Organizations in highly regulated industries may be required to control the encryption keys that are used in the service. To accomplish this, organizations may use the Customer Key service, which allows them to manage the key life cycle and encrypt data in the following services:

  • EXO, including Skype for Business Online and Microsoft Teams data stored in user mailboxes
  • Files stored in OneDrive and SPO

Setting up the Customer Key service requires additional Azure services, such as Key Vault, and further considerations are out of the scope of this book.

Note

You can learn about Customer Key at https://learn.microsoft.com/en-us/ microsoft-365/compliance/customer-key-overview.

Tags:

Lucy Weismann

Learn More

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts

Audit Retention Policies Describe Identity Concepts Describe the Zero-Trust Model Microsoft Certification Exam Microsoft MS-900 Synchronized Identity with Pass

Team Insights – Describe the Analytics Capabilities of Microsoft 365

By Lucy Weismann

Team Insights In addition to the personal insights available to all users, individuals in managerial roles can access manager-level insights, also referred to as teamwork habits or team insights. These insights arecentered around collective data and trends derived from team members and are presented in an anonymized format. These trends may encompass work-related behaviors, such ...

Read More
Audit Retention Policies Microsoft Certification Exam Microsoft MS-900

Advanced Insights – Describe the Analytics Capabilities of Microsoft 365

By Lucy Weismann

Advanced Insights Advanced insights allow business analysts to deep-dive into the data collected by Viva Insights. For example, analysts can write custom queries to explore meeting metrics or other quantitative datasets. Advanced Insights To learn more about Advanced insights features, please see https://learn.microsoft. com/en-us/viva/insights/advanced/introduction-to-advanced-insights. Viva Insights has its own role, Viva Insights admin. With this ...

Read More
Describe Identity Concepts Microsoft Certification Exam Microsoft MS-900

Describe Identity Concepts – Understand Identity and Access Management Solutions

By Lucy Weismann

Describe Identity Concepts When describing how users access Microsoft 365 services, the identity and authentication processes are the key concepts to understand. In this section, you will learn three core identity models (as well as some sub-features of each) and how they work in the context of Microsoft 365. The three models are as follows: ...

Read More