We’re pleased to announce the upcoming release of Office 365 Message Encryption, a new service that lets you send encrypted emails to people outside your company. No matter what the destination-Outlook.com, Yahoo, Gmail, Exchange Server, Lotus Notes, GroupWise, Squirrel Mail, you name it-you can send sensitive business communications with an additional level of protection against unauthorized access. There are many business situations where this type of encryption is essential. We’ve listed just a few.
- A bank sending credit card statements to customers over email.
- An insurance company providing details about the policy to clients.
- A mortgage broker requesting financial information from a customer for a loan application.
- A healthcare provider using encrypted messages to send healthcare information to patients.
- An attorney sending confidential information to a client or another attorney.
- A consultant sending a contract to a client.
- A therapist providing a patient diagnosis to an insurance company.
Office 365 Message Encryption is the new version of Exchange Hosted Encryption (EHE). This version includes all of the capabilities of EHE plus new features, such as the ability to apply your company’s branding to encrypted messages. Like EHE, Office 365 Message Encryption works with Office 365 mailboxes as well as with on-premises mailboxes that use Exchange Online Protection.
Here’s the added good news: Office 365 E3 and E4 users will get Office 365 Message Encryption at no extra cost. We’re including it in Windows Azure Rights Management, which is already part of E3 and E4 plans. We’re also including it in the standalone version of Windows Azure Rights Management, without raising the price of that service. For $2 per user per month you can get a complete solution for internal and external information protection: traditional Rights Management capabilities like Do Not Forward for internal users, plus the new ability to encrypt outbound messages to any recipient.
Let’s take a closer look at how Office 365 Message Encryption works.
Setting up encryption
Administrators set up transport rules to apply Office 365 Message Encryption when emails match specified criteria. Transport rules provide great flexibility and control, and can be managed via a web-based interface or PowerShell.
Setting up the transport rules is simple. Administrators simply select the action to apply encryption or remove encryption in the Exchange admin center. This is an improvement over EHE, which required complex headers and multiple setup steps.
You set up Office 365 Message Encryption rules in the Exchange admin center.
Once the admin sets up the rules, whenever anyone in the company sends a message that matches the conditions, the message is encrypted using Office 365 Message Encryption. The outgoing message is encrypted before it is delivered to the outside mail server to prevent any spoofing or misdirection.
Receiving and responding to encrypted messages
When an external recipient receives an encrypted message from your company, they see an encrypted attachment and an instruction to view the encrypted message.
The encrypted message appears as an attachment in a message in the recipient’s inbox, with instructions for how to view it.
You can open the attachment right from your inbox, and the attachment opens in a new browser window. To view the message, you just follow the simple instructions for authenticating via your Office 365 ID or Microsoft Account.
Once you are authenticated, the content of an encrypted message appears.
The Message Encryption interface, based on Outlook Web App, is modern and easy to navigate. You can easily find information and perform quick tasks such as reply, forward, insert, attach, and so on. As an added measure of protection, when the receiver replies to the sender of the encrypted message or forwards the message, those emails are also encrypted.
When you reply to an encrypted message you’ve received, your reply is also encrypted.
Applying custom branding
Office 365 Message Encryption allows you to customize the branding on your company’s encrypted messages and portal where the message is viewed. The customization is not limited just to your company logo, but can also extend to the text in the header, disclaimer, and the portal text in the sent email.
With Message Encryption, you can customize the disclaimer text and header text in your company’s encrypted emails.
You can also customize your company Logo and portal text that appear in your encrypted emails.
Administrators can use PowerShell cmdlets to set up the branding for these texts and images.
PowerShell can be used to set up different branding texts and logo emails encrypted in Message Encryption.
With Office 365 Message Encryption you can send sensitive information to people outside your organization with the confidence that that information is protected. We’re excited to bring its new capabilities to you, and we look forward to hearing your feedback.