Office 365, Email, Exchange, Outlook Message Encryption and Certificates
About Outlook Message Encryption and Certificates
Office 365 email has a new feature called Office 365 Message
Encryption (OME), which offers better security for sending restricted data. The
new “Encrypt” feature in Outlook web client and “confidential” or “permission”
setting in the Outlook desktop client allow you to send restricted data. These
features improve email security, but it should be noted that email is the least
preferred mechanism for sending or storing restricted data. For recommendations
on storing or transmitting Sensitive or High Risk data please reference this
Office 365 Message Encryption (OME) allows you to send and receive encrypted email messages between people inside and outside our organization. Office 365 Message Encryption works with Office 365, Yahoo!, Gmail, and other email services. Email message encryption helps ensure that only intended recipients can view message content.
Why would I want to use message encryption?
To help prevent your email or documents from being shared to people other than you intended.
Can internal/external mail systems interact with encrypted messages?
Yes, but the behavior will depend on the encryption type and if the recipient is internal or external to Office 365.
What encryption types are available to me and what do they mean?
Encrypt Only: The message is encrypted but no restrictions are placed on the message.
Do Not Forward: Only the recipients of the email or document (data file) will be able to view and reply. They cannot forward or share with other people or print. Even if someone you did not specifically give permission to access the file gets it, he or she will not be able to view the contents, because the policy is checked upon opening and the information is encrypted the entire time.
Confidential: Only people in our Office 365 tenant can access the content, make edits, and share with others inside our implementation of Office 365.
Confidential View Only: Only people in our Office 365 tenant can view this content but cannot edit or change it in any way. They can print and share with others inside our implementation of Office 365.
What clients can be used to send encrypted messages?
Outlook on web and Outlook desktop client
What can I do when I receive an encrypted message?
The first time that you open a message that uses restricted permission, Outlook may connect to a licensing server to verify your credentials and download a use license. The use license defines the level of access that you have to a file. After the certificate is installed, you can view the contents of the message by opening the message.
If you are using a Microsoft Outlook client, you will only be able to perform the actions defined by the message encryption permission set by the sender. If you are using a non-Microsoft Outlook client, you will be prompted to sign into your Office 365 account to view the message.
If you are not a Office 365 user, you will be prompted to sign into Office 365 either with your Google account or via a one-time password.
When replying to an encrypted message via the Office Message encryption portal, it will use the same encryption setting as the original message.
How do I send an encrypted message?
Note: At this time, Outlook for Android/iOS does not have the ability to send encrypted messages.
Using Outlook on the web or desktop:
Open a new email message or reply to an existing message.
Within the message window, click the "Protect" or "Encrypt" button located at the top of the message window. Then select the level of protection desired.
Verifying Identity with Email S/MIME Certificate
At this time the Exchange Team nor the University Certificate Manager support the creation or distribution of S/MIME Certificates for Email Identity Verification.
If a certificate is necessary for communication please contact firstname.lastname@example.org for assistance.