I'm trying to determine the best solution that allows me to assure our CEO that his Office 365 mailbox cannot be read by anyone, including myself, an admin.
Obviously the mailbox is already locked down for his access only, but I could grant myself access and nose around if I were that way inclined. I'm certainly not, but the sensitivity of the data means we need an airtight solution. Auditing of the mailbox/server is not enough.
I'm thinking that mailbox permissions can never lock an admin out 100%, so some form of encryption of the messages will be required, so that even if I were to access the mailbox, I could not read the messages. He will be sending and receiving emails internally and externally, and uses Outlook on Mac/PC, and iOS to access his emails. I can't account for the external recipients' email clients, and ideally need to avoid any additional client side software.
Please could someone help with a suitable suggestion and give a high-level overview of what the solution entails? If you need more info please let me know.
Many thanks,
You should instead look at auditing access control changes and non-owner access to mailboxes. Office 365 can do this, but only alerts on such incidents at the highest tier E5 plan today.
If this is on your roadmap, then you are practically solved.
There is a reason we refer to elevated accounts as "privileged" - there has to be some implicit level of trust you are granting Administrators as they have the ability to grant themselves access to most of your content.
For "protecting mailbox data" I would enable legal hold on it, all changes to mailbox items are kept and you can't delete items, they are kept until legal hold is removed.
When protecting - a better word is mitigating, against Malicious admins you have to use a combination of Audit controls, Monitoring of those controls, Protected backups, data protection like legal holds, and separation of duties. There is no single best way to protect against this threat - you can only minimize the risk.