Microsoft finally brings more robust encryption support to Outlook.com and Onedrive

Data privacy has become a focal point for many consumers after it was revealed that the NSA was running free with our data. There was also the issue where Microsoft went snooping through one of its own email accounts to take down someone who was trying to sell Microsoft intellectual properties.

While the two events mentioned above are unrelated, they both highlight the fact that your data was accessed by those to whom you have not given explicit permission to view your content. In an effort to make you feel more secure about using Microsoft services, the company is making big strides in security by encrypting inbound and outbound emails as well as your data transfers with OneDrive.

For emails, Microsoft is now using Transport Layer Security for inbound and outbound emails which means that when your email is traveling from server to server, it is now encrypted. This is not limited to internal Microsoft servers - any email provider that supports this feature will now be able to send and receive encrypted emails from Outlook.com.

With OneDrive, PFS (perfect forward secrecy) encryption is now supported too. This means that when you are transferring data between OneDrive and your local client, it is now more secure and makes it much harder for attackers to decrypt connections between your client and Microsoft.

These additions are fantastic for the platform and are certainly a welcomed addition. But we can't help wondering why it took so long for these feature to be brought to these platforms. You would think that data security would be the top priority for Microsoft, especially with OneDrive, prior to the NSA scandal. While we are happy that these features are now in place, it is still a reactionary move, and in the world of storing sensitive personal data, we - and many users, no doubt - would prefer proactive measures instead.

Source: Microsoft

Report a problem with article
Previous Story

IE global market share remains stable during June as Chrome jumps

Next Story

How Surface Pro + Xbox One helped a paralysed man to do more

14 Comments

Commenting is disabled on this article.

Lots of negative spin and innuendo, very little substance. Who is the second author of this post, It say "....we can't help wondering..." or are you just using the royal we?

why it took so long? they have massive services, one drive is bigger than google drive for instance. you can't just spin on a dime. this isn't a 10 man operation.

> In an effort to make you feel more secure about using Microsoft services

Interesting choice of words. Are you more secure, or will you just feel more secure?

[Edit]: No such wording in MS's own article. Neowin's own deliberate spin?

Well, I didn't personally implement the security so I can't vouch that it was implemented correctly or that they didn't write the passkey down and store it under their keyboards.

If you take all PR as true at face value, there is great ocean front property in Iowa that I would be happy to sell you.

_dandy_ said,
> In an effort to make you feel more secure about using Microsoft services

Interesting choice of words. Are you more secure, or will you just feel more secure?

[Edit]: No such wording in MS's own article. Neowin's own deliberate spin?

Just like in 'real life', nothing is actually secure. Its just the illusion of security.

Its just to make you feel more secure because NSA is/was able to go into any database. It know many loop holes in these encryption systems.
We discoverd about heartbleed recently and will find out more in future.

anothercookie said,
And here I am still waiting for the outlook.com update from last month, still no undo button for me :(

Well I have the undo button for a while now, but the inline editing that came together with that update only worked once here. And that's with Internet Explorer. So I don't know how they handle updates but it sure as hell is not very consistent.

manwiththedroid said,
Now if only they would store data encrypted their service would be usable!

they do. however they need to be able to decrypt it or you wouldn't be able to read it :)

Seriously? By Microsoft's own admission files store in Onedrive are not encrypted. The only "protection" is a Microsoft Account password. And by way encryption doesn't require Microsoft to hold the encryption keys for me to access my files.

Couldn't agree more. This changes nothing as far as MS or NSA being able to access your data and reduces the service to a throwaway storage locker for stuff I could absolutely care less about.

manwiththedroid said,
Seriously? By Microsoft's own admission files store in Onedrive are not encrypted. The only "protection" is a Microsoft Account password. And by way encryption doesn't require Microsoft to hold the encryption keys for me to access my files.

How do you solve search and showing related content?