Send encrypted emails to anyone using Office 365 message encryption

Office 365 Message Encryption is a service that lets you send encrypted emails to people outside your company. No matter what the destination-, Yahoo, Gmail, Exchange Server, Lotus Notes, GroupWise, Squirrel Mail, you name it- you can send sensitive business communications with an added level of protection against unauthorized access.

Some business situations where this type of encryption is essential include, but are not limited to:

  • A bank sending credit card statements to customers over email.
  • An insurance company providing details about the policy to clients.
  • A mortgage broker requesting financial information from a customer for a loan application.
  • A healthcare provider using encrypted messages to send healthcare information to patients.
  • An attorney sending confidential information to a client or another attorney.
  • A consultant sending a contract to a client.
  • A therapist providing a patient diagnosis to an insurance company.

Office 365 Message Encryption is the newer version of Exchange Hosted Encryption (EHE) and  includes all of the capabilities of EHE plus other features, such as the ability to apply your company’s branding to encrypted messages. Like EHE, Office 365 Message Encryption works with Office 365 mailboxes as well as with on-premises mailboxes that use Exchange Online Protection.

Let’s take a closer look at how Office 365 Message Encryption works.

Setting up encryption

Administrators set up transport rules to apply Office 365 Message Encryption when emails match specified criteria. Transport rules provide great flexibility and control, and can be managed via a web-based interface or PowerShell.

Setting up the transport rules is simple. Administrators simply select the action to apply encryption or remove encryption in the Exchange admin center. This is an improvement over EHE, which required complex headers and multiple setup steps.

apply office 365 message encryption screenshot

You set up Office 365 Message Encryption rules in the Exchange admin center.

Once the admin sets up the rules, whenever anyone in the company sends a message that matches the conditions, the message is encrypted using Office 365 Message Encryption. The outgoing message is encrypted before it is delivered to the outside mail server to prevent any spoofing or misdirection.

Receiving and responding to encrypted messages

When an external recipient receives an encrypted message from your company, they see an encrypted attachment and an instruction to view the encrypted message.

outlook patient data screenshot

The encrypted message appears as an attachment in a message in the recipient’s inbox, with instructions for how to view it.

You can open the attachment right from your inbox, and the attachment opens in a new browser window. To view the message, you just follow the simple instructions for authenticating via your Office 365 ID or Microsoft Account.

secure email portal screenshot

Once you are authenticated, the content of an encrypted message appears.

The Message Encryption interface, based on Outlook Web App, is modern and easy to navigate. You can easily find information and perform quick tasks such as reply, forward, insert, attach, and so on. As an added measure of protection, when the receiver replies to the sender of the encrypted message or forwards the message, those emails are also encrypted.

email header screenshot

When you reply to an encrypted message you’ve received, your reply is also encrypted.

Applying custom branding

Office 365 Message Encryption allows you to customize the branding on your company’s encrypted messages and portal where the message is viewed. The customization is not limited just to your company logo, but can also extend to the text in the header, disclaimer, and the portal text in the sent email.

outlook screenshot

With Message Encryption, you can customize the disclaimer text and header text in your company’s encrypted emails.

portal text screenshot

You can also customize your company Logo and portal text that appear in your encrypted emails.

Administrators can use PowerShell cmdlets to set up the branding for these texts and images.

powershell screenshot

PowerShell can be used to set up different branding texts and logo emails encrypted in Message Encryption.

With Office 365 Message Encryption you can send sensitive information to people outside your organization with the confidence that that information is protected. To learn more, click here.

Was this article helpful?