Microsoft has introduced service encryption support with the Microsoft 365 Customer Key. As standard, Microsoft 365 provides volume-level encryption via the Distributed Key Manager service and Bit locker. This keeps customer data encrypted in the Microsoft system at rest. Microsoft 365 also offers further encryption at the application layer for content from apps like Teams.

The Microsoft 365 Customer Key builds on service encryption, providing a layer of encryption at the application layer for data-at-rest. The solution also allows the organisation to provide and control encryption keys used to manage customer data in Microsoft data centres.

Now, Microsoft 365 Customer Key also supports Microsoft Teams.

Customer Key for Microsoft Teams

Customer Key enhances the abilities of companies to meet the demands of compliance requirements in their organisation, which specify certain key arrangements with cloud service providers. For companies struggling to stay on track with regulatory and compliance obligations, this is a valuable investment.

After delivering keys to customers, Microsoft 365 uses the provided technology to encrypt information at rest according to the Online Service Terms. The company can create their own data encryption policy and assign it to certain pieces of Microsoft 365 users. Policies can be assigned to all tenant users at once, and multiple DEPs can be created per tenant (though you can only use one DEP at a time).

Customers using Customer Key for SharePoint and Exchange Online will now have access to a broader control layer with data encryption policies. Once a DEP is assigned and created, it will encrypt the following data for all tenant users:

  • Teams meeting and call recordings stored in Teams storage
  • Teams chat messages, including group chats and channel conversations
  • Teams media messages, including code snippets, images, video, audio messages, and wiki images.
  • Teams notifications and chat suggestions by Cortana, as well Teams status messages.
  • Microsoft Information exact match protection (data file schemas, rule packages and the tools used to hash sensitive data).
  • Exchange online mailboxes that aren’t already encrypted with mailbox DEPs
  • User and signal information from Exchange Online

Improved Encryption Opportunities

With a DEP assigned, encryption can begin automatically, but it may take some time to complete depending on the tenant size. For information protection in Teams, the customer Key DEP encrypts all data from the moment the DEP is assigned. The Microsoft team is also looking into supporting encrypting past data too.

 

 



from UC Today https://ift.tt/2QP5dPD