Sunday, 10 April 2016

Office365 Email Encryption - Explained


Email encryption is an added layer of security to protect being read by non-intended recipients. Even though office 365 is doing secured transmission using TLS (Transport Layer Security) OME is to build more secured mail transactions. Earlier office 365 version which is FOPE/Wave14 encryption needed  separate Microsoft hosted Encryption license and tokens were issued by reputed service provider called “Voltage” but with multiple enhancement current version has got in built encryption technology in Office 365.
Prerequisites:
To enable encryption in Office365 all we need is the active Azure Rights Management License, Bu default it is available in E3 & E4 Subscriptions, for all other subscription you can purchase as an add on for just 2$/user/month.
How to?
Enabling Encryption is not that difficult: We just have to,
§  Activate Azure Rights Management License. (If already activated, proceed to next step)
§  Configure Azure Rights Management
§  Configure Transport Rule based on requirement

Activate Azure Rights Management License
1.    Login to Office365 Portal
2.    Service Settings on Left Pane- > Rights Management-> Manage
3.    Click on “Activate”
Below is the screen, You will see post activation.
RMS1

 
Configure Azure Rights Management:
2.    Run : Get-IRMConfiguration & make sure IRM is not enabled (If already enabled, You saved lot of time, Just transport rule is pending)
Refer table & choose URL of your region.
Location
RMS key sharing location
North America
https://sp-rms.na.aadrm.com/TenantManagement/ServicePartner.svc
European Union
https://sp-rms.eu.aadrm.com/TenantManagement/ServicePartner.svc
Asia
https://sp-rms.ap.aadrm.com/TenantManagement/ServicePartner.svc
South America
https://sp-rms.sa.aadrm.com/TenantManagement/ServicePartner.svc
Office 365 for Government (Government Community Cloud)
https://sp-rms.govus.aadrm.com/TenantManagement/ServicePartner.svc1
 
Example : For asia below is IRM configuration
§  Set-IRMConfiguration -RMSOnlineKeySharingLocation “https://sp-rms.ap.aadrm.com/TenantManagement/ServicePartner.svc”
§  Import-RMSTrustedPublishingDomain -RMSOnline -name “RMS Online”
§  Run the following commands to disable IRM templates from being available in OWA and Outlook and then enable IRM for your cloud-based email organization to use IRM for Office 365 Message Encryption:
To disable IRM templates in OWA and Outlook:
Set-IRMConfiguration – ClientAccessServerEnabled $false
To enable IRM for Office 365 Message Encryption:
Set-IRMConfiguration -InternalLicensingEnabled $true
Post configuration you will see it as below:
RMS1
To make sure all configured properly, You can run test by running “Test-IRMConfiguration -Sender user@domain.com
RMS3

 
Configure Transport Rule
Microsoft Technet has the detailed information on how to create transport rules with screenshot to apply encryption on messages. Based on your requirement you can customize the conditions to get the message encrypted.
Example, for me the encryption process should be simple so I need all my “High Importance” email should be encrypted, In this case I can simply click on “High Importance” button in Outlook/OWA and mails will be encrypted.
Below is the simple rule to achieve this requirement
Rule
After doing this all, I need to do is to simply click on “High Importance” and send the mail.
Image1
Image2
Image3
You can simply sign in using you Microsoft account, or use one time passcode to view the mail.
Image4
We can also create rule for confidential mails, By mentioning the condition for header Sensitivity: company-confidential.
Doing this we can change the sensitivity in outlook and send mails.
Image5
There are lot more you can do with transport rules to make it more effective way of processing mails.

 
References:

 
Feel free to comment below for any suggestions or questions :-)

1 comment:

  1. wow.... your site fulfil my all requirements..thanks for this amazing information.... Microsoft Office 365

    ReplyDelete

Google+ Followers

Blog Archive