Transparent Encryption and E-Mail Delivery

When a user sends an e-mail message, it travels to the Microsoft global network through a Transport Layer Security (TLS)-encrypted tunnel, and is automatically encrypted at the gateway according to rules created and managed within the Microsoft Exchange Hosted Filtering module. When a message is encrypted, a private key for the recipient is created and stored in a security-enhanced environment on the Microsoft network. The private key is made available to the message recipient when the recipient decrypts the message. The recipient does not have to pre-enroll to receive and decrypt the message. In fact, the recipient may have never received a prior e-mail from the sender. The Microsoft encryption process is entirely transparent to the sender, who does not need to do anything other than write and send the message as usual.

Simple Authentication and Security-Enhanced, Web-based Decryption

Upon receiving an encrypted message, the recipient authenticates their identity and sets a password to securely open encrypted messages from the Hosted Encryption service. Once this password is created, the recipient can use the same password to quickly authenticate and view protected email. Password-based authentication provides an easy and secure method to authenticate and verify a recipient’s identity.

After completing the authentication and password setup process, the recipient decrypts and views the message using the Voltage Zero Download Messenger. The Zero Download Messenger is a clientless, browser-based method that enables a recipient to have confidence decrypting and reading a message and its attachments and then to reply with confidence. Furthermore, the encrypted message remains in the recipient’s e-mail inbox for access at any time.