Office 365: Office 365 Message Encryption and Data Loss Prevention Policies
What is Office 365 Message Encryption (OME)?
Office 365 Message Encryption (OME) lets you send encrypted email to people inside or outside your organization, regardless of the destination email address (Gmail, Yahoo! Mail, Outlook.com, etc.). To view encrypted messages, recipients can either get a one-time passcode, sign in with a Microsoft account, or sign in with a work or school account associated with Office 365. Recipients can also send encrypted replies. They don't need a Microsoft 365 subscription to view encrypted messages or send encrypted replies. No special client side software is needed as long as the encrypted message (sent as an HTML attachment) can be opened in a browser.
Internal recipients can use their UT Austin Office 365 account and the Outlook Web Application to view the encrypted message. Recipients external to UT's Office 365 tenant can use a one-time pass code sent to their email or SSO to view the encrypted message.
Microsoft recommends using OME when you want to send sensitive business information to people outside your organization, whether they're consumers or other businesses.
- A bank employee sending credit card statements to customers
- A doctor's office sending medical records to a patient
- An attorney sending confidential legal information to another attorney
What is DLP?
Office 365 Data Loss Prevention Policies, or DLP, prevents users from emailing sensitive data, like social security numbers, to external addresses and forces encryption on a large amount of sensitive information emailed internally. When Office 365 DLP detects sensitive information in a message to an external address from Office 365, the message will be rejected and the sender will be notified. When Office 365 DLP detects sensitive information in a message to an internal recipient, the message will be encrypted.
I Have Received an Encrypted Message
Depending on the internal recipient's client, if a message has been encrypted, they will see:
This suggests that the email client is not configured to view the encrypted message. The easiest way to view the message is in the Outlook Web Application.
I Have sent a message that has been automatically encrypted
No additional action is required on your part. You will receive a notification from email@example.com (seen below) and the recipient will receive instructions on how to open the encrypted message.
Where can I find more information?
More information regarding Data Classification Standards can be found at the Information Security Office Data Classification Guidelines page. Please review the Local and Cloud Services Decision Matrix to determine how to store or properly share sensitive information. If you have any questions or concerns, please contact the University of Texas Information Security Office at firstname.lastname@example.org.