In this techtip, we’ll go over a couple of points about email encryption in Office 365.
First off, I’d like to note that encryption comes “standard” with the E3 licenses, meaning that you don’t have to bolt it on for any of your users. (It’s an extra cost for other license subscriptions.) Everyone is able to use it right away. Secondly, the feature doesn’t really have an on/off switch, meaning that users can’t just decide to encrypt this message, but not that one. (Not without a little bit of administrative creativity, which we’ll cover in a second.)
Let’s consider for a second the business case you need to make for enabling encryption in the first place (this is important) - why do you need encryption? To whom do you need to send encrypted emails to? Is it only some messages, or all of them? Do you want or need to give your users control over whom they send encrypted messages to? Your answers to these questions will dictate “how” you enable outbound encryption.
To start, get logged into MOP as a Global Administrator, click Service Settings, and then click the Exchange Admin Center link near the bottom of the page to get into the EAC.
Once in the EAC, click Mail Flow, and then click the (+) button, and then click Apply rights protection to messages…
Here’s where the answers to the business case questions come into play. This is obviously not an all-encompassing list, but here are a couple of example scenarios.
Scenario 1: All messages going to everonit.com need to be encrypted per regulations.
- From the first drop-down: The recipient -> domain is
- Fill in the domain (example: everonit.com), click the (+) sign, and then click OK
- In the second drop-down: Modify the message security -> Apply Office 365 Message Encryption
- Leave the rest of the options as is, unless you need to change them
- Click Save
Scenario 2: The end users need to be able to choose which outbound messages they encrypt.
There may be other ways to trigger this one, but I’m going to use the subject line trigger, as it’s fairly easy to use and remember. When sending an email that the user wants to encrypt, they simply need to append the word SECURE: (followed by a colon) to the subject.
- From the first drop down: The subject or body… -> subject includes any of these words
- Type SECURE: , click the (+) sign, and then click OK
- In the second drop-down: Modify the message security -> Apply Office 365 Message Encryption
- Leave the rest of the options as is, unless you need to change them
- Click Save
That’s it! The encryption/decryption is hosted on the Exchange Online side, so when the recipient receives the encrypted email, they receive a message with an attachment containing instructions on how to decrypt and then open the email!