Back

Office 365 Message Encryption

Send encrypted emails to anyone through Office 365Microsoft has announced that Exchange Hosted Encryption will be replaced by Office 365 Mess...

4 min read
Published on Feb 7, 2014
office-365-message-encryption

Send encrypted emails to anyone through Office 365

Microsoft has announced that Exchange Hosted Encryption will be replaced by Office 365 Message Encryption. This is a service that allows the sending of encrypted emails outside an organization. Typically, email encryption is only available within an organization and can be difficult or limited to sending to outside addresses. Now, with Office 365 emails can be sent encrypted to any destination whether it be Gmail, Squirrel Mail, Yahoo, Hotmail, Exchange server, or countless others. This encryption also works with Office 365 mailboxes as well as others that use the Exchange Online Protection. This service brings encryption functionality to Office 365 users through Microsoft and eliminates the need to use third party add-ons.

With growing demands for higher levels of security, this message encryption service will fill requirements for sending and receiving encrypted emails. Many organizations will find this service useful as they press forward in the ever changing world of technology to fill the need for added security. Encrypted emails protect information and prevent spoofing and interception from hackers.

The message encryption in this capability is an updated version of Exchange Hosted Encryption (EHE) which includes the same capability as previous versions but also includes additional features. One of the new features allows you to use your organization’s branding to encrypted messages. This feature gives your messages a custom look and promotes your company branding which may be required depending on the content and customer receiving the message.

The soon-to-be-released encryption is a free addition to Office 365 E3 and E4 users. The encryption is also included free in Windows Azure Rights Management in the standalone version as well as the version included in E3 and E4. For users on other plans, a small cost of $2 per month per user will make the complete solution available for both internal and external information protection. This protection includes Do Not Forward for internal users in addition to the new capability to encrypt outbound messages to anyone. The need for certificates is eliminated through this service as the recipient’s email address serves as the public key.

The Office 365 Message Encryption works by administrators establishing transport rules that apply to Office 365 Message Encryption when an email matches certain criteria. A web-based interface can be used to manage transport rules. Transport rules are easily established by selection the option to apply encryption or remove encryption in the Exchange admin center. This setting required several setup steps in EHE but is now much more simplified.

After the rules are established, anyone that sends a message matching the criteria will be encrypted with the Office 365 Message Encryption protection. Messages sent from that point on will be encrypted before it is delivered to external mail servers to prevent tampering. The external mail receiver will see an encrypted attachment and instructions on how to view the message. The attachment can be opened from the inbox and will come with instructions for authenticating the message through the sender’s Microsoft or Office 365 account ID. The interface of the Message is based on the Outlook Web App where you can perform quick tasks like forward, insert, attach, reply, etc. For an additional layer of security, when the recipient replies or forwards the encrypted message it becomes encrypted as well. Message replies not sent through Office 365 Message Encryption will not be encrypted, however.

The custom branding option in Office 365 Message Encryption allows for custom branding on company encrypted messages as well as on the portal where message viewing is permitted. The customization can include the company logo as well as extending header text, disclaimers, and portal text. PowerShell cmdlets can be used by administrators to create the branding for images and text.

Office 365 Message Encryption will be available sometime in the first quarter of 2014. Existing EHE users will be upgraded to the Office 365 Message Encryption within the same time. The EHE Upgrade Center provides further information about this upgrade.

Office 365 Message Encryption will work together to provide email protection both in transition and at rest. Transport Layer Security (TLS) encryption is used to encrypt data between mail servers. Secure Sockets Layer (SSL) encryption uses two encryption keys, public and private, to transmit private files. BitLocker encrypts data in datacenters and on hard drives in case someone does manage to gain unauthorized access to a machine they will not be able to decipher the information. Windows Azure Rights Management in Office 365 protects sensitive data from being copied, printed, or forwarded by unauthorized users external to a company. These along with other types of encryption are used in Office 365 Message Encryption to assist you in sending confidential messages and protect your information without having to use third party encryption keys and reduce the administrative time it takes to establish encrypted messages.

This post has matured and its content may no longer be relevant beyond historical reference. To see the most current information on a given topic, click on the associated category or tag.

Related Posts

Risks of not using a CMMC RPO

The Risks of Not Using a CMMC RPO for Compliance and Certification Readiness

A CMMC RPO helps organizations prepare for certification and avoid compliance failures. Learn why working with an RPO is essential for achieving CMMC compliance.

Mar 20, 2025
8 min read
CMMC 2.0 Require GCC High for Compliance

Does CMMC 2.0 Require GCC High for Compliance?

Does CMMC 2.0 require GCC High? Learn the cloud options for compliance, data security, and protecting CUI under NIST 800-171 and DFARS.

Mar 17, 2025
10 min read
Office 365 License Comparison: Business Plans Vs. E5, E3 and E1

CMMC RPO vs a C3PAO: Understanding Their Roles in Compliance

Understanding the difference between an RPO and a C3PAO is crucial for CMMC compliance. Learn why they should be separate and how an RPO helps prepare for certification.

Mar 15, 2025
6 min read
Can You Meet CMMC with Google Workspace?

Can You Meet CMMC with Google Workspace?

Is Google Workspace CMMC compliant? Learn about its DFARS, NIST 800-171, and ITAR limitations and how migrating to GCC High ensures full compliance.

Mar 4, 2025
7 min read
Is Maintaining a GCC High Tenant Worth It for Non-Government

Evaluating the Need for a GCC High Tenant in Non-Government Organizations

Explore whether maintaining a GCC High tenant is necessary for organizations not involved in government work. Understand the pros and cons, costs, and compliance considerations.

Feb 25, 2025
7 min read
Top 10 Reasons to Partner with an MSP for Security and Compliance

Top 10 Reasons to Partner with an MSP for Security and Compliance

Discover why partnering with an MSP for security and compliance is critical for organizations navigating FAR CUI and CMMC requirements.

Feb 21, 2025
8 min read

Ready to Secure and Defend Your Data
So Your Business Can Thrive?

Fill out the form to see how we can protect your data and help your business grow.

Loading...
Secure. Defend. Thrive.

Let's start a conversation

Discover more about Agile IT's range of services by reaching out.

Don't want to wait for us to get back to you?

Schedule a Free Consultation

Location

Agile IT Headquarters
4660 La Jolla Village Drive #100
San Diego, CA 92122

Secure. Defend. Thrive.

Don't want to wait for us to get back to you?

Discover more about Agile IT's range of services by reaching out

Schedule a Free Consultation