Preview: Data-at-rest encryption for Microsoft 365

Microsoft 365 provides baseline, volume-level encryption through BitLocker. Service Encryption provides an added layer of data-at-rest encryption at the application level. Customer Key allows you to control your organization’s encryption keys. Customer Key support exists today for Exchange Online, Skype for Business, SharePoint Online, and OneDrive for Business workloads in Microsoft’s data centers. Microsoft is extending Customer Key support to additional workloads through a service, Data-at-rest encryption for Microsoft 365.

This message is associated with Microsoft 365 Roadmap ID 68922.

When this will happen

Microsoft expects to begin the roll out in mid-December 2020 and complete it by mid-January 2021.

How this will affect your organization

Data-at-rest encryption for Microsoft 365 gives you the ability to create and apply a tenant-wide data encryption policy that will encrypt data across the following workloads using customer managed keys:

• Exchange Online (all data)
• Microsoft Teams (new data)
  • Microsoft Teams Chat Messages (1:1 chats, group chats, meeting chats and channel conversations)
  • Microsoft Teams Chat Notifications
  • Microsoft Teams Chat Suggestions by Cortana
  • Microsoft Teams Files
  • Microsoft Teams Media Messages (images, code snippets, videos, wiki images)

What you need to do to prepare

To access the service preview, Data-at-rest Encryption for Microsoft 365, reach out to Microsoft at [email protected] with your onboarding request.

• Please review Service encryption with Customer Key and How to set up Customer Key for how the existing Customer Key feature works.
• The onboarding process for enabling Data-at-Rest Encryption for Microsoft 365 will be similar to the existing Customer Key feature.

Specific documentation for Data-at-Rest Encryption for Microsoft 365 will be available once the service is rolled out.