Understand: Data encryption and integrity

The data the backup system gets from Microsoft is retrieved through public Office 365 APIs, where the transport mechanism used is HTTPS. Meaning all data is encrypted in transit by using TLS encryption.

We always encrypt all data and does not have access to customer data. Data is encrypted in all stages, meaning that when data is resting or in transit it is encrypted with an AES 256-bit encryption. Data is not accessed by us, but we make sure that its kept safe at rest as well as in transit.

The data we backup is also immutable, which means that the backups are tamper-proofed. Once backup is complete, it cannot change. We do not expose any backup-data through any APIs or other interface that can have data changed or overwritten. This protects the end-customers 365 environment from an attack, where backup data are deleted before proceeding to encrypt or destroy the primary data within Microsoft 365.

For more information, see Compliance