Securing Emails with Office 365 Message Encryption (OME)

by | Nov 23, 2016 | Collaboration | 0 comments

Sharing sensitive information is problematic for many organizations.  Email encryption is one way to address the problem.  Office 365 Message Encryption (OME) is a feature that when leveraged, can prevent certain emails from being accessible even at-rest in a mailbox.

Determining what should be encrypted

Most organizations have a policy that dictates what type of communications should be encrypted. In addition, you may want to have a manual option for users to force email encryption.  Some common matching techniques we have implemented are:

  • Changing the sensitivity setting of an email to “confidential” to allow manual forced encryption
  • Matching pre-defined keywords in Office 365’s Data Loss Prevention (DLP) templates
  • Matching a specific keyword in the subject such as “[fusion_builder_container hundred_percent=”yes” overflow=”visible”][fusion_builder_row][fusion_builder_column type=”1_1″ background_position=”left top” background_color=”” border_size=”” border_color=”” border_style=”solid” spacing=”yes” background_image=”” background_repeat=”no-repeat” padding=”” margin_top=”0px” margin_bottom=”0px” class=”” id=”” animation_type=”” animation_speed=”0.3″ animation_direction=”left” hide_on_mobile=”no” center_content=”no” min_height=”none”][Secure]” to allow manual forced encryption and highlight that the message is secure in the subject

What is the recipient experience like?

The recipient will receive an email that looks like this:

Office 365 Message Encryption (OME)

If you’re on a PC, you can download the file and launch it in your browser.  Additionally, there are apps for iPhone and Android devices.

Upon opening the message, you are taken to the OME Portal and will need to authenticate using a Microsoft account that is associated with your email address.  Recipients that do not have an account or do not want to set one up can request a one-time code that will get emailed to them.

Once properly authenticated, the encrypted message is available to view and you are able to act on the message normally with reply, reply-all, and forward.  It is important to note that all responses are automatically encrypted as well.

Customize the recipient experience

Microsoft allows you to do some branding on the OME portal as well as with the outgoing emails.

Items that you can customize:

  • Introductory text of the email that contains the encrypted message
  • Disclaimer text of the email that contains the encrypted message
  • Portal text that will appear in the message viewing portal
  • Logo that will appear in the email message and viewing portal

Encrypting messages helps meet organization security or compliance requirements, as well as reassuring your clients and partners that you want to protect information they may care about.  If you need assistance in defining the necessary rules, branding or testing OME, email, we are happy to help.