Microsoft expands the use of encryption on Outlook, OneDrive

Last December, Microsoft promised to expand its use of encryption for its cloud services to protect them from criminals and hackers (and, though the company didn’t say so, spying governments). Today, it announced that it has reached a number of milestones in this ongoing effort.

Both inbound and outbound mail on the Outlook.com service will use TLS encryption when sending and receiving from servers that also support TLS. The company says that it has worked with a number of other mail providers, including Deutsche Telekom, Yandex, and Mail.Ru, to ensure that mail sent to and from these popular providers is encrypted in transit.

Outlook.com and OneDrive have also been updated to use perfect forward security (PFS). In PFS, the keys used for each connection are randomly generated on a per-session basis. This is important because it protects against bulk data collection. Without PFS, if a law enforcement agency or hacker can demand or steal the long-term key used to secure connections, they can use that key to decrypt all historic, recorded sessions. PFS prevents this; compromising one session’s key only enables decryption of that session.