Office 365 Encrypted Email - Initial Setup

The first step is to ensure that any email traveling outside your organization is forced through your Exchange server environment. Currently, there is no option to force all outbound emails to be directed via the Message Encryption Service, so you will want to ensure your on-premises Exchange Server is designated as the corporate outbound email connector. In this way, we can take advantage of using a Message Encryption Transport Rule to force all intended encrypted emails to be routed through the Message Encryption Service. Additionally, this Transport Rule will need to be assigned a scope that allows for the secure delivery of the encryption message to the recipient’s email infrastructure. For mail that is just traveling to other tenant domains hosted in Office 365, the delivery is already inherently secure.

Introduction to Email Encryption

Email encryption is a topic that can be rather complex. Office 365 and Azure Information Protection make it simpler for you by providing server-side and client-side encryption. Server-side means that emails are encrypted globally, at rest and in transit. Client-side means that you can use a program, add-in, or plug-in to encrypt the body of the email with a password, or you can encrypt individual files and attach them to messages without the recipient having special email programs or add-ins to read the email or open any attached files.

However, if you and the recipient work in industries where encryption isn't an option, you need to be aware of the issues that confirm that encryption, the access rules for the file don't get accidentally changed, and that the receiver can open the email without too much hassle. Email encryption includes examining how to set up and use Office 365 Message Encryption. What is Azure Information Protection? What are the Exchange Online Protection email encryption features? What data is already encrypted with Office 365? What is involved in encryption? What are the reasons that you shouldn't send secure communications by email? These topics include more for Office 365.

Understanding the Importance of Email Encryption in Office 365

Office 365 data is not encrypted at rest for customers by default. We encrypt data that travels between our datacenters and user devices, and multiple times when it moves within our datacenters. Did you know that email encryption is an important aspect of the Office 365 Security Compliance Center? This feature will assist us when we have the turmoil of clicking the ‘send’ button. When we send an encrypted email that is different from what is set by default in our Office 365, we are not just securing the email message, but the attachments are wrapped so nicely as well. No, users will not ever know that they have the power to send an encrypted email. It is our job to provide the feature and let the users understand the importance of these features. Mind you, no one likes to hear the ‘cry wolf’ story. No one likes to see an encrypted email being sent to all recipients without proper care.

The main concern of sending an email is when we send sensitive data to the wrong person. Most companies that have already set up their Office 365 did not enable these features that have been provided for them to utilize. Some even purchase other third-party products just to make sure that their email is secure. I was stunned when I found out recently that most of Office 365 has additional features that have PCI compliance. To be PCI relevant, the email is to be obvious for whom it was originally intended to read.

Step-by-Step Guide to Setting Up Encrypted Email in Office 365

Once you have signed up for Message Encryption, or are using Exchange Online in Office 365, and have set up Microsoft 365 Message Encryption, admins and users can encrypt and protect email in the Exchange portion of the Outlook mail client. This allows the Exchange email service to guarantee compliance. Just follow the steps below to protect messages and confirm encryption.

Messages in transit are also protected if both parties are using an email client that supports encryption via TLS. If you want constant and always encrypted communication and are using Office 365/Outlook, you can configure a rule to require always encrypted emails. Log in to your regular email account with your regular email login credentials. Once there, you can follow Step 1 in the web-based instructions. Note that the following is a summary of these instructions and the options you select or enter on your screen will depend on your setup and the settings of your organization.

By utilizing Office 365’s Information Rights Management, we can ensure that all communication (incoming and outgoing) has the proper level of encryption. To enable this, you will need to implement message rules. If you want constant encrypted communication and are using Office 365 or Outlook, you can require email encryption using Transport Rules. This is less invasive. This message rule will require TLS encryption between your organization and anyone in a designated recipient or sender role (i.e., customers, business associates, employees, etc.). The beauty of TLS isn’t just about the encryption, but also about establishing identity. In order to enable the secure handling of the transmission of all email communications, it is recommended that you encrypt email in Office 365 this way. With the setting enabled, your email is sent through a connection that has opportunistic transport based on the recipient's domain. This feature ensures that Microsoft 365 encryption is available and that all of your emails and any attachments are secured at rest with stricter security controls based on your organization's compliance recommendations and settings.

Best Practices for Maintaining Email Security in Office 365

1. Use Exchange Online Protection for Protection Against Spam and Malware With Exchange Online Protection, you help protect your organization against spam, malware, and other message threats. This feature allows you to control, manage, and monitor your inbound and outbound internet mail. All email goes to data centers, and EOP receives it there. Traffic EOP receives is filtered and is then sent to your organization via a secure link called a connector.
2. Use Mail Flow Rules to Encrypt Email Mail flow rules seem to be the desired method for encrypting on-premises Office 365, as it has the most flexibility. Once one has created an encryption mail flow rule, it is prompted to have Azure Information Protection Plan 1 for each user that the rule applies to. Once an email is encrypted in Outlook, only the recipient will be able to see that email. You can create a mail flow rule that can inspect attachments and decide whether or not to encrypt, depending on the content of the document so that certain confidential documents are targeted for encryption. Also, one is able to create a disclaimer for an email when it is encrypted or not encrypted.
3. Educate Users About Phishing, Spoofing, and Other Social Engineering Attacks Office 365’s built-in security features help users report messages as they see them and automatically send those messages for remedial action. It even offers custom training templates educating end users. With Phish Threat, if someone falls for a simulated attack, they will be automatically redirected to a secure, educational landing page.
4. Use Data Loss Prevention Policies to Find and Protect Sensitive Information Office 365 data loss prevention is most effective when it is part of an integrated security solution. It is especially useful for detecting sensitive information that users might not recognize, remediating risks, and providing the insight and tools you need to manage and protect data.
5. Use Information Rights Management for Additional Protection Information Rights Management is the use of technology to protect information from unauthorized access. If users cannot print, copy, or forward sensitive documents, there is no way for them to send that information to unauthorized viewers.
6. Verify Email Address Before Replying to a Client It is essential not to fall victim to email impersonation scams by viewing your staff or client’s display details carefully before replying to any email. Verify the email address of the sender if you are prompted to do any sort of money transaction or send over any sensitive information.