In some application areas, particularly high security requirements apply, as internal company data is either subject to a high level of confidentiality or is shared with users outside your company via external communication channels. For these cases, Microsoft Information Protection offers the following tools:
Office 365 Message Encryption
The application is used to encrypt emails that contain confidential data. Besides Outlook, the service is also compatible with other mail providers, such as Yahoo or Gmail. If the tool detects a document that was previously classified as sensitive, a warning appears, which is why the mail can only be encrypted or, in some cases, not sent at all.
Double Key Encryption
The tool is reserved for the most sensitive data, so that access is possible only for you or through you. It generates two keys, the first of which resides with Microsoft Azure and the second with you. Since a document can only be decrypted by merging both keys, your approval is required under all circumstances.
Furthermore, it is also possible to encrypt data without a connection to Microsoft services. To do this, they manage the respective root key within Azure Key Vault and can thus perform encryption via an additional hardware security module.