Knowledgebase: Office 365
Office 365 - Message Encryption
Posted by Lewis Purver, Last modified by Lewis Purver on 17 September 2019 02:54 PM


How can I send encrypted Messages using Office 365?


How to Encrypt a Message

To encrypt a message with OWA, click the Protect button in the New Message window, then click Change Permissions in the message bar, and then select “Encrypt” from the set of available templates (Figure 1).

Office 365 Message Encryption
Figure 1: Encrypting a message with OWA (image credit: Tony Redmond)

You can read encrypted messages using Outlook for iOS or Android, but you cannot create encrypted messages from these clients.

Automatic Decryption for Some Clients

Decryption is automatic if your mailbox belongs to an Office 365 tenant and you use an “enlightened” client (those that understand Azure Information Protection). The latest version of OWA and Outlook mobile handle decryption with aplomb (Figure 2).

Office 365 OWA Message Encrytion
Figure 2: OWA displays an encrypted message (image credit: Tony Redmond)

The Outlook Experience

Although current versions of Outlook for Windows and Mac handle protected messages seamlessly, they need an upgrade to expose the option to encrypt messages and to be able to process encrypted messages. Until that upgrade is available, you must read encrypted messages using the Office 365 Message Encryption portal, which is the same experience as recipients outside Office 365 have.

Figure 3 shows how an unenlightened version of Outlook for Windows displays an encrypted message. Because this version of Outlook doesn’t know how to handle the file in the encrypted wrapper, it tells the recipient who sent the message and gives a link to the portal to read the message.

Office 365 Outlook Message Encryption
Figure 3: How the unenlightened version of Outlook sees an encrypted message (image credit: Tony Redmond)

To Encrypt or Protect, that is the Question

Given the choice to encrypt or protect messages, what should you do? Here’s a simple rule of thumb.

  • Encrypt messages with confidential or sensitive data sent to recipients outside your organization.
  • Protect messages with confidential or sensitive data sent to internal recipients or to recipients in domains you know respect the rights expressed in protection templates.

This rule of thumb is based on the simple fact that encryption works for all email addresses, so it is the catch-all solution when a need exists to protect content sent outside the company. Not every destination might be able to understand the limitations set by rights templates, but if a template is configured to support recipients in an external domain, it is an excellent way to protect information for the lifetime of the content.

(0 vote(s))
Not helpful

Comments (0)
Post a new comment
Full Name: