Forum Discussion
Encryption confusion
Does this help, its the best explanation I have seen:
“Exchange Online always attempts to use TLS first to secure your email but cannot always do this if the other party does not offer TLS security.
For Exchange Online, we use TLS to encrypt the connections between our Exchange servers and the connections between our Exchange servers and other servers such as your on-premises Exchange servers or your recipients' mail servers. Once the connection is encrypted, all data sent through that connection is sent through the encrypted channel. However, if you forward a message that was sent through a TLS-encrypted connection, that message isn't necessarily encrypted. This is because, in simple terms, TLS doesn't encrypt the message, just the connection.
If you want to encrypt the message you need to use an encryption technology that encrypts the message contents, for example, something like Office Message Encryption.”
https://docs.microsoft.com/en-us/microsoft-365/compliance/exchange-online-uses-tls-to-secure-email-connections
This provides how various measures help and where they are implemented
https://docs.microsoft.com/en-us/microsoft-365/compliance/office-365-encryption-risks-and-protections
This provides info on the broader topics:
https://docs.microsoft.com/en-us/microsoft-365/compliance/encryption?view=o365-worldwide#encryption-for-data-at-rest-and-data-in-transit
The licence requirements for OME are discussed here:
https://docs.microsoft.com/en-us/microsoft-365/compliance/ome-faq?view=o365-worldwide#what-subscriptions-do-i-need-to-use-the-new-ome-capabilities
Hope that helps.
Does this help, its the best explanation I have seen:
“Exchange Online always attempts to use TLS first to secure your email but cannot always do this if the other party does not offer TLS security.
For Exchange Online, we use TLS to encrypt the connections between our Exchange servers and the connections between our Exchange servers and other servers such as your on-premises Exchange servers or your recipients' mail servers. Once the connection is encrypted, all data sent through that connection is sent through the encrypted channel. However, if you forward a message that was sent through a TLS-encrypted connection, that message isn't necessarily encrypted. This is because, in simple terms, TLS doesn't encrypt the message, just the connection.
If you want to encrypt the message you need to use an encryption technology that encrypts the message contents, for example, something like Office Message Encryption.”
https://docs.microsoft.com/en-us/microsoft-365/compliance/exchange-online-uses-tls-to-secure-email-connections
This provides how various measures help and where they are implemented
https://docs.microsoft.com/en-us/microsoft-365/compliance/office-365-encryption-risks-and-protections
This provides info on the broader topics:
https://docs.microsoft.com/en-us/microsoft-365/compliance/encryption?view=o365-worldwide#encryption-for-data-at-rest-and-data-in-transit
The licence requirements for OME are discussed here:
https://docs.microsoft.com/en-us/microsoft-365/compliance/ome-faq?view=o365-worldwide#what-subscriptions-do-i-need-to-use-the-new-ome-capabilities
Hope that helps.