SOLVED: How To Send Encrypted Email & Block Forwarding or Copying With Office 365 Email

If you have Office 365 email (a.k.a. hosted Exchange), you can now block recipients from forwarding your email and you can encrypt your email.   In fact all Office365 to Office365 email is already encrypted, but email that leaves Microsoft’s Office365 is not… until now.

Today you can easily encrypt your email or block someone from copying the text, taking a screen grab, printing or forwarding the message as long as they are using one of the big email tools like GMail, Yahoo, Hotmail, or Outlook.  The call this new service Office365 Message Encryption or OME for short.

Previously if you wanted to encrypt an email you needed either and add on service like OpenPGP or to go through the complexity of configuring Microsoft Rights Management Service (RMS).  That has all changed when Microsoft started including Rights Management in what they now call Azure Information Protection (AIP).  AIP and therefore RMS is now included in the following Office365 bundles:

Subscription  Includes Azure Information Protection for Office 365 
Office 365 Business Essentials No
Office 365 Business Premium No
Office 365 Enterprise E1 No
Office 365 Education A1 Yes 
Office 365 Enterprise E3 Yes  
Office 365 Education A3 Yes  
Office 365 Government G3 Yes 
Office 365 Developer No
Office 365 Enterprise E4 Yes  
Office 365 Education A4 Yes  
Office 365 Government G4 Yes 
Office 365 Enterprise E5 Yes  
Office 365 Education A5 Yes 
Office 365 Enterprise F1 No

Most organizations interested in encryption will have an E3, E5, Government or Education subscription.

As of a few months ago those with AIP bundles had Azure Rights Management setup automatically:

02/07/2019 – When you have a service plan that includes Azure Rights Management, you might not have to activate the service:

  • If your subscription that includes Azure Rights Management or Azure Information Protection was obtained towards the end of February 2018 or later: The service is automatically activated for you. You do not have to activate the service unless you or another global administrator for your organization deactivated Azure Rights Management.
  • O365 encryption - MANAGE MICROSOFT AZURE INFORMATION PROTECTION SETTINGSIf your subscription that includes Azure Rights Management or Azure Information Protection was obtained before or during February 2018: Microsoft is starting to activate the Azure Rights Management service for these subscriptions if your tenant is using Exchange Online. For these subscriptions, automatic activation is starting to roll out August 1, 2018 when the service will be activated for you unless you see AutomaticServiceUpdateEnabled is set to false when you run Get-IRMConfiguration.


how to encrypt an email with Office 365Assuming that is in place, the next time you send an email click:

  2. ENCRYPT (might be named PROTECT) depending on the build of Outlook you are using
    1. If this is your first time, the system will pop up a message like RETRIEVING TEMPLATES and that process will take more than one or two seconds, so don’t be put off by it.
  3. then set the permission to either ENCRYPT-ONLY or DO NOT FORWARD

outlook DO NOT FORWARD creates black screenIf you set it to DO NOT FORWARD, it actually blocks forwarding, text copying, screen grabs, and printing.  It even blocks print screens!

What it does not block is your cell phone camera as you can see below.

photo of rights management email - forward print copy screenshot is blocked



Questions or Comments?