Microsoft Support Policy for Exchange 2007 Database Encryption

Microsoft Exchange Server 2007 will reach end of support on April 11, 2017. To stay supported, you will need to upgrade. For more information, see Resources to help you upgrade your Office 2007 servers and clients.


Applies to: Exchange Server 2007 SP1, Exchange Server 2007 SP2, Exchange Server 2007 SP3

This topic describes the Microsoft support policy for using database encryption with Microsoft Exchange Server 2007.

Microsoft Customer Support Services (CSS) supports using Windows BitLocker Drive Encryption to encrypt Exchange 2007 database files and transaction log files.

BitLocker is a data protection feature that is available in Windows Vista Enterprise and Windows Vista Ultimate for client computers and in Windows Server 2008. BitLocker helps address threats that may be caused by data theft or exposure from lost or stolen computers. Data on a lost or stolen computer is vulnerable to unauthorized access if a software program is run on the computer or if the computer's hard disk drives are transferred to a different computer. BitLocker helps reduce unauthorized data access by improving file and system protections. BitLocker also helps make data inaccessible when BitLocker-protected computers are decommissioned or recycled.

BitLocker enables an IT administrator to encrypt the operating system volume and additional volumes on a Windows Server 2008-based computer.


By default, BitLocker is not installed in Windows Server 2008. You must add BitLocker from the Server Manager page in Windows Server 2008. After you install and configure BitLocker, you must restart the server to enable the features that BitLocker provides.

You can use BitLocker to encrypt the volumes that host Exchange 2007 database files and transaction log files. Additionally, because the Exchange Storage Engine (ESE) works well with BitLocker, you do not experience a significant performance penalty when you encrypt the volumes that host the Exchange database files and transaction log files.


Because the ESE is the Exchange component that is most sensitive to hard disk drive write issues, Microsoft Support Engineers perform exhaustive testing with the Exchange 2007 ESE on BitLocker-encrypted volumes.

Because of rigorous testing and because of the integration of BitLocker in Windows Server 2008, Microsoft Customer Support Services fully supports Exchange 2007 for use with BitLocker-encrypted volumes.

More Information

For more information about BitLocker Drive Encryption and about how to deploy BitLocker, see BitLocker Drive Encryption.