Data encryption in SharePoint Online and OneDrive for Business is configured by default. BitLocker is used to encrypt data at rest (when it is not being accessed and stored on disk) with Advanced Encryption Standard (AES) 256-bit keys. Data in transit (when it is being copied, opened, synchronized, or otherwise transferred between data centers, content databases, client devices, applications, browsers, or other endpoints) is protected via SSL/TLS with 2,048-bit keys.

In addition to encryption offered by the service, Office 365 customers can also implement Customer Key. Customer Key requires an Office 365 E5 or Advanced Compliance subscription in addition to multiple Azure subscriptions. Customer Key can be used to protect data at rest in Exchange Online, SharePoint Online, and OneDrive for Business. Configuring Customer Key is outside the scope of the MS-300 exam, but you should know that it is a service that's offered and that organizations in highly secure or regulated industries may wish to use.

For more information on configuring Customer Key, see https://docs.microsoft.com/en-us/microsoft-365/compliance/controlling-your-data-using-customer-key.

Now that we have learned about data encryption, let's learn how to update the sharing settings.