Microsoft Tightens Email Security

Microsoft Tightens Email Security

4 minute read
David Roe avatar

Edward Snowden has done more for electronic security than anyone else. Singlehandedly, he has forced some of the biggest IT vendors to take a close look at data, data transfer, and how it is stored.

This follows the revelation that security agencies across the world were systematically scanning emails.

In response, Google has made much of its email encryption practices and its efforts to secure the contents of the email itself.

Last night, Microsoft, in turn announced that it has upgraded its encryption standards across all its networks.

Google, Gmail and Privacy

The irony about all this is that Google told Gmail users last year that they shouldn’t expect email privacy and admitted that it scans emails for information it uses to develop personalized advertising campaigns. For its part, Microsoft has muddied the waters so much that it is seemingly impossible to know what, or even if, it is scanning emails in Outlook.

Still, over the past year, and particularly since the Snowden revelations, service providers are tightening up email security. Security is rapidly becoming another element that vendors are using to browbeat competitors as they struggle for market position.

Ifby now we are used to the regular mudslinging between Google and Microsoft in the business productivity pit, it is less apparent around security.

However,the sniping in the security space that has become increasingly frequent over the year turned into a proper vendor firestorm a few weeks ago when Google published research that accused Microsoft, Comcast and Apple of sloppy security practices.

The report was widely circulated in the technology media and even made its way into the general media.However, none of the companies named in it seemed bothered, probably because they were already working on something that could respond to Google’s research.

Google Gmail encryption.jpg

Microsoft Encryption

In the case of Microsoft, last night’s announcement should go at least some of the way to convincing its users that its email services are secure. A blog post written by Matt Thomlinson, vice president of trustworthy computing security at Microsoft, said that these announcements are only part of a wider ongoing drive to upgrade security generally:

We are in the midst of a comprehensive engineering effort to strengthen encryption across our networks and services. Our goal is to provide even greater protection for data across all the great Microsoft services you use and depend on every day. This effort also helps us reinforce that governments use appropriate legal processes, not technical brute force, if they want access to that data."

And that’s not just fightin’ talk. Yesterday,Microsoft launched a legal attack against a malware network thought to be responsible for more than 7.4 million infections of Windows PCs worldwide.In the attack, Microsoft also showed its teeth by convincing a Nevada court that the Microsoft attack was OK andthat it was in the interest of all computer users.

Learning Opportunities

The fall-out from the attack has yet to settle anda lot of people and companies are less than happy about it. If an attack, however legal, is quite different from introducing new encryption standards across email services, the principal is, to a point, the same -- protect computer users' data by whatever means possible. The result is these three new updates:


The first of these upgrades is the activation ofTransport Layer Security encryption (TLS) for its webmail services in,, and According to Thomlinson, this means that when you send an email to someone using an email service that also supports TLS, it will be encrypted automatically, making it very difficult for snoopers to read your email.

This encryption work builds on the existing protections already in Microsoft products and services, like Microsoft Azure, Skype and Office 365. Specifically, it means enhanced message encryrption in Office 365, and ExpressRoute, a service that allows private connections between business users and Azure.

2. OneDrive Perfect Forward Secrecy (PFS)

Perfect Forward Secrecy (PFS) is encryption that uses a different encryption key for every connection, making it more difficult for intruders to decrypt connections. OneDrive customers can now automatically get forward secrecy when accessing OneDrive through,mobile OneDrive application and sync clients.

3. Microsoft Transparency Center

Microsoft has also announced the opening of a new Transparency Centeron itsRedmond campus. The Transparency Centers provide participating governments with the ability to review source code of key products, assure themselves of their software integrity, and confirm there are no “back doors.”

This is only the first center that Microsoft is planning to opening, with another already in the works in Brussels in Belgium. Other locations will be announced in the future.

Title Image by solarseven, Shutterstock