Enable Email Encryption
Description
Email encryption rules can be added to encrypt a message with defined rules such as having a particular keyword in the subject line or body. Most common is to add “Secure” as the key word in the subject to encrypt the message. M365/O365 Message Encryption works with Outlook.com, Yahoo!, Gmail, and other email services. Email message encryption helps ensure that only intended recipients can view message content.
Policy
An email encryption policy Shall be configured
Licensing Considerations
To enable this feature, an Azure Information Protection Plan 1 subscription is required which can either be purchased standalone or as part of the following bundles:
Microsoft 365 Business Premium
Microsoft 365 E3
Microsoft 365 E5
Azure Information Protection service description - Service Descriptions | Microsoft Learn
Set Up Instructions
Set up Microsoft Purview Message Encryption - Microsoft Purview (compliance) | Microsoft Learn
Add your brand to encrypted messages - Microsoft Purview (compliance) | Microsoft Learn
Follow these steps to configure a transport rule for email encryption.
End-User Impact
End-Users will likely need some instructions on how to use email encryption within the organization. Depending on how you role it out, they may have to type a specific subject line or leverage a built in plug-in that allows them to encrypt the message on demand. Users will need to open encrypted messages in Outlook on the web vs the email client on the desktop.
PowerShell Scripts
Set up an email encryption rule: https://github.com/msp4msps/Security/blob/master/Email%20Encryption%20Rule.ps1
Set up an email encryption rule (Multi-Tenant): https://github.com/msp4msps/Security/blob/master/Email%20Encryption%20Rule-All%20Customers.ps1
Verify Message Encryption: https://learn.microsoft.com/en-us/microsoft-365/compliance/set-up-new-message-encryption-capabilities?view=o365-worldwide#verify-microsoft-purview-message-encryption-configuration-in-exchange-online-powershell
Videos
Last updated