Microsoft adds Transport Layer Security to Outlook.com, Perfect Forward Secrecy encryption support to Outlook.com and OneDrive

In December, we had publicly communicated our commitment to strengthen the security of customer data, enhance legal protections over client information, and heighten the standard for transparency in our relationships with global governments. We can confidently state that we have made noticeable advancements in all of these aspects.

Presently, we are directing our efforts to a comprehensive engineering task aimed at boosting data encryption across our networks and services. The objective of this enterprise is to ensure superlative protection of data traversing various Microsoft services that our customers trust and use daily. This step will also emphasize the importance of appropriate legal procedures, rather than forceful technical intrusion, for governments to access data.

As part of this commitment, we are delighted to discuss the three significant milestones as testaments to enhanced security and transparency.

Firstly, Outlook.com has been supplemented with Transport Layer Security (TLS) encryption, providing improved security for both outbound and inbound emails. It means that emails remain encrypted during transit between Microsoft and other email providers, given that they too support TLS.

We have over the past half year partnered with various industry organizations to safeguard your emails. This included successful tests with international providers such as Deutsche Telekom, Yandex, and Mail.Ru to guarantee that your emails remain encrypted in transition. Our heartfelt thanks go to these companies and the global community for their dedication to this complex engineering project.

This encryption project complements existing security measures in our products and services such as Microsoft Azure, Skype, and Office 365. It also brings along improvements that we have introduced in the recent past. For example, enhanced message encryption in Office 365 and Azure’s ExpressRoute – a service enabling businesses to make private connections between Azure data centers and their own infrastructure or colocation environment. Given the many services Microsoft offers and the hundreds of millions of customers we hail worldwide, this is an outstanding engineering achievement.

In addition to TLS, Outlook.com now consistently supports Perfect Forward Secrecy (PFS) encryption for email exchanges. PFS enables each connection to have a unique encryption key, making it harder for potential attackers to decrypt connections.

Secondly, we are proud to announce PFS encryption support for OneDrive. Uninterrupted forward secrecy is now available to all OneDrive users via onedrive.live.com, our mobile OneDrive application, and our sync clients. Just like for Outlook.com, this makes it more strenuous for attackers to decrypt connections between their systems and OneDrive.

Lastly, we are excited to reveal our first Microsoft Transparency Center’s inauguration at Redmond, Wash. campus. Here, partnered governments can review our key product’s source code, validate software integrity, and ascertain the absence of “back doors.” The Redmond location is the first amongst several planned regional transparency centers. We are rapidly advancing on the Transparency Center we announced in Brussels in January, with more location announcements soon to follow.

Given the dynamic nature of the security landscape, our work in this field is ongoing. We are dedicated to continuously pursuing technological and policy adjustments that elevate data protection levels and further enhance transparency in all operations.

source:Matt Thomlinson
Vice President, Trustworthy Computing Security, Microsoft

This article was updated in 2025 to reflect current trends and insights.