This article was originally published on Microsoft’s TechNet website by Matt Soseman
Have you ever needed to send an email to someone, but didn’t want them to forward the email nor copy sensitive text out of the attachment or email? You probably only want the intended recipient to view the email, and not accessible to anyone else. In other words, you probably want that email to be encrypted. If you are an Office 365 subscriber – you have this capability today: Office 365 Message Encryption (OME)! Would this be useful in your environment? If so, read on…
OME enables only the intended recipient to open the message using their identity: Azure AD, Office 365, Microsoft Account, Gmail, or a One Time Passcode (OTP). Once accessed, they can read the email but based on your policy they cannot forward the email – and they have read only of the attachments (and cannot download the attachments).
Let’s take a look at the user experience and what OME is all about!
IMPORTANT: For the full technical documentation on how to setup and the IT Admin configuration that is required see: Office 365 Message Encryption and Set up new Office 365 Message Encryption capabilities for more information.
Sending the email:
I am going to send an email to a Gmail account. Office 365 Message Encryption in my environment is configured using a Mail Flow rule in Exchange Online to apply encryption to any email leaving my organization that has the key words of Sales Quote. I am also going to send the same email to a Outlook.com account. I’ll explain later why the two accounts.
The message will now be received at Gmail and Outlook.com. Note the experience (subject line and body of message) in Gmail:
The email is encrypted. To view its contents I am going to click “Read the message”. A new browser window will appear asking me to authenticate. From here I can use my Gmail (Google) credentials to view the email– or a One Time Passcode emailed to me:
For purposes of this demo I am going to click Or,sign in with a one-time passcode. The OTP will be emailed to me:
Next, I am going to type in the OTP to gain access to the encrypted email:
Once I have authenticated using the OTP, I can now view the contents of the encrypted email. Notice how the Forward button is grayed out and the email is only viewable in the browser. Even right click functionality is disabled!
If I try to open the attached document, I can download it, but once opened I can view the text but cannot cut/copy text out of the document (it is protected). Also, notice how I cannot take a screen shot – it’s blacked out!
Pretty cool huh? Remember I also sent the same email to an Outlook.com address.
IMPORTANT: Outlook.com and Azure AD (Office 365) subscribers, will never have to authenticate using a OTP or have a secure browser session – pass thru authentication will enable the recipient to view the email within the email application. Here’s what this looks like in Outlook.com without having to take any additional action to read the encrypted email (note the forward button is also grayed out)
Conclusion:
Depending on you business scenario Office 365 Message Encryption may help you to stay compliant and ensure that only intended recipient can view your email, and stay confident the information in the email will be protected. Enjoy!