Security Questions

1 . How secure is the information contained in emails and attachments?^

Office 365 maintains the latest defenses against viruses and spam with Forefront® Online Protection for Exchange, a service that handles over 150 million messages to 8.5 million users around the world every day and is updated to address new virus and spam threats as soon as they appear. Microsoft helps to safeguard your data by hosting it in geographically-distributed data centers, with continuous data backup and premier disaster recovery capabilities.

Electronic communication, including e-mail, is vulnerable to access by unauthorized parties in transmission and in storage. It is recommended that electronic communication, including e-mail not be used for sensitive data. While O365 itself has the necessary controls for handling of sensitive information, the receiving email system and network must also be secure for the data to be fully protected. 

2 . Will the connection between my computer and the cloud server be secure?^

The email connection types (Exchange, POP, IMAP, and SMTP) all support SSL encryption to secure your connection, and the web mail client uses https to secure your connection.

3 . Will my username and password be handled securely in the cloud?^

For web-based authentication (, username and password are passed between the client and the Gonzaga University’s ADFS servers over SSL and never pass to Office 365 at all.

4 . Will my data be handled securely in the cloud?^

Office 365 provides the ability to encrypt data at rest by supporting technologies that can encrypt the content of emails and/or files. The supported technologies for data encryption at rest include Microsoft’s Information Rights Management (IRM), S/MIME and PGP Email encryption and have the advantage of allowing the customer to maintain full control over the encryption infrastructure and key management on their premises.

Office 365 support for data encryption at rest technologies is designed to minimize the risk of information leakage by encrypting the content, allowing access only by the intended users and by extending the protection beyond the initial publication location. Microsoft’s IRM goes further by restricting the actions allowed on the protected content and also encrypting Office application document attachments.

Office 365 mitigates against the risk of unauthorized physical access with extensive physical protections in their data centers and operational procedures.

Some answers provided by our colleagues at the University of Wisconsin-Madison in the Division of Information Technology, thank you!