All mail traveling within an Exchange Server organization is encrypted by default. Transport Layer Security (TLS) is used for server-to-server traffic, Remote Procedure Call (RPC) is used for Outlook connections, and Secure Socket Layers (SSL) is used for Client Access traffic (Outlook Web Access, Exchange ActiveSync, and Web Services). This prevents spoofing and provides confidentiality messages in transit.

SSL Certificates Automatically Installed

SSL certificates are installed by default in Exchange Server, enabling broad use of SSL and TLS encryption from clients such as Outlook Web Access and other SMTP servers.

Opportunistic TLS Encryption

If the destination SMTP server supports TLS (via the "STARTTLS" SMTP command) when sending outbound e-mail from Exchange Server, Exchange Server will automatically encrypt the outbound content using TLS. In addition, inbound e-mail sent to Exchange Server from the internet will be encrypted if the sending server supports TLS (Exchange Server automatically installs SSL certificates).