Description

Email encryption rules can be added to encrypt a message with defined rules such as having a particular keyword in the subject line or body. Most common is to add “Secure” as the key word in the subject to encrypt the message. M365/O365 Message Encryption works with Outlook.com, Yahoo!, Gmail, and other email services. Email message encryption helps ensure that only intended recipients can view message content.

Policy

• An email encryption policy Shall be configured

Licensing Considerations

To enable this feature, an Azure Information Protection Plan 1 subscription is required which can either be purchased standalone or as part of the following bundles:

• Microsoft 365 Business Premium

• Microsoft 365 E3

• Microsoft 365 E5

Azure Information Protection service description - Service Descriptions | Microsoft Learn

Set Up Instructions

Set up Microsoft Purview Message Encryption - Microsoft Purview (compliance) | Microsoft Learn

Add your brand to encrypted messages - Microsoft Purview (compliance) | Microsoft Learn

Follow these steps to configure a transport rule for email encryption.

End-User Impact

End-Users will likely need some instructions on how to use email encryption within the organization. Depending on how you role it out, they may have to type a specific subject line or leverage a built in plug-in that allows them to encrypt the message on demand. Users will need to open encrypted messages in Outlook on the web vs the email client on the desktop.

PowerShell Scripts

Set up an email encryption rule: https://github.com/msp4msps/Security/blob/master/Email%20Encryption%20Rule.ps1

Set up an email encryption rule (Multi-Tenant): https://github.com/msp4msps/Security/blob/master/Email%20Encryption%20Rule-All%20Customers.ps1

Verify Message Encryption: https://learn.microsoft.com/en-us/microsoft-365/compliance/set-up-new-message-encryption-capabilities?view=o365-worldwide#verify-microsoft-purview-message-encryption-configuration-in-exchange-online-powershell

Videos