In addition to volume-level encryption, Microsoft online services use Service Encryption at the application layer to encrypt customer content. The encryption provided by BitLocker protects customer content if there are lapses in other processes or controls (for example, access control or recycling of hardware) that could lead to unauthorized physical access to disks containing customer content. Microsoft servers use BitLocker to encrypt the disk drives containing customer content at the volume-level. How do Microsoft online services encrypt data-at-rest?Īll customer content in Microsoft online services is protected by one or more forms of encryption. Encryption complements access control by protecting the confidentiality of customer content wherever it's stored and by preventing content from being read while in transit between Microsoft online services systems or between Microsoft online services and the customer. Microsoft's access control policy of Zero Standing Access (ZSA) protects customer content from unauthorized access by Microsoft employees. To protect the confidentiality of customer content, Microsoft online services encrypt all data at rest and in transit with some of the strongest and most secure encryption protocols available.Įncryption isn't a substitute for strong access controls. Most Microsoft business cloud services are multi-tenant, meaning that customer content may be stored on the same physical hardware as other customers.
Feedback In this article What role does encryption play in protecting customer content?
0 kommentar(er)
