Previously I've described how messages are protected by using the ProtectionLevel attribute to specify the minimum level of protection. If you don't specify a protection level explicitly, then you'll get one by default that is computed based on the binding. This default protection level is the maximum protection level that the binding can achieve with the configuration that you've given it. Every configuration is going to be different so the only way to definitively know your protection level is to check. If you start with one of the standard bindings though, then here's what your protection level will be assuming that you haven't applied any configuration changes. BasicHttpBinding: None BasicHttpContextBinding: None NetNamedPipeBinding: EncryptAndSign NetPeerTcpBinding: None NetTcpBinding: EncryptAndSign NetTcpContextBinding: EncryptAndSign WebHttpBinding: None WSDualHttpBinding: EncryptAndSign WSFederationHttpBinding: EncryptAndSign WSHttpBinding: EncryptAndSign WSHttpContextBinding: EncryptAndSign WS2007FederationHttpBinding: EncryptAndSign WS2007HttpBinding: EncryptAndSign Next time: Running Setup with Pkgmgr Read More...