World's #1 Microsoft 365 email signature management software

Powered by Microsoft Azure

CodeTwo services are located on Microsoft Azure servers (in 18 different datacenters) which all meet the highest security and availability (SLA) standards. When registering your Microsoft 365 (Office 365) tenant with CodeTwo Email Signatures 365, you are asked to select one out of nine Azure regions for CodeTwo services. This is also where the program’s settings and some of your Entra ID (Azure AD) data are stored. To get signatures in the cloud, your Microsoft 365 email is routed through the CodeTwo service that also sits on Microsoft Azure, which means that emails never leave Microsoft datacenters in the process. If you don’t want your emails routed through our servers, you can use Outlook (client-side) mode that lets you add signatures directly in Outlook. See how it works

OAuth 2.0 protocol safeguards your credentials

CodeTwo Email Signatures 365 uses the OAuth 2.0 protocol for user authorization. Because of that, our software is not required to collect and store any user credentials at any point, and you can be sure that your credentials are never accessed or used by CodeTwo. The access to Microsoft 365 tenant settings is granted according to access tokens issued by Microsoft 365 API and is entirely handled by Microsoft 365 native mechanisms. 

Support for multi-factor authentication

CodeTwo Email Signatures 365 complies with security standards imposed by Microsoft. This also applies to multi-factor authentication (MFA). When enabled for a Microsoft 365 organization, MFA ensures an additional layer of protection when signing in to a Microsoft 365 account. And while connecting CodeTwo Email Signatures 365 to a tenant, there is no need to disable multi-factor authentication on your admin account - MFA is supported. 

TLS encryption and authentication

Every component involved in the email processing pipeline is authenticated with Transport Layer Security (TLS). A TLS certificate is generated individually for your tenant upon its registration, ensuring uninterrupted and secure mail flow. In the cloud (server-side) signature mode, every time a message leaves your Microsoft 365 tenant to be processed by the CodeTwo cloud service, it is filtered by Exchange Online Protection (EOP) mechanisms and verified whether it was forwarded by an authorized server. The same procedure is triggered when processed emails are sent back from CodeTwo to the original tenant. Thanks to this mail processing flow, you can be sure that messages only travel down a secure and verified pipeline and can’t be hijacked by hackers at any point. In the Outlook (client-side) signature mode, the communication between a CodeTwo Outlook Add-in and CodeTwo services is also TLS-protected.

No external endpoints

One of the key aspects of our cloud infrastructure is that it can only be accessed from a closed and protected internal network of Azure servers. We don’t open any public endpoints to any external services. We also don’t use any web services or public API calls. Every communication happens ‘behind closed doors’ and can’t be accessed from the outside. This is ensured by CodeTwo programmatic solutions, as well as by native Azure and Microsoft 365 mechanisms such as Exchange Online Protection (EOP).

Azure region of your choice (ensure legal compliance)

CodeTwo services are available in 18 Azure datacenters spread across 9 regions. During the tenant registration process, you can choose a specific Azure region. This helps you stay compliant with GDPR, HIPAA, CCPA and other U.S. state data privacy laws, as you know exactly where your data is stored and processed. You can decide to keep your signature settings and (if you use cloud/server-side or combo mode) have emails routed through the CodeTwo cloud service located in West US, North Central US, Canada East, North Europe, UK South, Germany West Central, West Europe, Australia East, or UAE North (more regions coming soon).

Encrypted emails supported

Email signatures can be added to protected messages. No matter if you use Microsoft Purview Message Encryption, apply sensitivity labels created in the Azure Information Protection, or digitally sign emails in Outlook (S/MIME), CodeTwo Email Signatures 365 lets you add Outlook (client-side) signatures when composing an email in Outlook desktop, mobile and OWA. This means that the signature itself is encrypted together with the message that you send. Microsoft 365 email encrypted in the cloud will get cloud (server-side) signatures as long as the encryption takes place after your outgoing messages are routed through CodeTwo.

Private storage for your settings

CodeTwo Email Signatures 365 does not store your emails or credentials, but it saves your email rules settings in the Azure cloud, in one of nine different regions of your choice. This storage is private and completely unreachable for any external users or software. Thus, you can be sure that your settings are safe and that only you can create, change, or delete them. 

Your emails are not stored or read

Cloud (server-side) signatures are added when your emails pass through the CodeTwo service. Outlook (client-side) signatures are added to emails directly in Outlook by a dedicated signature add-in, so no additional routing occurs. No matter which signature type you use, your messages are neither stored/logged anywhere nor read by anyone at CodeTwo – the system architecture does not allow any user access to emails. Our Outlook add-in has access only to basic information about an Outlook user, which is necessary to add their correct email signature.

The architecture of our software, our whole IT infrastructure and all access policies are monitored and regularly audited by external security experts including App and IT Security teams from Microsoft (as part of our ongoing Microsoft 365 certification).

The same applies to your Microsoft 365 credentials (see OAuth 2.0 protocol safeguards your credentials).

Built-in resiliency and scalability: 4-layer security

Our services are designed for maximum performance and reliability and are protected by a proprietary 4-layer security system we’ve been developing for years. The HAC (high-availability cluster) load balancing mechanisms implemented in every region can scale our services in real time up to 25 times depending on email traffic. All instances of the services are continuously health-checked, automatically healed and are paired with secondary load-balanced services that can take over immediately. This is further protected by tertiary services in another region in the same geography. And then there’s the final fourth layer - failover services. This modern active-active approach ensures maximum flexibility, resiliency and high availability.

Unnoticeable delay

We wanted to make sure that our services never add more than a few seconds of delay to the email processing time and we reached our goal. The average overhead we observed in cloud (server-side) mode during our extensive tests reached 6 seconds when compared to Microsoft 365 clean setup (with no email relay set up). This means your users will hardly be able to see any delays in email delivery time after you set up our connectors, and the functioning of the application won’t have any impact on their work efficiency. And if you ever need to change any aspect of your signature rule or update a signature template, these changes go live instantly after you save them in CodeTwo Email Signatures 365.

99.99% uptime

Since going live, CodeTwo Email Signatures 365 has consistently maintained a high average uptime of 99.99%. This means that our service matches the highest standards of uptime guaranteed by Microsoft's Cloud services. Moreover, our email signature service is fault tolerant, which means that if it went down, its failover capability would automatically reroute your emails through secondary servers in your region and safely deliver them to final recipients (learn more). On top of that, CodeTwo engineers monitor the program’s behavior and performance 24 hours a day, 7 days a week, to ensure CodeTwo Email Signatures 365 is always kept in peak operating condition. You can view the current state of CodeTwo services in all Azure regions on a dedicated status page.

Role-based access control (RBAC)

CodeTwo Email Signatures 365 lets the administrator assign different types of permissions to the service. Thanks to that, you can let one of your teams (e.g. Marketing) design email signatures for the whole company. Another team could be allowed to manage tenants and subscriptions only. At the same time, you do not have to assign any additional permissions in Microsoft 365, reducing the risk that any team member will make use of elevated privileges to perform any administrative tasks.