Office 365 Message Encryption

This post has matured and may no longer be accruate, but we leave it here as it may still be useful. You might want to click on the associated category or tag to find something newer.

Send encrypted emails to anyone through Office 365

Microsoft has announced that Exchange Hosted Encryption will be replaced by Office 365 Message Encryption. This is a service that allows the sending of encrypted emails outside an organization. Typically, email encryption is only available within an organization and can be difficult or limited to sending to outside addresses. Now, with Office 365 emails can be sent encrypted to any destination whether it be Gmail, Squirrel Mail, Yahoo, Hotmail, Exchange server, or countless others. This encryption also works with Office 365 mailboxes as well as others that use the Exchange Online Protection. This service brings encryption functionality to Office 365 users through Microsoft and eliminates the need to use third party add-ons.

With growing demands for higher levels of security, this message encryption service will fill requirements for sending and receiving encrypted emails. Many organizations will find this service useful as they press forward in the ever changing world of technology to fill the need for added security. Encrypted emails protect information and prevent spoofing and interception from hackers.

The message encryption in this capability is an updated version of Exchange Hosted Encryption (EHE) which includes the same capability as previous versions but also includes additional features. One of the new features allows you to use your organization’s branding to encrypted messages. This feature gives your messages a custom look and promotes your company branding which may be required depending on the content and customer receiving the message.

The soon-to-be-released encryption is a free addition to Office 365 E3 and E4 users. The encryption is also included free in Windows Azure Rights Management in the standalone version as well as the version included in E3 and E4. For users on other plans, a small cost of $2 per month per user will make the complete solution available for both internal and external information protection. This protection includes Do Not Forward for internal users in addition to the new capability to encrypt outbound messages to anyone. The need for certificates is eliminated through this service as the recipient’s email address serves as the public key.

The Office 365 Message Encryption works by administrators establishing transport rules that apply to Office 365 Message Encryption when an email matches certain criteria. A web-based interface can be used to manage transport rules. Transport rules are easily established by selection the option to apply encryption or remove encryption in the Exchange admin center. This setting required several setup steps in EHE but is now much more simplified.

After the rules are established, anyone that sends a message matching the criteria will be encrypted with the Office 365 Message Encryption protection. Messages sent from that point on will be encrypted before it is delivered to external mail servers to prevent tampering. The external mail receiver will see an encrypted attachment and instructions on how to view the message. The attachment can be opened from the inbox and will come with instructions for authenticating the message through the sender’s Microsoft or Office 365 account ID. The interface of the Message is based on the Outlook Web App where you can perform quick tasks like forward, insert, attach, reply, etc. For an additional layer of security, when the recipient replies or forwards the encrypted message it becomes encrypted as well. Message replies not sent through Office 365 Message Encryption will not be encrypted, however.

The custom branding option in Office 365 Message Encryption allows for custom branding on company encrypted messages as well as on the portal where message viewing is permitted. The customization can include the company logo as well as extending header text, disclaimers, and portal text. PowerShell cmdlets can be used by administrators to create the branding for images and text.

Office 365 Message Encryption will be available sometime in the first quarter of 2014. Existing EHE users will be upgraded to the Office 365 Message Encryption within the same time. The EHE Upgrade Center provides further information about this upgrade.

Office 365 Message Encryption will work together to provide email protection both in transition and at rest. Transport Layer Security (TLS) encryption is used to encrypt data between mail servers. Secure Sockets Layer (SSL) encryption uses two encryption keys, public and private, to transmit private files. BitLocker encrypts data in datacenters and on hard drives in case someone does manage to gain unauthorized access to a machine they will not be able to decipher the information. Windows Azure Rights Management in Office 365 protects sensitive data from being copied, printed, or forwarded by unauthorized users external to a company. These along with other types of encryption are used in Office 365 Message Encryption to assist you in sending confidential messages and protect your information without having to use third party encryption keys and reduce the administrative time it takes to establish encrypted messages.