Data security is an important part of the backup strategy. You can use data encryption to protect your backups from unauthorized access in object storage.
Before transferring your backed-up data to object storage, Veeam Backup Proxy for Microsoft 365 Service encrypts data with the help of a cryptographic algorithm and a secret key. If encrypted data is intercepted, it cannot be unlocked and read by the eavesdropper. Only intended recipients who know the secret key can reverse encrypted information back to a readable format.
Veeam Backup for Microsoft 365 generates a secret key based on an encryption password that you create by yourself. For more information on how to configure encryption passwords, see Managing Encryption Passwords.
For data encryption, Veeam Backup for Microsoft 365 uses the 256-bit Advanced Encryption Standard (AES). For more information about AES, see this article.
To encrypt backed-up data, Veeam Backup for Microsoft 365 employs a symmetric-key encryption algorithm.
The symmetric, or single-key encryption algorithm, uses a single, common secret key to encrypt and decrypt data. Before data is sent to object storage, it is encoded with a secret key. To restore encrypted data, you must have the same secret key. Users who do not have the secret key cannot decrypt data and get access to it.