Encrypting O365 Emails

Email security is, quite rightly, a very important issue for many; email is frequently used to send sensitive information and unencrypted emails can be read by unintended recipients, hackers, or simply somebody who passes by when your screen is open.

For this reason, more and more people are looking at encrypting their emails in order to protect sensitive information. Not only is this valuable in itself but it’s also a good way of limiting your liabilities if the worst does occur, as you can demonstrate that you were taking reasonable precautions with your data.

By default, Office 365 encrypts emails when they are sent, but that doesn’t mean they can’t be hacked as they travel to the recipient or when they are received. A new add-on for Office 365 addresses this problem, encrypting emails from end to end; the recipient of an encrypted email will have to visit the Office 365 webpage where they will receive a temporary passcode giving them access to the message. Users can also encrypt already-downloaded messages, preventing them from being forwarded or copied.

Using the Azure Information Protection feature, subscribers can now (for two dollars a month extra) access the capability of encrypting all emails, not just those two people within the same organization (it should be noted that a fee may be payable to IT providers for configuring the new program).

The new encryption service ensures that every message in a thread is encrypted and offers the option to use the recipient’s email address as the key, eliminating the need for certificates. Security can also be added to prevent messages being forwarded without permission and to manage the sender’s rights.

Usefully, attachments created using the Office 365 suite can also be protected, so business information contained in Word, Excel, or PowerPoint files will be protected. This is not, however, applied to PDFs.

These new encryption services can be accessed by setting up Online Message Encryption and/or Information Rights Management for Exchange Online within Office 365. In order to use the services, you must also be using Azure Rights Management services from Azure Information Protection. Users still employing Active Directory Rights Management Service (AD RMS) in Exchange Online will have to switch over to Azure Information Protection before setting up message encryption.