Microsoft Office 365 Message Encryption feature will encrypt all messages by default, though recipients will need an Office 365 or Microsoft Account ID to read the mail.

Microsoft is planning to roll out a brand new Office 365 feature that allows you to allow users who sign up for one of many company’s high-end enterprise hosting plans to send encrypted email messages.

Dubbed Office 365 Message Encryption, the optional feature will work with more than a few email clients, including Exchange Server, Outlook.com, Gmail, Yahoo, Lotus Notes, GroupWise, and Squirrel Mail. Encrypted message recipients will see an encrypted message attachment of their email, which when double-clicked will open in a browser window. To view the message, a recipient will first need to authenticate using an Office 365 or Microsoft account ID.

Microsoft Exchange product marketing manager Shobhit Sahay said in a blog post that the approach “is designed that will help you send confidential messages to people outside your organization simply and securely, without the executive overhead required to exploit S/MIME or similar technologies,” pertaining to encryption techniques that require keys to be managed client-side.

He added that messages are encrypted before leaving Microsoft’s datacenter “to stop any spoofing or misdirection,” and secured throughout transit using TLS and SSL. Meanwhile, the knowledge inside the encrypted message is stored in Microsoft’s datacenter using BitLocker disk-level encryption. Encrypted email recipients could also employ two-factor with their Microsoft account ID, thus adding another layer of access security.

Microsoft said the encryption service is not available for Office 365 users in China.

[Will encryption matter if the NSA has infected your PC? Read NSA Surveillance Infected 50,000 PCs With Malware.]

In the wake of National Security Agency whistleblower Edward Snowden’s leaks, that have revealed that the agency’s digital dragnet was intercepting information sent and received by millions of usa citizens, interest has surged in data encryption and encrypted email. Information security experts have said that while encrypting data won’t prevent the NSA — or the other technologically sophisticated organization — from capturing and decoding it, encryption does require a far greater degree of effort.

Snowden, notably, used an encrypted webmail service often called Lavabit, although that was more equivalent to an encrypted version of Gmail, other than Microsoft’s new Office 365 feature.

Historically, however, many email users shied faraway from employing client-based data encryption tools similar to PGP, because of perceived installation and management challenges. But Sahay promised that operating Microsoft’s encrypted email service can be straightforward. “The Message Encryption interface, in keeping with Outlook Web App, is modern and simple to navigate. You may easily find information and perform quick tasks akin to reply, forward, insert, attach, and the like,” he said. “As an added measure of protection, when the receiver replies to the sender of the encrypted message or forwards the message, those emails also are encrypted.”

Beyond personal use, another possible application for more widespread email encryption will be to provide businesses more techniques for securing sensitive information, as an illustration, for banks sending bank card statements to customers via email, mortgage brokers querying information from customers via email, and physicians sending health information to patients.

For outgoing messages, encryption may also be applied using transport rules, which are configured, for instance, to just encrypt messages that come with specified keywords or email addresses — should be would becould very well be managed either via an online-based interface, or the Microsoft PowerShell scripting language.

The encrypted email feature, which Microsoft plans to introduce by the top of March 2014, would be added to the Office 365 enterprise-level E3 ($20/user/month) and E4 ($22/user/month) plans, as portion of their Windows Azure Active Directory Rights Management feature. That features a style of information-protection features, which includes the flexibility to stop internal users from forwarding a message, in addition to restricting messages to “read only,” meaning they cannot be copied, printed, saved, or edited.

Note that for anyone currently using Exchange Hosted Encryption (EHE), it is going to be replaced by Office 365 Message Encryption. “Like EHE, Office 365 Message Encryption works with Office 365 mailboxes in addition to with on-premises mailboxes that use Exchange Online Protection,” Sahay said. All EHE users will soon be moved to the Office 365 Message Encryption service.

Moving email to the cloud has lowered IT costs and improved efficiency. Discover what federal agencies can learn from early adopters. Also within the The nice Email Migration issue of InformationWeek Government: Lessons from a successful government data site. (Free registration required.)

More Insights