New service: Data-at-rest encryption for Microsoft 365
Microsoft 365 provides baseline, volume-level encryption through BitLocker. Service Encryption provides an added layer of data-at-rest encryption at the application level. Customer Key allows you to control your organization’s encryption keys.
As an application level encryption service, Customer Key support exists today for Exchange Online, Skype for Business, SharePoint Online, and OneDrive for Business workloads in Microsoft’s data centers. We are extending Customer Key support to provide a tenant level encryption support through a new service called Data-at-rest encryption for Microsoft 365.
This feature is associated with Microsoft 365 Roadmap ID 68869.
When this will happen
Rollout is late March through late April.
How this will affect your organization
Data-at-rest encryption for Microsoft 365 gives you the ability to create and apply a tenant level data encryption policy that will encrypt data across the following workloads using customer managed keys:
- Exchange Online (all data)
- Microsoft Teams (new data)
- Teams call and meeting recordings stored in Teams storage
- Teams chat messages (1:1 chats, group chats, meeting chats and channel conversations)
- Teams chat notifications
- Teams chat suggestions by Cortana
- Teams media messages (images, code snippets, videos messages, audio messages, wiki images)
- Teams presence status messages
If you opt for this service, there is no impact to your organization or your data as long you maintain the health and accessibility of the keys.
What you need to do to prepare
To access the service, Data-at-rest Encryption for Microsoft 365, reach out to Microsoft at firstname.lastname@example.org with your onboarding request.
Please review Public Preview documentation to understand how the service works. Specific documentation for Data-at-Rest Encryption for Microsoft 365 will be available once the service is rolled out.
Message ID: MC242838