If you have Office 365 email (a.k.a. hosted Exchange), you can now block recipients from forwarding your email and you can encrypt your email. In fact all Office365 to Office365 email is already encrypted, but email that leaves Microsoft’s Office365 is not… until now.
Today you can easily encrypt your email or block someone from copying the text, taking a screen grab, printing or forwarding the message as long as they are using one of the big email tools like GMail, Yahoo, Hotmail, Outlook.com or Outlook. The call this new service Office365 Message Encryption or OME for short.
Previously if you wanted to encrypt an email you needed either and add on service like OpenPGP or to go through the complexity of configuring Microsoft Rights Management Service (RMS). That has all changed when Microsoft started including Rights Management in what they now call Azure Information Protection (AIP). AIP and therefore RMS is now included in the following Office365 bundles:
|Subscription||Includes Azure Information Protection for Office 365|
|Office 365 Business Essentials||No|
|Office 365 Business Premium||No|
|Office 365 Enterprise E1||No|
|Office 365 Education A1||Yes|
|Office 365 Enterprise E3||Yes|
|Office 365 Education A3||Yes|
|Office 365 Government G3||Yes|
|Office 365 Developer||No|
|Office 365 Enterprise E4||Yes|
|Office 365 Education A4||Yes|
|Office 365 Government G4||Yes|
|Office 365 Enterprise E5||Yes|
|Office 365 Education A5||Yes|
|Office 365 Enterprise F1||No|
Most organizations interested in encryption will have an E3, E5, Government or Education subscription.
As of a few months ago those with AIP bundles had Azure Rights Management setup automatically:
02/07/2019 – When you have a service plan that includes Azure Rights Management, you might not have to activate the service:
- If your subscription that includes Azure Rights Management or Azure Information Protection was obtained towards the end of February 2018 or later: The service is automatically activated for you. You do not have to activate the service unless you or another global administrator for your organization deactivated Azure Rights Management.
- If your subscription that includes Azure Rights Management or Azure Information Protection was obtained before or during February 2018: Microsoft is starting to activate the Azure Rights Management service for these subscriptions if your tenant is using Exchange Online. For these subscriptions, automatic activation is starting to roll out August 1, 2018 when the service will be activated for you unless you see AutomaticServiceUpdateEnabled is set to false when you run Get-IRMConfiguration.
If you want to confirm you have it, just click HERE, select AZURE INFORMATION PROTECTION SERVICES and then MANAGE MICROSOFT AZURE INFORMATION PROTECTION SETTINGS.
- ENCRYPT (might be named PROTECT) depending on the build of Outlook you are using
- If this is your first time, the system will pop up a message like RETRIEVING TEMPLATES and that process will take more than one or two seconds, so don’t be put off by it.
- then set the permission to either ENCRYPT-ONLY or DO NOT FORWARD
What it does not block is your cell phone camera as you can see below.