Office 365 Message Encryption

Message Encryption

To set up message Encryption:

Prerequisites:

  • At least one subscription (preferably Admin) with Azure Rights Management Active
  • Only then will you be able to access “Rights Management”
  • Navigate to the O365 Admin Center > Service Settings > Rights Management > Manage > Make sure that its “Activatedhttps://technet.microsoft.com/en-us/library/jj585024

PowerShell:

  • Run Windows Azure Active Directory Module for Windows PowerShell as Admin
  • Run the initializing commands to connect to Exchange Online (enter the Global Admin Credentials)
  • $LiveCred = Get-Credential
  • $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $LiveCred -Authentication Basic –AllowRedirection
  • Net start winrm
  • set-executionpolicy unrestricted –force
  • Import-PSSession $Session
  • Run the following Commands to set up Azure Rights Management for Office 365 Message Encryption
  • The URL that is highlighted will change based on your geographic location (Reference: https://technet.microsoft.com/en-us/library/dn569291.aspx)
  • Set-IRMConfiguration -RMSOnlineKeySharingLocation “https://sp-rms.na.aadrm.com/TenantManagement/ServicePartner.svc”
  • Import-RMSTrustedPublishingDomain -RMSOnline -name “RMS Online”
  • Test-IRMConfiguration -RMSOnline
  • Set-IRMConfiguration -InternalLicensingEnabled $true

UI (Office 365):

  • Now let’s create a Transport rule to encrypt emails
  • Navigate to the Exchange Admin Center: O365 Admin Center > Exchange (bottom left)
  • Select “Mail Flow” > “Rules”
  • Create a new transport rule
  • Name the rule (Don’t select anything as yet)
  • Click on more options… (towards the bottom)
  • Apply the rule if the recipient is select internal/external from the dropdown select outside the organization
  • Add condition (only if you want to add additional conditions) for example: from the dropdown select message subject includes sensitive information and from the list selected the SSN
  • Under do the following: from the drop down select modify the message security then select apply Office 365 Message encryption and save the rule

  • I left everything else to default > Save

What is the end user experience!

  • When the end user gets the email this is what will display

  • Double click on the message.html to open the file

  • If you click on “Sign in” you would need to sign in with your account to authenticate
  • If you click on one-time passcode this is what you get

  • So then I sign into my outlook account and enter the passcode > Continue

  • Lo and behold here is my email.

Reference article: http://blogs.technet.com/b/govcloud/archive/2014/04/09/security-enabling-the-new-office-message-encryption-feature.aspx#.VHYzpSThUpG

Reference article for Encryption in Office 365: https://technet.microsoft.com/en-us/library/dn569286.aspx

Reference article for Set up Microsoft Azure Rights Management for Office 365 Message Encryption: https://technet.microsoft.com/en-us/library/dn569291.aspx