Email Encryption with Microsoft 365 and Exchange Online
Did you know that when you send an email to someone else over the internet, that email and its contents, attachments and metadata can be read by any and all servers and nodes it passes through on its way to its destination? It’s like sending a letter through the mail but having each post office employee who handles it open it and look at it. Wow!
This is the main reason why IT professionals like us will encourage you to never use email for sending sensitive information such as passwords, credit card numbers, social security numbers, et cetera. But there is an exception to this rule: encrypted emails can only be read by the sender and the receiver. Now, all of our managed clients with Microsoft 365 Business Premium licensing have access to this awesome new feature!
Read on to learn how to use it and how it works!
How to encrypt emails in Microsoft Outlook
Encrypting emails with your Microsoft 365 account and Microsoft Outlook has never been easier! Follow these simple steps to make sure your sensitive or confidential information is protected when sending it via email!
1. Compose a new message, and then click on the “Options” tab in the ribbon at the top of the composition window:
2. Click the “Encrypt” button in the ribbon that opens, it looks a bit different depending on which version of Outlook you’re using:
Classic Ribbon:
Simplified Ribbon:
New Outlook:
If you click the little downward pointing chevron on the button, you will see additional options, each of which changes the permissions of the email. Here is a brief description of what each means:
· Confidential\All Employees: This option provides all employees with full permission to the email and its contents, but they cannot forward it to anyone outside of the organization.
· Highly Confidential\All Employees: Like above, but employees can only view, edit and reply to the email content, they cannot download it. Both of these two options allow data owners to track and revoke permissions for the email’s content.
· Do Not Forward: The encrypted email can be sent to anyone inside or outside of the organization, and recipients are not able to forward, print or copy the contents of the email.
· Encrypt: The message is encrypted, recipients cannot remove the encryption, but they can forward the encrypted email along to others.
But How Does It Work, Travis?
Good question! When you send an encrypted email, the Microsoft 365 servers use some fancy algorithms and methods to encrypt your email so that it stays encrypted on your PC, as it transmits through the internet, and when it lands on the recipient’s PC, all handled by Microsoft’s Azure Information Protection platform. No matter where the message goes or how it’s transmitted, Azure Information Protection keeps the contents of the email encrypted and safe. Neat!
One of the coolest things about it is its deep integration into the Microsoft platforms. When you send an encrypted email to another Microsoft 365 user also using Outlook or Outlook Online with Azure Information Protection enabled, they are able to see the email just like any other email inside the app, the only difference being a little lock icon in the email header, and depending on which permissions option you chose, some greyed out buttons to reply, forward, print, et cetera.
If you send an encrypted message to someone outside of the Microsoft 365 ecosystem or in a tenant that does not have the licensing for Azure Information Protection, they will receive what is called a “wrapper” email with a link in it taking them to the page where they can read the message. It will look something like this:
The recipient doesn’t even need a Microsoft account to view the email. When they click the link, they receive a second email with a one-time passcode (OTP), which they then enter on the page where the link took them. The encrypted email then appears on their screen, and they can interact with it however they want from there (reply, forward, print, etc., depending on the permissions option selected).
Next time you need to send someone some sensitive information that you don’t want intercepted or compromised, look for the Encrypt button in Outlook! Don’t see it? Not working right? Give us a holler, we’d love to help you get it working for you and your team!