Microsoft Outlines OneDrive for Business Data at Rest Encryption, OneDrive Support Coming Soon

Microsoft lifted the curtain a bit today on how Microsoft OneDrive for Business and SharePoint Online handle data encryption. A post by ’SharePoint Team’ on the official Microsoft Office blog detailed how OneDrive for Business data is encrypted at rest and in flight.

‘…when your data is in transit, it is encrypted as data moves between you and the datacenter and between the server and the datacenter, which uses 2048 bit keys. However, the encryption technology applies not only when the data is moving between servers or datacenters, but also when the data is at rest.”

OneDrive for Business Data at Rest Encryption
Microsoft OneDrive for Business offers data encryption for data at rest and data in flight. Regular OneDrive users will have to wait for data at rest support at some point in the future. (Image: Dreamstime)

OneDrive for Business Disk Encryption and File Encryption

The Microsoft post revealed that BitLocker is used for data security at the disk level, but at the file layer each file is given a key that is Federal Information Processing Standard (FIPS) 140-2 compliant and uses 256-bit keys via the Advanced Encryption Standard (AES-256).

Microsoft has produced a video that goes into additional detail about what security methods it uses for data-at-rest for SharePoint Online and OneDrive for Business, and I’ve embedded that video below.

Sponsored Content

What is “Inside Microsoft Teams”?

“Inside Microsoft Teams” is a webcast series, now in Season 4 for IT pros hosted by Microsoft Product Manager, Stephen Rose. Stephen & his guests comprised of customers, partners, and real-world experts share best practices of planning, deploying, adopting, managing, and securing Teams. You can watch any episode at your convenience, find resources, blogs, reviews of accessories certified for Teams, bonus clips, and information regarding upcoming live broadcasts. Our next episode, “Polaris Inc., and Microsoft Teams- Reinventing how we work and play” will be airing on Oct. 28th from 10-11am PST.

What about data encryption for OneDrive?

One thing that isn’t immediately clear when reading through the aforementioned blog post is whether those encryption features are included with the standard (consumer) version of OneDrive. A Microsoft blog post in July 2014 by Matt Thomlinson, the VP of trustworthy computing security, did state that OneDrive supported Perfect Forward Secrecy (PFS) encryption.

“OneDrive customers now automatically get forward secrecy when accessing OneDrive through, our mobile OneDrive application and our sync clients,” Tomlinson wrote. “As with’s email transfer, this makes it more difficult for attackers to decrypt connections between their systems and OneDrive.”

I reached out to some Microsoft PR representatives earlier today to find out if OneDrive had the same level of data at rest encryption, and a spokesperson told me “We have rolled out encryption at rest for OneDrive for Business and are working on it for OneDrive.” So expect to see data-at-rest encryption support for normal OneDrive in the near future. When that happens I’ll update this post to reflect the latest official information.

So are you currently using Microsoft OneDrive for Business? I’d love to hear what you think about Microsoft’s OneDrive security efforts, so please add a comment to this blog post, or contact me on Twitter or Google+. You can also catch up on my posts in the Petri IT Knowledgebase forums.

Related Topics:


Don't have a login but want to join the conversation? Sign up for a Petri Account

Comments (0)

Leave a Reply

External Sharing and Guest User Access in Microsoft 365 and Teams

This eBook will dive into policy considerations you need to make when creating and managing guest user access to your Teams network, as well as the different layers of guest access and the common challenges that accompany a more complicated Microsoft 365 infrastructure.

You will learn:

  • Who should be allowed to be invited as a guest?
  • What type of guests should be able to access files in SharePoint and OneDrive?
  • How should guests be offboarded?
  • How should you determine who has access to sensitive information in your environment?

Sponsored by: