Microsoft brings new privacy and security features to OneDrive and Outlook.com
The first — and likely to be most used — feature is the inclusion of password protection for OneDrive links to allow more secure sharing with those who don’t have Microsoft accounts or when there are too many recipients to practically control access via their accounts. Password protected sharing has been a frequent request on Microsoft Answers because of the additional protection it provides when a link might end up in the hands of an unintended recipient. This is an important change for giving users more ways to keep their files safe during sharing, especially when combined with the ability to set an expiry date for the link. To round off the options, we’d like to see Microsoft add an option to limit the number of downloads, similarly to Tresorit.
The second feature is end-to-end email encryption, which will possibly have a more noticeable privacy impact on users of the service. When sending unencrypted files or important messages via email, you are reliant on your recipient’s service provider encrypting traffic to protect your privacy. Outlook.com allows you to take this into your own hands with an option to enable end-to-end encryption for a message before it is sent. Recipients with an Outlook.com (or Hotmail) account can seamlessly read and reply to the email while using Outlook.com, the Outlook mobile app on iOS/Android, or Windows Mail desktop app. Others, meanwhile, will receive a link to an Office 365 page where they can authenticate before viewing. Keep in mind that Microsoft controls the encryption key so while this protects you from criminals sniffing email traffic, it isn’t as secure as when you are in control of the key yourself.
Related to this encryption change is the ability to prevent forwarding or copying of emails sent via Outlook.com. It isn’t clear how forwarding is prevented, but we expect that it is handled by the previously mentioned verification page that is part of the end-to-end encryption, rather than trying to insert something in the email header where people would just use a client that ignores the header before forwarding. Downloaded attachments remain encrypted if the ‘encrypt and prevent download’ option is used to help prevent those files just being reinserted in a new email.