Office 365 Message Encryption Offers a Major Upgrade to Email Encryption

Office 365 Message Encryption Offers a Major Upgrade to Email Encryption

Office 365 Message Encryption (OME) capabilities can now allow organizations to share a protected email with anyone on any device. This is a game-changer for your company’s security and collaboration efforts.

Have you seen the new capabilities of Office 365 Message Encryption? It’s a major upgrade, and it can help your organization significantly by taking away a big headache. People use email every day to exchange sensitive information – financials, contracts, confidential product information, customer or employee information, and more. Because of this, mailboxes can become repositories for all kinds of confidential information that you do not want to leak. This kind of information leakage is a serious threat to your organization’s security.

Most organizations don’t take the necessary actions on security until it’s too late, but a security breach could cost millions, drive away customers, disrupt your business, and become a PR nightmare. So how can organizations collaborate and stay secure? The new Office 365 Message Encryption (OME) capabilities allow organizations to share a protected email with anyone on any device.

Email Encryption

Encryption is the process of encoding information so that only authorized recipients can access the information. Here's how email encryption typically works:

  1. A message is encrypted into unreadable ciphertext, either on the sender's machine or by a central server while the message is in transit.
  2. The message remains in ciphertext while it's in transit in order to protect it from being compromised if intercepted.
  3. Once the message is received by the recipient, the message is transformed back into readable plain text in one of two ways:
    • The recipient's machine uses a key to decrypt the message
    • A central server decrypts the message on behalf of the recipient once it validates their identity

What’s New?

The new feature continues to make email secure, but eases the burden on recipients by automatically decrypting the message for other authenticated 365 users! Previously, if you wanted to send an encrypted message to someone outside of your organization, you had to install the Office Message Encryption add-in to encrypt your emails. With the latest updates to Office 365, users are provided the same experience securing messages both inside and outside the organization, so the sender doesn't have to worry about choosing the right encryption method.

The number one new feature is that unlike the previous versions of Microsoft’s OME, the new capabilities provide a more unified user experience by allowing mail to be sent to people in your organization and to recipients outside of Office 365. What’s even better, is when the recipients receive an encrypted email in an Office 365 or Outlook account, there are no actions they need to take – it works seamlessly.

For recipients using other email clients –like Yahoo or Gmail— they will see improvements as well by receiving a limited-time web-view link that will let them read the message. There's no software to install – see the example below.

Sarah is sending an encrypted message to Heather – Sarah uses Office 365 but Heather uses Gmail.

Step 1 - Sarah composes an email to Heather, selects Options > Permission, chooses the appropriate permission level, and then sends the message. 

Step 2 – Heather receives the message in Gmail. She clicks on the limited-time web link, signs in with Google, and gives her consent for Gmail to access the link.

Step 3 – Heather is able to view the encrypted message securely from the web-view link.

Office 365 Message Encryption comparison chart

How Does It Work?

Office 365 Message Encryption is an online service that's built on Microsoft Azure Rights Management (Azure RMS) which is part of Azure Information Protection. This includes encryption, identity, and authorization policies to help secure your email. You can encrypt messages by using rights management templates:

  • Option One: Do Not Forward – when this option is applied to an email, the email is encrypted and recipients must be authenticated. Then, the recipients cannot forward it, print it, or copy from it.
  • Option Two: Encrypt-Only – When this option is selected, the email is encrypted and recipients must be authenticated. Then, the recipients have all usage rights except Save As, Export and Full Control.

Azure Information Protection

Azure Rights Management (RMS) is the protection technology used by Azure Information Protection (AIP) and is required in order to use the new OME capabilities. AIP also has a ton of other features that make it valuable to company security.

AIP is a solution that helps an organization to classify and protect its documents and emails by applying labels. Labels can be applied automatically by administrators who define rules and conditions, manually by users, or a combination where users are given recommendations. For example, an administrator could configure a label with rules that detect sensitive data. When a user saves a Word document that contains a credit card number, for instance, she’ll see a custom tooltip that recommends the appropriate label to classify and protect that document.

The Interlink Exclusive

Office 365 E3 and Office 365 E5 plans have outbound email encryption included in their plan – but Microsoft doesn’t make it easy. They require a keyword in the subject line of an email to trigger the encryption. No matter which word you pick, it’s likely your end-users will struggle to remember it and use it.

Luckily, Interlink has developed a button that offers security, simplicity, and savings… and we can’t find anything else on the market like it. Once added, our button goes right into the Outlook ribbon as a plug-in and shows up in both the main ribbon and in any new email. For a one-time cost, Interlink will install this button and it can be with on-premise Exchange or Office 365 deployments.

All the security options can be a lot to digest, so if you’re struggling with where to start or what to do, Interlink can help with this project from start to finish. From consulting on Azure Information Protection, setting up the new message encryption, or installing our own encryption button – we can cover it all. For questions, inquiries or more information, give us a call.

Interested in learning more? View our similar blog: Office 365 Cloud App Security: Get Security Visibility in the Cloud.

ICA Vector Full logo Blue


Start Planning for Governance in Teams: Top 5 Factors to Consider
Azure Sentinel is Now Available

Related Posts