Great article about Message Encryption in Office 365, and here are some keypoints:
- TLS encrypts the tunnel between mail server to help prevent snooping/eavesdropping.
- SSL encrypts the connection between mail clients and Office 365 servers.
- BitLocker encrypts the data on the hard drives in the datacenter so that if someone gets unauthorized access to the machine they can’t read it.
- Information Rights Management. Windows Azure Rights Management in Office 365 prevents sensitive information from being printed, forwarded, or copiedby unauthorized people inside the organization.
- S/MIME is an encryption scheme that uses client-side encryption keys, popular for some government B2B scenarios. Read more about the upcoming S/MIME enhancements in Office 365.
Exchange Hybrid we can secure email traffic between OnPremise Exchange and Exchange Online using TLS encryption.
Encryption between Exchange Online and Mail Clients like Outlook are protected with SSL.
BitLocker is securing the hardware in Microsoft DataCenters.
Information Rights Management is a feature everyone should read up on, and is the step towards securing Your documents hosted in Office 365. You can With templates or for each documents set rights for printing, editing and forwarding, making it secure to share with internal and external contacts.
I will also add In-Place eDiscovery i Exchange Online to Security, preventing information to be emailed at all or for external contacts.