Seems like Microsoft’s December promise is coming to fruition. It promised to encrypt customer data moving between the user and Microsoft and data moving between data centers would be encrypted by default. Microsoft has already started replacing weak encryption keys, updating the old ones with a minimum 2048-bit key lengths.
Microsoft picked email as a starting point for its encryption efforts, including worldwide partners such as Deutsche Telekom, Yandex and Mail.ru to help evaluate the viability of its encryption.
After more than six months, Microsoft has just now started using Transport Layer Security encryption (TLS) for its email services at Outlook.com, Hotmail.com, MSN.com and Live.com. This means it will be considerably harder spy on email originating from and being sent to a Microsoft account, as long as the connecting email service also uses TLS.
Matt Thomlinson stated that this is a start of a process aiming to strengthen encryption. He is the vice president of Microsoft’s Trustworthy Computing division.
Microsoft also has enabled Perfect Forward Secrecy encryption (PFS) for its cloud storage service OneDrive. The OneDrive service will now operate on the tougher PFS encryption standard, which preserves users confidentiality even when a third-party would try to eavesdrop on the network. Perfect Forward secrecy utilizes a different encryption key for every new connection, making it a lot more difficult for attackers to decrypt connections.
Finally, first transparency center has been opened by Microsoft at its headquarters in Redmond, where governments are invited to review Microsoft’s source code for key products to verify that no hidden backdoors have been added to the software. Microsoft has not yet published which of its products will be available for review.