Data that is moving between cloud services and customers is protected by the Transport Layer Security (TLS) protocol. TLS provides strong authentication, algorithm flexibility, interoperability, message privacy, ease of deployment and use, and integrity (enabling detection of message tampering, interception, and forgery).

Connections between customers' client systems and Microsoft cloud services are also protected by Perfect Forward Secrecy (PFS) using unique keys. PFS is an encryption style that produces temporary private key exchanges between clients and servers. For every individual session initiated by a user, a unique session key is generated. Connections also use RSA-based 2,048-bit encryption key lengths. This combination makes it difficult for someone to intercept and access data that is in transit.