Top Banner

Click here to load reader

Encrypt email messages ... Office 365 Email Encryption – Setup Guide Define rules to encrypt or decrypt email messages As an administrator, you can create mail flow rules, also known

Jun 09, 2020

ReportDownload

Documents

others

  • Office 365 Email Encryption – Setup Guide

    Define rules to encrypt or decrypt email messages

    As an administrator, you can create mail flow rules, also known as transport rules, to enable Office 365

    Message Encryption. This lets you encrypt any outgoing email messages and remove encryption from

    encrypted messages coming from inside your organization or from replies to encrypted messages sent

    from your organization. You can use the UNRESOLVED_TOKEN_VAL(exEAC) (EAC) or Windows PowerShell

    cmdlets for Exchange Online to create these rules. In addition to overall encryption rules, you can also

    choose to enable or disable individual message encryption options for end-users.

    Encrypt email messages You can define transport rules for triggering email message encryption by using the EAC or Windows

    PowerShell cmdlets for Exchange Online.

    To create a rule for encrypting email messages by using the EAC

    1. From the EAC, go to mail flow > rules > New. If you need help to become familiar with the EAC,

    see Exchange Admin Center in Exchange Online.

    2. Select + > Create a new rule.

    3. In Name, type a name for the rule, such as Encrypt mail for [email protected]

    4. In Apply this rule if select a condition, and enter a value if necessary. For example, to encrypt

    messages going to [email protected]:

    a. In Apply this rule if, select the recipient is.

    b. Select an existing name from the contact list or type a new email address in the check

    names box.

    To select an existing name, select it from the list and then click OK.

    To enter a new name, type an email address in the check names box and then

    select check names > add > OK.

    5. To add more conditions, select add condition and select from the list. For example, to specify

    that the previous rule applies only if the recipient is outside your organization:

    a. Select add condition and then select The recipient is located > Outside the

    organization.

    b. Select OK.

    6. To enable encryption, in Do the following, select Modify the message security > Apply Office

    365 Message Encryption, as shown below, and then select Save. You can select add action if

    you want to specify another action.

    https://technet.microsoft.com/en-us/library/jj200743(v=exchg.150).aspx

  • To create a rule for encrypting email messages by using PowerShell cmdlets

    1. Connect to Office 365 using Remote PowerShell, as described in Connect to Exchange Online

    using Remote PowerShell.

    2. Define a rule with the ApplyOME attribute set to True. For example, to require that all email

    messages that are addressed to [email protected] must be encrypted, type:

    3. New-TransportRule "Encrypt rule for drtoniramos" -SentTo

    "[email protected]" -SentToScope "NotInOrganization" -ApplyOME

    $true

    Where:

    This parameter Specifies:

    New-TransportRule "Encrypt rule for

    [email protected]" Name of the new

    rule

    https://technet.microsoft.com/en-us/library/jj984289(v=exchg.150).aspx https://technet.microsoft.com/en-us/library/jj984289(v=exchg.150).aspx

  • -SentTo "[email protected]" Condition 1

    -SentToScope "NotinOrganization" Condition 2

    -ApplyOME $true Encrypt the

    message

    Note:

    If you get an error message when you try to create an encryption transport rule, verify

    that Azure Rights Management (RMS) is set up for your organization by following

    the steps to activate Azure Rights Management from the Office 365 admin center. If

    you see an option to activate Azure RMS, then it has not been set up yet, and you'll

    need to activate it in order to use Office 365 Message Encryption.

    Remove encryption from email replies When your email users send encrypted messages, recipients of those messages can respond with

    encrypted replies. You can create transport rules to automatically remove encryption from replies so email

    users in your organization don’t have to sign in to the encryption portal to view them. You can use the

    EAC or Windows PowerShell cmdlets to define those rules. You can only decrypt messages that are either

    sent from within your organization or messages that are replies to messages sent from within your

    organization. Encrypted messages originating from outside of your organization cannot be decrypted.

    To create a rule for removing encryption from email replies by using the EAC

    1. From the EAC, go to Mail flow > + > Create a new rule.

    2. In Name, type a name for the rule, such as Remove encryption from incoming mail.

    3. In Apply this rule if, select the conditions where encryption should be removed from messages,

    such as The recipient is located > Inside the organization.

    4. In Do the following, select Modify the message security > Remove Office 365 Message

    Encryption.

    5. Select Save.

    To create a rule to remove encryption from email replies by using PowerShell cmdlets

    1. Connect to Exchange Online using Remote PowerShell.

    2. Define a rule with the RemoveOME parameter. For example

    New-transportrule -name "Remove encryption from incoming mail" -SentToScope

    "InOrganization" -RemoveOME $true

    https://go.microsoft.com/fwlink/p/?LinkId=525775

  • Where:

    This parameter Specifies:

    New-TransportRule "Remove encryption from incoming mail" Name of the new rule

    -SentToScope "InOrganization" Condition

    -RemoveOME $true Encrypt the message

    Add branding to encrypted messages

    As an Exchange Online or Exchange Online Protection administrator, you can apply your company

    branding to customize the look of your organization’s Office 365 Message Encryption email messages and

    the contents of the encryption portal. Using Windows PowerShell cmdlets, you can customize the

    following aspects of the viewing experience for recipients of encrypted email messages:

    • Introductory text of the email that contains the encrypted message

    • Disclaimer text of the email that contains the encrypted message

    • Portal text that will appear in the message viewing portal

    • Logo that will appear in the email message and viewing portal

    You can also revert back to the default look and feel at any time.

    The following example shows a custom logo for ContosoPharma in the email attachment:

  • To customize encryption email messages and the encryption portal with your organization’s brand

    1. Connect to Exchange Online using Remote PowerShell, as described in Connect to Exchange

    Online Using Remote PowerShell.

    2. Use the Set-OMEConfiguration cmdlet as described here: Set-OMEConfiguration or use the

    following table for guidance.

    https://technet.microsoft.com/en-us/library/jj984289(v=exchg.150).aspx https://technet.microsoft.com/en-us/library/jj984289(v=exchg.150).aspx https://technet.microsoft.com/en-us/3ef0aec0-ce28-411d-abe8-7236f082af1b

  • Encryption customization options

    To customize this

    feature of the

    encryption experience

    Use these Windows PowerShell commands

    Default text that

    accompanies encrypted

    email messages

    The default text appears

    above the instructions

    for viewing encrypted

    messages

    Set-OMEConfiguration -Identity

    -EmailText

    ""

    Example: Set-OMEConfiguration -Identity "OME

    Configuration" -EmailText "Encrypted message

    from ContosoPharma secure messaging system"

    Disclaimer statement in

    the email that contains

    the encrypted message

    Set-OMEConfiguration -Identity

    DisclaimerText

    ""

    Example: Set-OMEConfiguration -Identity "OME

    Configuration" -DisclaimerText "This message is

    confidential for the use of the addressee only"

    Text that appears at the

    top of the encrypted

    mail viewing portal

    Set-OMEConfiguration -Identity

    -PortalText ""

    Example: Set-OMEConfiguration -Identity "OME

    Configuration" -PortalText "ContosoPharma secure

    email portal"

    Logo Set-OMEConfiguration -Identity -Image

    Example: Set-OMEConfiguration -Identity "OME

    configuration" -Image (Get-Content

    "C:\Temp\contosologo.png" -Encoding byte)

    Supported file formats: .png, .jpg, .bmp, or .tiff

    Optimal size of logo file: less than 40 KB

    Optimal size of logo image: 170x70 pixels

  • To remove brand customizations on encryption email messages and the encryption portal

    1. Connect to Exchange Online using Remote PowerShell, as described in Connect to Exchange

    Online Using Remote PowerShell.

    2. Use the Set-OMEConfiguration cmdlet as described here: Set-OMEConfiguration. To remove your

    organization's branded customizations from the DisclaimerText, EmailText, and PortalText values,

    set the value to an empty string, "". For all image values, such as Logo, set the value to "$null".

    Encryption customization options

    To revert this feature of the

    encryption experience back

    to the default text and

    image

Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.