Office 365 Email: Message Encryption and Security

Office 365 Email: Message Encryption and Security

In Office 365, you can continue to do what you do to be productive while staying secure. In Exchange Online (the technology that manages your email), for example, you can encrypt your email so that only the intended recipients can read it. You can apply protection to your email so that if it’s confidential, the email can only be read by people within your organization. If someone accidentally forwards or copies a recipient outside the organization on an email marked confidential, that recipient will receive the email but won’t be able to read it.

Ultimately, these email security features are available through the Office 365 Message Encryption (OME) service.

Office 365 Message Encryption Licensing Terms

Office 365 Message Encryption (OME) is part of the Office 365 subscriptions listed as follows. There is no need to purchase additional licenses for users when they are assigned the following subscriptions:

• Office 365 E3 and E5 (Enterprise)
• Enterprise Mobility + E3 Security
• Microsoft 365 E3
• Office 365 A1, A3 and A5 (Education)
• Office 365 G3 and G5 (Government)

If a user’s license doesn’t match any of these subscriptions, you can purchase a standalone subscription called Azure Information Protection Plan 1 for $2 per user per month to enable OME as long as the user’s current license matches one of the following subscriptions:

• Exchange Online Plan 1 or Plan 2
• Office 365 F1 or E1
• Office 365 Business Premium or Business Essentials

Enable email encryption

Email encryption rules can be added to encrypt a message with a specific keyword in the subject or body of the message. The most common way to encrypt a message is to add “Secure” as a keyword in the subject. Note that M365/O365 message encryption works with Outlook.com, Yahoo, Gmail, and other email services. Email encryption ensures that only the intended recipients can see the message content.

• In the Microsoft 365 admin center, click Exchange under Admin centers.

• In the “Mail flow” section, click on rules

• Click the + sign and then click Apply Office 365 Message Encryption
• Then name your rule and Apply this rule if “subject or body includes…” and add the keywords. Here we put “Encrypt”

• In the next part, click “select one” for the RMS model and choose “Encrypt”

• After you register and you can now test. With sending to Gmail:

• Gmail user inbox:

• When the Gmail user saves and opens the attachment (message.html), they can choose to log in with their Google credentials or receive a one-time access code sent to their email.