Microsoft adds new encryption support to OneDrive and

By John Callaham on 1 Jul 2014 09:37 am EDT

Microsoft has announced it is adding new encryption support for its OneDrive cloud storage service and its email website, along with the opening of its first Transparency Center.

For OneDrive, Microsoft says it is adding Perfect Forward Secrecy (PFS) encryption support. The company stated that this system will be available via the website, along with its mobile apps, such as the BlackBerry version, and sync clients. Microsoft said this added level of security for files will make it "more difficult for attackers to decrypt connections between their systems and OneDrive." users will also get PFS support from now on, along with Transport Layer Security (TLS) encryption. Microsoft says, "This means that when you send an email to someone, your email is encrypted and thus better protected as it travels between Microsoft and other email providers."

Finally, the company announced that it has opened its first government Transparency Center in its Redmond, Washington campus. The center has been created to give government agencies a way to review the source code for many of Microsoft's software products in order to show them there are no security issues or "back doors" that might compromise their use. Microsoft plans to open other such Transparency Centers in other locations worldwide.

What do you think about this new move by Microsoft to add new encryption support for OneDrive and

Source: Microsoft

John Callaham John Callaham "News Writer for Mobile Nations" 98 (articles) 0 (forum posts)

Reader comments

Microsoft adds new encryption support to OneDrive and


I've shifted from Google Drive to OneDrive because of the BB10 support and Dropbox isn't free for the same amount of storage.

Frosty white Q10/

Yup. On Hotmail since 2009 here - especially on BB10 devices it's a superior solution over anything else.

Downloading OneDrive RAIT NAO.

I know it's a different thing but still somewhat parallel Microsoft still hasn't figured out how to allow for a bare metal restore on server 2012r2 via azure or any of their other cloud solutions.

Classifieds Canada and GeoYeo B4B Apps all the way!!!

Same here, one drive works fine on my Z10 but the android version works better than the native version for me.

Posted via CB10

That is what the transparency center is for. The NSA folks can come right in a get the source code, along with their foreign counterparts.

It's a PR stunt. They think we are all stupid. It changes nothing. Government agencies pose a far greater threat to your data than anyone else, this will just give them even greater capabilities.

Posted via CB10

I like the idea on the surface because it assumes everything on BB would integrate perfectly with MS products however, MS is a ponderous beast. Smaller companies like BlackBerry tend to be more innovative and customer service oriented. I think the quality of Skype has suffered since the MS acquisition.

Not sure MS could damage BlackBerry's "innovative" abilities or it's current customer service...

But if MS did buy BlackBerry, it would be the end of BlackBerry.

I would disagree. MS has a very long track record of producing some remarkable duds. Windows 2000, Windows Vista, Windows 8, not mention it's car infotainment system. MS has size on its side and thus deep pockets. This shouldn't, however, be confused with solid product offerings.

Sarcasm from Balok. He is saying that BB is in such a low state now that even MS can't F it up further.

Tiles ruin all Windows 8 Devices and they need to be scrapped.
everything just looks ugly and boxy

MSFT being as large as it is makes it far more vulnerable to negative views and failed user experiences. Apple is now entering this space as is Google. Sony is still working on regaining it's place in the market as they too became victims of their success. Large companies start to water down quality and take consumers for granted and this always ends up bitting them in the butt.

Posted via BlackBerry Z30

I don't think Windows 2000 should be in your list of duds. It had a very solid reputation. Perhaps you meant Windows ME, the last of the DOS-based systems, which was renowned for it's bugs?

If Microsoft bought BlackBerry scrapped WP8 UI and replaced it with BB10 UI, Blackberry Email Service mixed in with Outlook and Interconnected core apps. I would be happy. It's actually stupid that they didn't because them and BlackBerry's patents would own enterprise.
They need to scrap Bing too haha

There is no BlackBerry email service; BES Push was scrapped and replaced with Microsoft EAS, and BIS/NOC was just scrapped. RIM's principal patents were all on that industry-defining and -leading -- and now non-existent -- proprietary push tech.

Although if msft did buy BlackBerry, it would be a win for all if they took QNX and ran with it.

The more security the better

Posted via CB10 on my awesome black Q10 or my white sexy Z10


Still, if you can roll your own cloud, that might be the best solution :-)

There are so many parties that have a secondary interest in Microsoft, I wouldn't put real sensitive stuff on there. They are a target.

Also, blunders in the past (leaked / compromised "Microsoft Passport" data anyone?) have shown, MS is not the ultimate fortress. Things have apparently improved, though.

Pasted via CB chen

I'm all for it. is a superior free mail client and OneDrive seamlessly integrates with BB10.

Posted via CB10

Microsoft now needs to develop a native BB10 One Note app to bring more integration of MS to BlackBerry.

Posted via CB10

I fear this may be the beginning of some traction for enterprise that BlackBerry likely doesn't want Microsoft to have. On the other hand I am pleased as an Outlook mail client. What we really need is another partnership so that you have full desktop abilities in the Microsoft Office suite on BlackBerry 10. With e miracast and usb host and with full office capabilities would be a force to be reckoned with!!!
Mr. Chen I hope you are working hard on something like this with your enterprise team!

Posted via CB10

Nice to see that security is finally becoming a focus. It has been long overdue.

Posted via CB10

Really? MS has given the NSA (and who knows who else) a complete backdoor to all your data. This is only a marketing ploy and focus is really on putting punters' minds at ease. Nothing'
s changed, business as usual.

Posted on the awesome BlackBerry Q5

Same here. After MSFT got caught opening up windows(tm) to the NSA via a special backdoor, I don't trust them at all to keep anything secure.

Realistically looking at the bigger picture, nothing is really secure. These companies can offer, as much as they think we need, but once we entrust information to another it can be compromised.

Blackberry always.....

Letting people have a look at their code under an NDA has nothing to do with open source.

Posted via CB10

Been too many "minor" issues with trusting MS... active MS servers following links sent to others over Skype & files retrieved from MS cloud storage that seem to have been modified (look same but file has different bits)

Plus statement that mail better protected when moving between other providers is currently bogus as smtp is generally unencrypted as very few do. Within yes... to others, doubtful!

Posted via Z10 super phone

That's interesting about the modified files. Would love for the evidence on that to be posted somewhere.

And many email providers these days do encrypted transport if the sending MTA requests it, though you are right that many still do not. Gmail and Fastmail are two that definitely do support it. Yahoo has been dragging their feet, but as of the moment at least some of their incoming MX's support it. Here's an SMTP greeting from one just now:

220 ESMTP ready
ehlo domain
250-SIZE 41943040

The "STARTTLS" bit tells us that host supports encrypted mail transfer.

I know it sounds like I am wearing a tinfoil hat. :)

I use MS products & services, but do not trust them with anything sensitive they have good products. Unfortunately they market the crap out of some of the worst ones, and the track record for security has always been horrible for any of the Web based products. I remember when Skype was getting popular because of its security. Then MS bought them & now not only do they track the conversation, they will actively follow any links you use in the chat. "To help deal with SPAM" is the reason... not sure how that relationship between spam & a supposed private chat is made but whatever. :)

I'm not against MS... just their lack of transparency & bull crap.

Good to see that maybe secured smtp could be happening sooner than later tho.

Posted via Z10 super phone

Call me a scenic but I wonder if they will be indirectly showing the governments around the world how to create a back door into their products with this transparency centre?

Posted via CB10

Microsoft is still in bed with the powers that be. In fact, the argument could be made that they are worse than any single government. Their reach spans the globe, and they've been fined by numerous countries for their shady behaviour. No thanks.

Transmitted via my trusty sidekick Z3P0

I think announcements like this will only feed the beasts that are hackers. Telling them there is added security will make them say "let's see how good it really is." i've been a Hotmail user since '95 but it's more of a spam email nowadays, where i use it for unimportant things.

Posted via CB10

My only response to this move: HA!

I'm sorry, Microsoft, but with all due respect, you are now a corporation that is essentially owned and operated by the NSA and the other alphabet organizations.

I think the straw that broke the camel's back for me, in terms of seeing Microsoft as just a tech shill for the government, was the absolutely desecration of the Skype. Do you guys remember Skype before Microsoft got it's hands on it? Sure, the GUI looked relatively the same (less those annoying advertisements) but under the hood, Skype was such a secure beast. Activists and whistleblowers from around the world flocked to it as a secure medium of communication...but now? It is far from it. The once secure, absolute encrypted P2P connection it had is now routed through Microsoft's central servers where they have given NSA access to all encryption keys.

Once more, the "Transparency Center" is equally as trivial a move as One Drive encryption. Sure, a lot of their programs probably do not have a back door in them, but when you take something like Skype that is routed through Microsoft's servers and hand over the encryption keys to the NSA and give them real time access server side, none of those backdoors even matter. Who would need them when they have something better?

So Microsoft, while I understand that this is merely a PR move, as well as with your laughable "Transparency Center", this does absolutely nothing in my eyes (as well as the eyes of many other security observers). The quicker people understand that Microsoft in itself is nothing more than a giant honey pot for the NSA, the quicker we can move onto different products.

There is a reason why so many other OSes such as Linux Mint and other open source programs are gaining traction, Microsoft. It is due to the fact people are waking up to the whole charade you play as "victim business of the NSA". No one buys it because the lid has already been blown off. I would not trust a single file I needed to keep secure in the hands of anything Microsoft; others, please heed this advice too.

TL;DR Any move Microsoft makes is futile - owned and operated the alphabet agencies.

Is everyone in these forums involved in some high level espionage. I really don't care if NSA wants to scan through my travel photos I recently took in California or maybe go through my shopping list in one note. There is also a hefty collection of some extreme selfies taken while white water rafting on Ottawa river. Hey maybe it will make one of the NSA agents crack a smile...if you want privacy you better start unplugging those routers, cancelling your FB accounts and don't even think of powering on that smart phone. And if you carry on with some secret "off the grid" mission maybe one drive isn't a solution for you!

Posted via CB10

It is because of people like you and attitudes like that, that mass surveillance will soon become the norm.

If I follow your statements correctly, your argument is that one cannot reasonably expect any form of privacy while connected to the Internet? Sure, one could argue using a service such as FB for free you have to agree to their terms, but what of products I pay for, such as Cisco routers, that I want to work as advertised and not "As advertised + NSA additions"?

Are you saying the the norm should be mass surveillance and product tampering to allow for organizations to monitor your movements?

Sure, those travel photos from California would be awesome for anyone to see!....but what about them using the GPS coordinates of your photos to place you at a specific place at a specific time. What if you travel to a country that goes on the ever-growing 'watch list' of the USA and someone in a surveillance agency catches wind of it? By your logic, they should be able to come interrogate you about it and keep a close eye on you because you weren't carrying out some top secret mission.

The whole idea that the NSA is some faceless group is quickly dissolving; look no further than some law enforcement agencies in the USA who have cell phone tower spoofing equipment to ease drop on voice and data no the fly. But hey, maybe your conversation with your doctor about medical problems might make him crack a smile at least.

You stopped short of saying my favourite argument from people such as yourself, "I have nothing to hide!". To that, I always say, "It's not that I have something to hide, it's that I have nothing to share." There is in fact a huge difference between the two. If you don't mind others poking their nose in your business that is none of theirs, I make the humble request, can you place scan and upload copies to a CrackBerry forum thread of your: driver's licence, last tax return, your SIN (social security number in the usa), and what the heck, let's go for a copy of your birth certificate too. Come on, it'll make me crack a smile!

I know lots of people who make digital copies of these things. Should they not expect reasonable privacy when storing those copies?

TL;DR - Your argument is highly flawed and downright insulting to those who actually value privacy.

Your request for my personal information scanned and uploaded is graciously denied, I wouldn't be naive enough to post that on one drive (which is the service we are talking about here). That is not because of the NSA but rather people that have much worse ideas in mind. Again I'm not afraid of the NSA, and frankly care very little if they want to waste time investigating me, I do feel bad for the American tax payers though that have to foot the bill for that activity. But I would like you to consider that since the internet became a wide spread media, this notion of privacy has seriously diminished if not gone out the window completely. So again if you value privacy to that extent, the internet is somewhat of an antagonist in your story.

Posted via CB10

Responses like this make me despair! It is not "the internet" that makes an expectation of privacy unrealistic. It is government using it's legal monopoly on the use of violence to coerce companies into allowing their 'backdoors' and data mining. Proper encryption and a contractual agreement with a company that I can trust (or can sue if they misuse my data) stating that my information shall not be shared is all that is required for privacy. Unfortunately, government makes sure that can't happen. Even the most security conscious company has to leave open the possibility that they will be legally coerced into revealing your information. Ultimately, we all have things we'd rather keep private, and it's always possible that a corrupt government can use these things against you, if it knows. I'd rather take my chances with the terrorists than have this kind of 'security '!

Posted via CB10

Uh oh, it sounds like someone is a little timid to have someone look at their private information! Why could that be? I mean...the NSA operators are relatively faceless entities, much as I am to you also. Why are you splitting hairs? If you have no problem with one private citizen having on demand access to your information, why can't I?

The issue clearly here is that while One Drive and Microsoft's other products shout to the high heavens that they have implemented 'tough encryption' and 'new security' measures, naive users take this as the end all be all to security. While people should educate themselves on online security, in this day and age, any American company has a red flag attached to it (in terms of data security) with gag letters being doled out link candy courtesy of the Federal US Government.

The Internet is inherently not designed to either be for nor against privacy. If users take steps to use the Internet in a responsible manner, why should the decision to use a 'safe' Internet not exist? Why remove the autonomy of the people whom have every right to a secure Internet experience?

The antagonist part of the Internet not equating to privacy is merely the talking point given to you by the very people violating our privacy, that you seem to be parroting.

I ask you to answer this carefully, are you in favour of a surveillance state? If one does not have an assumed right to maintain their privacy in all realms of their life (Internet included), then you are arguing for a state where privacy does not exist in any extent of the word (as I know you will return to say, "We already don't have any privacy!!!").

Oh calm down, you big drama queen.
Your straw man argument is pathetic, and you've taken the original comment of " I don't care if someone sees my holiday snaps" into some long deranged rant. The gist of their comment was they could care less if someone wanted to look at holiday snaps, because they have already ensured their personal data is not on a hosted site.

If you upload sensitive material onto the Internet, then (hilariously) complain about lack of privacy, then you're an idiot.
No one else is responsible for YOUR privacy and security except YOU.
Whining and bleating about it simply shows you haven't grasped that very basic and fundamental step, and then you putting the onus onto some other company, simply because they have offered you some free storage space makes you simpler than a child accepting candy from a stranger.

Here, I have an empty wallet just for you - want to store your money in it for free ? Huh, huh ? No, I didn't think so.

TL:DR If you're not paying for it, you're not the customer. You're product being sold.

>Oh calm down, you big drama queen.
Ah yes, the sign of a person who has intellectually been beaten down. They must start off with a puffed out chest and an insult to crawl back up the mental ladder.

>Your straw man argument is pathetic, and you've taken the original comment of " I don't care if someone sees my holiday snaps" into some long deranged rant.
"Degranged" (sic) rant? You really are missing the point, aren't you? It is not just about "holiday snaps", this is about YOUR data, whether it be pictures, databases, or other information, my entire argument stands. You claim you have no problem with people seeing your data, so I tested your claim and have shown you to be a hypocrite. You do indeed have a problem with people seeing your data as I have exposed, so why should it be allowed by corporations that bow down to the NSA?

>"If you upload sensitive material onto the Internet, then (hilariously) complain about lack of privacy, then you're an idiot."
If a company claims to "beef up encryption" to thwart others from looking at it, but is actually wholesaling it out to government agencies, then why would one be an idiot to believe claims by a company that otherwise should not have a reason to lie? If a company provides you a product and makes claims about it that are totally false, that makes you an idiot eh? I suppose then if you bought a car from a dealership and the entirety of the car history had been falsified because Ford, GM, Chevrolet etc. told that dealership to lie, then that makes the consumer an idiot? Wow, you certainly do have some warped views on reality.

>"No one else is responsible for YOUR privacy and security except YOU."
Exactly the points I have been bringing up. You seem to believe I place all onus on business when I never said that once. I have said, repeatedly, if a consumer believes a business' claim that data is secure from prying eyes, that consumer has done their homework to ensure their privacy is being upheld. If a company goes rogue and decides to let the NSA look into that data and does not inform a customer because of a gag order, that consumer would be none the wiser that their privacy isn't being upheld because of the initial claims of privacy and security.

>"Whining and bleating about it simply shows you haven't grasped that very basic and fundamental step, and then you putting the onus onto some other company, simply because they have offered you some free storage space makes you simpler than a child accepting candy from a stranger."
Once again, you have failed to grasp even the most basic concept of my argument. See my last response and a previous post where I referenced Facebook's terms of service re: privacy and due diligence.

You still have not answered my question. Why not? Are you afraid to confirm you do believe in a surveillance state? That nothing on the Internet should be private? Heck, that argument I might as well say that you should not expect any privacy within your own home as technically you are on the land of a government body. Your argument is weak and truly holds no weight.

Let's see if you'll answer this finally: I ask you to answer this carefully, are you in favour of a surveillance state? If one does not have an assumed right to maintain their privacy in all realms of their life (Internet included), then you are arguing for a state where privacy does not exist in any extent of the word (as I know you will return to say, "We already don't have any privacy!!!").

While Smitty13 is correct, I tend to have little patience going into long debates on this point these days, because most people who eagerly espouse the "I have nothing to hide" stance aren't interested in hearing a counterpoint to their stance anyway.

I will just leave you with the following, I hope it is food for thought for others, if not yourself:

I use linux mint over windows, made the entire switch quite easily and only venture into the world of windows just out of curiosity, but i'll never trust my data on it UNLESS the computer running windows (any version) is completely void of any internet connection.

Posted via CrackBerry 10 (CB10) application using my BlackBerry Q10.

I'll wait for Angela Merkel to trade her Q10 for a Nokia Lumia and then maybe I'll start trusting MS with my data again.

Posted on the awesome BlackBerry Q5

I upgraded to Office 365 so Outlook would work with Outlook (er.. Outlook desktop would work with

Now I have to reinstall Office every time I reboot my PC because the Office apps won't launch.

Anyway... I don't see where to set up encryption in OneDrive, on the website or in the app. How do I do this?

One Drive
Still garbage cloud security. Encrypt on the client or consider your data to be public.

Welcome to the 21st century, but it's not very helpful for most people as you have no way of knowing if the people you send emails to use servers with TLS support and any proxy can read the messages

The Transparency Center is a good move, but could just be a smoke screen, unless they compile the code in front of you and give you hashes of the executablee that you can use to validate the binaries installed in your enteprise.

Even then they could run a carefully scripted setup with hooks to insert malicious code on the fly.

Needs to be a clean machine with a necessary tools installed brought in by the customer, and then the source loaded onto it for compiling.

Zzzzwiped from a Zedevice....

A clear smoke and mirrors move. No thanks, I can't imagine anyone in the know using Outlook or 365 by choice.

What do you use as your email provider? I chose outlook recently so that everything would sync well with my (personal) BlackBerry 10 smartphone. Perhaps there is something else that is more secure but works equally as well with active sync???

Thanks in advance.

Posted via CB10

I have recognized that my onedrive App used my mobile network for upload although i switched to uploading only in wifi network! Anyone with the same issu?

Posted via CB10

This "transparency" circus comes right in time with the government trumpets blowing freedom over intrusion, and I still use One Drive and Office, but let's call a cat a cat: the codes for encryption are done by the NSA, LOL.
Marketing and hypocrisy for the masses.

Posted via CB10

I think Microsoft understand that the appearance of being transparent is vital to customers trusting the company

Posted via CB10

I've switch from Gmail to for one reason. Exchange Active Sync. Gmail dropped free support of it. I jumped and switch my main email to outlook.

Posted via CB10

Two things:
1. Don't put your shtt in any cloud storage
2. If microsoft ever buys BlackBerry, I'm throwing away all my beautiful blackberries and I'm buying BlackPhone.

Posted via CB10

I may ne alone here, but everything seems to works, sans syncing a MS Excel doc on my Z30 with One Drive on my PC browser.
Can't get them to sync properly and actively.

Pfft, I don't usually care for microsoft products, I got windows 7 (6.1.xxxx) and 8 (6.2.xxxx) for free (you know where! Lol), but I never use them. Linux all the way, yahoo mail is pretty good, never had issues with it. There is always a delay with anything hot/live/outlook mail on the receiving or sending end, with others, it's instantly.

Posted via CrackBerry 10 (CB10) application using my BlackBerry Q10.

Since the author asked what I think... :P

PFS is just a slight enhancement to the way SSL/TLS handshakes are done. Implementing it cost Microsoft probably next to nothing. So while it's certainly good to have more service providers enable this, it's not like it entails some massive sacrifice on their part. Generally the reasons sites don't enable it is just pure laziness. (In years past there could have been a slight SSL handshake performance penalty but I don't think this is much of a concern these days)

As for TLS enabled for email traffic, A) it does no good if the other side of the communication does not support it, and B) Microsoft is pretty behind-the-curve if they just started doing this. Most reputable large email providers have had this enabled for years now.

You can thank the NSA for Microsoft's new "Transparency Centers". Since most of the world is now wary of sending anything remotely sensitive via US-based technology company products and services as a result of NSA's widespread compromise of security and confidentiality, companies based here now have to go out of their way to try to regain the trust of customers. It will be an uphill battle.

Great news. However I would like to see PFS encryption supported by the native Windows networking stack especially with VPNs.
Oh well, I can dream...

Z10 STL100-2 EE UK

I left one drive back to dropbox due to unresolved issues with storage, slower download speeds (by up-to 20x) and poor synchronization times (several hours versus drop boxes several minutes).

One drive is cheaper. Because it isn't as good and they need to undercut to get customers.

Posted via CB from my LE