Understanding Office 365 Message Encryption

Microsoft Windows SecurityMicrosoft recently released Office 365 Message Encryption (by message, they are referring to email). Immediately after launch, I got several emails from clients saying “What, my email has not been encrypted!!!” So I thought I would write a short post to explain what is going on. Without this new service, your email IS encrypted, at rest, and between your email client and Microsoft’s Data Centers. When you send an email to someone, it is encrypted at your client and at Microsoft’s Data Centers, however when it leaves Microsoft’s Data Center on its journey to your recipient, it is no longer encrypted. This is not a Microsoft shortcoming, it is how all email works from anybody, unless you have added an encrypting service. Prior to Microsoft’s introduction of their own Office 365 Message Encryption service, users requiring end-to-end encryption would have probably used a third-party encryption service that basically intercepts email and provides the desired encryption.

You may have absolutely no need for this service. If you have never received an encrypted message, you may not even know what it is. Who might need it? Well, if you or your organization deals with communicating sensitive information, encryption is something you probably should consider. In addition to protecting sensitive information, it can also increase your customer’s confidence when they see that you have taken additional steps to safeguard their information. While encryption adds a high degree of security, it also adds some steps in order to achieve it. As a sender, once things are setup, you really don’t need to do anything different from what you currently do. The steps are on the recipient’s end. The recipient will receive an email from you in their inbox, but instead of including the content of the message, it will include a link. In order to see the content of the message, the recipient will have to click the link which will take them to a special webpage (which can be branded with your name). Once on this page, they still can’t see your content until they authenticate (login). This is the crux of encryption and all services have to have some method of authentication (logging in) to un-encrypt the message for the recipient. In Microsoft’s case it is a Microsoft ID, either a Live ID or Office 365 ID. Fortunately, many users will already have one. If they don’t they can create one on-the-spot. After they authenticate (login) they can see your message content and attachments. If the recipient replies, that same encrypted “envelope” will be returned to you, still encrypted. You can’t see their reply unless you are authenticated, which of course you already would be.  By the way, you can set simple rules as to when encryption is applied, for example on one extreme, every single outgoing organization email can be encrypted automatically, or, as we use it here, only messages that contain the word “Encrypted” in the subject line will be encrypted. There is actually a ton of flexibility in setting up these rules and triggers, and it is pretty simple.

Ok, so what does this service cost? Office 365 Message Encryption is actually part of another service called Microsoft Azure Rights Management which also includes some other interesting features that I will not go into here. If you are on Enterprise E-3 or E-4, Microsoft Azure Rights Management is already included, the encryption service just needs to be activated; we can help you with this. If you are on any of the other plans that include Exchange, the cost to add Microsoft Azure Rights Management, which includes Office 365 Message Encryption, is $2/user/month; and of course we can help you with that as well. One thing to note is that this is not available at all for any of the Home or Small Business Subscriptions; if you are on one of these contact us and we can explain your options.

The best way to experience and understand Office 365 Message Encryption is to receive an encrypted message yourself as a recipient. If you would like to see what your recipient would see, let us know on our contact page and we will send you an email encrypted with Office 365 Message Encryption.

Add your 2 cents to my 2 cents and we'll have 4 cents!