Back

Office 365 Message Encryption

Send encrypted emails to anyone through Office 365Microsoft has announced that Exchange Hosted Encryption will be replaced by Office 365 Mess...

4 min read
Published on Feb 7, 2014
Office 365 Message Encryption

Send encrypted emails to anyone through Office 365

Microsoft has announced that Exchange Hosted Encryption will be replaced by Office 365 Message Encryption. This is a service that allows the sending of encrypted emails outside an organization. Typically, email encryption is only available within an organization and can be difficult or limited to sending to outside addresses. Now, with Office 365 emails can be sent encrypted to any destination whether it be Gmail, Squirrel Mail, Yahoo, Hotmail, Exchange server, or countless others. This encryption also works with Office 365 mailboxes as well as others that use the Exchange Online Protection. This service brings encryption functionality to Office 365 users through Microsoft and eliminates the need to use third party add-ons.

With growing demands for higher levels of security, this message encryption service will fill requirements for sending and receiving encrypted emails. Many organizations will find this service useful as they press forward in the ever changing world of technology to fill the need for added security. Encrypted emails protect information and prevent spoofing and interception from hackers.

The message encryption in this capability is an updated version of Exchange Hosted Encryption (EHE) which includes the same capability as previous versions but also includes additional features. One of the new features allows you to use your organization’s branding to encrypted messages. This feature gives your messages a custom look and promotes your company branding which may be required depending on the content and customer receiving the message.

The soon-to-be-released encryption is a free addition to Office 365 E3 and E4 users. The encryption is also included free in Windows Azure Rights Management in the standalone version as well as the version included in E3 and E4. For users on other plans, a small cost of $2 per month per user will make the complete solution available for both internal and external information protection. This protection includes Do Not Forward for internal users in addition to the new capability to encrypt outbound messages to anyone. The need for certificates is eliminated through this service as the recipient’s email address serves as the public key.

The Office 365 Message Encryption works by administrators establishing transport rules that apply to Office 365 Message Encryption when an email matches certain criteria. A web-based interface can be used to manage transport rules. Transport rules are easily established by selection the option to apply encryption or remove encryption in the Exchange admin center. This setting required several setup steps in EHE but is now much more simplified.

After the rules are established, anyone that sends a message matching the criteria will be encrypted with the Office 365 Message Encryption protection. Messages sent from that point on will be encrypted before it is delivered to external mail servers to prevent tampering. The external mail receiver will see an encrypted attachment and instructions on how to view the message. The attachment can be opened from the inbox and will come with instructions for authenticating the message through the sender’s Microsoft or Office 365 account ID. The interface of the Message is based on the Outlook Web App where you can perform quick tasks like forward, insert, attach, reply, etc. For an additional layer of security, when the recipient replies or forwards the encrypted message it becomes encrypted as well. Message replies not sent through Office 365 Message Encryption will not be encrypted, however.

The custom branding option in Office 365 Message Encryption allows for custom branding on company encrypted messages as well as on the portal where message viewing is permitted. The customization can include the company logo as well as extending header text, disclaimers, and portal text. PowerShell cmdlets can be used by administrators to create the branding for images and text.

Office 365 Message Encryption will be available sometime in the first quarter of 2014. Existing EHE users will be upgraded to the Office 365 Message Encryption within the same time. The EHE Upgrade Center provides further information about this upgrade.

Office 365 Message Encryption will work together to provide email protection both in transition and at rest. Transport Layer Security (TLS) encryption is used to encrypt data between mail servers. Secure Sockets Layer (SSL) encryption uses two encryption keys, public and private, to transmit private files. BitLocker encrypts data in datacenters and on hard drives in case someone does manage to gain unauthorized access to a machine they will not be able to decipher the information. Windows Azure Rights Management in Office 365 protects sensitive data from being copied, printed, or forwarded by unauthorized users external to a company. These along with other types of encryption are used in Office 365 Message Encryption to assist you in sending confidential messages and protect your information without having to use third party encryption keys and reduce the administrative time it takes to establish encrypted messages.

This post has matured and its content may no longer be relevant beyond historical reference. To see the most current information on a given topic, click on the associated category or tag.

Related Posts

Critical Data Backup in Azure | Identify & Protect What Matters

Identifying Critical Data and Applications for Backup in Azure

Learn how to identify and prioritize your critical data and applications for backup in Azure to reduce risk, ensure business continuity, and meet compliance requirements.

Oct 3, 2025
5 min read
Microsoft 365 Backup Compliance | Key Risks & Best Practices

Compliance Considerations When Backing Up Microsoft 365 Data

Ensure your Microsoft 365 backups meet compliance requirements for CMMC, NIST 800-171, and other regulations. Learn key considerations to avoid violations.

Oct 3, 2025
6 min read
Azure Backup Needs Assessment | Plan Your Cloud Data Protection

Assessing Your Organization's Backup Needs for Azure Workloads

Learn how to assess your backup needs for Azure workloads, from compliance and recovery objectives to choosing the right tools for data protection and resilience.

Sep 26, 2025
6 min read
CUI Compliance and the Role of MSPs

Overview of CUI Compliance and the Role of MSPs

Explore the essentials of CUI compliance and how MSPs support DFARS, NIST 800-171, and ITAR requirements through secure IT services and expert guidance.

Sep 26, 2025
7 min read
Evaluating Data Retention Policies for Microsoft 365 and Azure

Evaluating Data Retention Policies for Microsoft 365 and Azure

Learn how to evaluate and manage data retention policies in Microsoft 365 and Azure to meet compliance, security, and operational needs.

Sep 26, 2025
6 min read
How MSPs Help Meet CUI Compliance Requirements

How MSPs Help Organizations Meet CUI Compliance Requirements

Learn how MSPs help organizations meet CUI compliance by offering expertise, secure environments, and ongoing support for DFARS and NIST 800-171 standards.

Sep 26, 2025
7 min read

Ready to Secure and Defend Your Data
So Your Business Can Thrive?

Fill out the form to see how we can protect your data and help your business grow.

Loading...
Secure. Defend. Thrive.

Let's start a conversation

Discover more about Agile IT's range of services by reaching out.

Don’t want to wait for us to get back to you?

Schedule a Free Consultation

Location

Agile IT Headquarters
4660 La Jolla Village Drive #100
San Diego, CA 92122