ICT role in 21st century education and its challenges
Secure Communication with Office 365
1.
2. Peter Schmidt
Cloud Architect, Globeteam A/S
Expertise areas:
Office 365, Exchange, Azure, PKI
Microsoft MVP: Office Servers and Services (10 Year)
Microsoft Certified Master: Exchange
MCSE: Messaging, MCSA: Office 365
MCSE: Server Infrastructure, MCSE: Public Cloud
ITIL Foundation Certified
Contact me:
E-mail: psc@globeteam.com
Blog: www.msdigest.net
Twitter: @petsch
3. Office 365 Message Encryption
• Admin:
– Simple to provision and configure
– Policy driven via Transport Rules
– Customizable branding of encrypted emails and mail reading portal
– Allows for Enterprise content inspection and compliance
• Sender:
– Ability to send encrypted messages to any SMTP address regardless of recipient’s client or service
provider
• Recipient:
– View encrypted messages on Office 365 Message Encryption portal after sign-in
– Office 365 Message Encryption portal has rich OWA controls for viewing and composing messages
– Replies from the portal are also encrypted
4. New actions configurable via UI or PowerShell
New-TransportRule –Name EncryptRule <Condition for which to apply
encryption> -ApplyOME $true
New-TransportRule –Name DecryptRule <Condition for which to remove
encryption> -RemoveOME $true
5. Customize opening text in encrypted email and disclaimer
statement
Set-OMEConfiguration -Identity default
-EmailText "Encrypted message from
ContosoPharma secure messaging system"
Set-OMEConfiguration -Identity default
-DisclaimerText “This email message and
its attachments are for the sole use of
the …"
8. Office 365 Message Encryption
How do recipients sign-in to view messages? – 3 ways
• Microsoft account – used for sign-in to Microsoft services like OneDrive, XBOX
Live, etc…
– Microsoft account for hotmail.com, outlook.com, live.com already exists
– User can create Microsoft account for any SMTP address, like gmail.com, mycustomdomain.com – address
verification done as part of account creation process
– If recipient does not have a Microsoft account, recipients are navigated through the process of creating one
– For a given email address, a single Microsoft account is used to access all Microsoft services and view future
encrypted emails
• Organizational Account – used for sign-in to workloads like Exchange Online,
SharePoint Online, etc…
• One time Passcode
As Office 365 embraces additional identity providers, so will Office 365 Message Encryption.
9. Exchange Online
Policy detection
and Enforcement
Tenant
configuration
O365 User Internet User
Microsoft
account/Organization
Account/One time
Passcode
Mail Reading Portal
11. Office 365 Message Encryption is included with Azure Information Protection
Plan Requires Price
Office 365 E3, E5 – Microsoft 365 E3, E5 Azure Information Protection is included Included
Office 365 E1, F1 Azure Information Protection Plan 1 $2 PUPM
Office 365 Exchange Online Plan 2, Plan 1, Kiosk Azure Information Protection Plan 1 $2 PUPM
Office 365 SharePoint Plan 2, Plan 1 Azure Information Protection Plan 1 $2 PUPM
Office 365 Business Azure Information Protection Plan 1 $2 PUPM