All encryption and decryption happen in the same systems that enforce tenant isolation, which are Azure Active Directory and SharePoint Online. Azure storage has no ability to decrypt, or even identify or understand the customer data. When a file is downloaded, SharePoint Online retrieves the encrypted customer data from Azure storage based on the unique document identifier and decrypts the customer data before sending it to the user. When a file is uploaded, encryption is performed by SharePoint Online within the context of the upload request, before being sent to Azure storage. The keys are either created and managed by the SharePoint Online service, or when Customer Key is used, created and managed by customers. SharePoint Online and OneDrive for BusinessĪll customer files in SharePoint Online are protected by unique, per-file keys that are always exclusive to a single tenant. The conferencing client then connects to the Web Conferencing server presenting the authentication cookie to be authenticated by the server. The conferencing focus passes to the conference client an authentication cookie generated by the Web Conferencing server. When joining a Web conference, each conferencing client establishes a SIP dialog with the conferencing focus component running inside the front-end server over TLS first. The Web Conferencing server also authenticates conferencing clients before it allows the clients access to conference customer data. It sends the corresponding key to clients so that the customer data can be decrypted.
When a piece of customer data is shared in a conference, the Web Conferencing server instructs the conferencing clients to download the encrypted customer data via HTTPS. Each piece of customer data is encrypted using a different randomly generated 256-bit key.
The encrypted customer data is stored on a file share. The Web Conferencing server encrypts customer data using AES with a 256-bit key.
Skype for Business customer data may be stored at rest in the form of files or presentations that are uploaded by meeting participants. Microsoft 365 is a highly secure environment that offers extensive protection in multiple layers: physical data center security, network security, access security, application security, and data security.
0 kommentar(er)
