Enforcing email encryption

The Office 365 Messaging Encryption (aka: “Azure Information Protection”) service needs to be licensed and configured as a pre-requisite.

To Send an encrypted email

Option 1

Login to Outlook on the Web (aka: Outlook Web Access); compose message; Click “Protect” link at the top of the New Email then “Change Permission” and select “Encrypt”:



Option 2

If you’re using Outlook “Professional Plus” edition, you’ll have a button to send encrypted emails in Outlook (For other versions of Outlook, that feature doesn’t exist, yet!) By default, the button is on the File Menu, click “Set Permissions” and choose “Encrypt”:



To make things slightly easier, you can add it to the “Ribbon”. Click “New Email”. On the New Email window, right-click anywhere on the Ribbon and choose “Customize the Ribbon”. Create a “New Group”, then right-click and rename to something appropriate (e.g: “Permissions”):



Now change the “Choose commands from” box to “File Tab”; Scroll down and select “Set Permissions”, then click the “Add” button, then OK:



You should now see the Permissions button on the Ribbon (in a group called “Permissions”). Press this and select “Encrypt” BEFORE clicking SEND to encrypt your email:



Option 3

GWN can setup a rule on the email server that will encrypt any email that contain a special, hidden code.
We will put this code into an Outlook signature (named “Encrypt Email”) so you can select it before clicking SEND.

Receiving an encrypted email

Recipients using Office 365 Outlook on the Web (aka: Outlook Web Access) will see the email like any other – it will be decrypted “on-the-fly”.
(The only indication the message is encrypted is the padlock on the message list:
And the message on the email itself:

Recipients using other email clients will receive a message advising they’ve been sent an encrypted email:

Click the “Read the message” link which will open your web-browser and connect to Outlook on the Web. You may be prompted to login with your Microsoft account, or you can choose the option to read the message using a one-time passcode: