Office 365 data not encrypted at rest

One of the questions that was posed in todays Office 365 Security session hosted by Scorpion Software that I appeared on


was whether the data in Office 365 was encrypted ‘at rest’. I said that I thought it would be but as it turns out I was wrong. The following document:


Standard Response to Request for Information O365 – Security Privacy v2 –


says clearly:


“Office 365 currently does not encrypt data at rest, however, the customer may do so through IRM or RMS.”


in multiple places (one instance is on p26, in the IS-18 Information Security Encryption section).


However, before everyone starts jumping up and down about this, can I ask whether the information on your local server is encrypted at rest? It can be (using Bit Locker and what not) but it isn’t be default I believe. However, I’d like to know the reason why it is not, so let me see what I can find on that score and report back.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s