Back

Office 365 Message Encryption

Send encrypted emails to anyone through Office 365Microsoft has announced that Exchange Hosted Encryption will be replaced by Office 365 Mess...

4 min read
Published on Feb 7, 2014
office-365-message-encryption

Send encrypted emails to anyone through Office 365

Microsoft has announced that Exchange Hosted Encryption will be replaced by Office 365 Message Encryption. This is a service that allows the sending of encrypted emails outside an organization. Typically, email encryption is only available within an organization and can be difficult or limited to sending to outside addresses. Now, with Office 365 emails can be sent encrypted to any destination whether it be Gmail, Squirrel Mail, Yahoo, Hotmail, Exchange server, or countless others. This encryption also works with Office 365 mailboxes as well as others that use the Exchange Online Protection. This service brings encryption functionality to Office 365 users through Microsoft and eliminates the need to use third party add-ons.

With growing demands for higher levels of security, this message encryption service will fill requirements for sending and receiving encrypted emails. Many organizations will find this service useful as they press forward in the ever changing world of technology to fill the need for added security. Encrypted emails protect information and prevent spoofing and interception from hackers.

The message encryption in this capability is an updated version of Exchange Hosted Encryption (EHE) which includes the same capability as previous versions but also includes additional features. One of the new features allows you to use your organization’s branding to encrypted messages. This feature gives your messages a custom look and promotes your company branding which may be required depending on the content and customer receiving the message.

The soon-to-be-released encryption is a free addition to Office 365 E3 and E4 users. The encryption is also included free in Windows Azure Rights Management in the standalone version as well as the version included in E3 and E4. For users on other plans, a small cost of $2 per month per user will make the complete solution available for both internal and external information protection. This protection includes Do Not Forward for internal users in addition to the new capability to encrypt outbound messages to anyone. The need for certificates is eliminated through this service as the recipient’s email address serves as the public key.

The Office 365 Message Encryption works by administrators establishing transport rules that apply to Office 365 Message Encryption when an email matches certain criteria. A web-based interface can be used to manage transport rules. Transport rules are easily established by selection the option to apply encryption or remove encryption in the Exchange admin center. This setting required several setup steps in EHE but is now much more simplified.

After the rules are established, anyone that sends a message matching the criteria will be encrypted with the Office 365 Message Encryption protection. Messages sent from that point on will be encrypted before it is delivered to external mail servers to prevent tampering. The external mail receiver will see an encrypted attachment and instructions on how to view the message. The attachment can be opened from the inbox and will come with instructions for authenticating the message through the sender’s Microsoft or Office 365 account ID. The interface of the Message is based on the Outlook Web App where you can perform quick tasks like forward, insert, attach, reply, etc. For an additional layer of security, when the recipient replies or forwards the encrypted message it becomes encrypted as well. Message replies not sent through Office 365 Message Encryption will not be encrypted, however.

The custom branding option in Office 365 Message Encryption allows for custom branding on company encrypted messages as well as on the portal where message viewing is permitted. The customization can include the company logo as well as extending header text, disclaimers, and portal text. PowerShell cmdlets can be used by administrators to create the branding for images and text.

Office 365 Message Encryption will be available sometime in the first quarter of 2014. Existing EHE users will be upgraded to the Office 365 Message Encryption within the same time. The EHE Upgrade Center provides further information about this upgrade.

Office 365 Message Encryption will work together to provide email protection both in transition and at rest. Transport Layer Security (TLS) encryption is used to encrypt data between mail servers. Secure Sockets Layer (SSL) encryption uses two encryption keys, public and private, to transmit private files. BitLocker encrypts data in datacenters and on hard drives in case someone does manage to gain unauthorized access to a machine they will not be able to decipher the information. Windows Azure Rights Management in Office 365 protects sensitive data from being copied, printed, or forwarded by unauthorized users external to a company. These along with other types of encryption are used in Office 365 Message Encryption to assist you in sending confidential messages and protect your information without having to use third party encryption keys and reduce the administrative time it takes to establish encrypted messages.

This post has matured and its content may no longer be relevant beyond historical reference. To see the most current information on a given topic, click on the associated category or tag.

Related Posts

What Is a POAM?

What Is a POAM?

Learn how a Plan of Action and Milestones (POAM) helps meet NIST 800-171 & DFARS compliance. Understand its role in FedRAMP, security categorization, and risk mitigation.

Apr 8, 2025
8 min read
Best Cybersecurity Practices for Achieving CMMC Compliance

Best Cybersecurity Practices for Achieving CMMC Compliance

Achieving CMMC cybersecurity compliance requires strong security controls. Learn best practices for securing your IT environment, protecting CUI, and implementing MFA.

Apr 7, 2025
6 min read
8-pranks-for-windows-11-happy-april-fools

8 Pranks for Windows 11 - Happy April Fools!

Happy April Fools Day The day of the year when some IT staff think it might be humorous to do something to generate hundreds of support tickets for ...

Apr 1, 2025
3 min read
Office 365 License Comparison: Business Plans Vs. E5, E3 and E1

GCC High Vs GCC for Protecting CUI with CMMC

Learn the key differences between GCC and GCC High for handling CUI under CMMC, DFARS, and NIST 800-171. Find out which cloud meets your compliance needs.

Mar 31, 2025
4 min read
Risks of not using a CMMC RPO

The Risks of Not Using a CMMC RPO for Compliance and Certification Readiness

A CMMC RPO helps organizations prepare for certification and avoid compliance failures. Learn why working with an RPO is essential for achieving CMMC compliance.

Mar 20, 2025
8 min read
CMMC 2.0 Require GCC High for Compliance

Does CMMC 2.0 Require GCC High for Compliance?

Does CMMC 2.0 require GCC High? Learn the cloud options for compliance, data security, and protecting CUI under NIST 800-171 and DFARS.

Mar 17, 2025
10 min read

Ready to Secure and Defend Your Data
So Your Business Can Thrive?

Fill out the form to see how we can protect your data and help your business grow.

Loading...
Secure. Defend. Thrive.

Let's start a conversation

Discover more about Agile IT's range of services by reaching out.

Don't want to wait for us to get back to you?

Schedule a Free Consultation

Location

Agile IT Headquarters
4660 La Jolla Village Drive #100
San Diego, CA 92122

Secure. Defend. Thrive.

Don't want to wait for us to get back to you?

Discover more about Agile IT's range of services by reaching out

Schedule a Free Consultation