Enable Office 365 Message Encryption
Message encryption is a great way to allow users to send sensitive information to people by simply adding a special word into the subject line of an email. The system will detect the special word which in my case is ‘Encrypt:’ and it will use 365 message encryption to ensure only the recipient can read its contents.
When you send an encrypted email the recipient receives an email from you letting them know its encrypted and to view the page they click on the link. The link opens up a Microsoft webpage where the recipient can login with a Microsoft account and read the email or enter a one time password which gets sent to their mailbox.
This method greatly secures the contents and helps to ensure only the recipient can read the message.
Setting this up is not exactly straight forward and does require some PowerShell. Don’t worry though because I’ve wrapped it all up in a simple script for you.
Please note that I already know its not secure to post images containing cloud admin credentials and usernames. All accounts in this post are not used and are trial accounts for lab purposes only!
1. Download the script and run it as an administrator
Download Here: Enable Message Encryption (340 downloads)
2. Select your local region from the list. If your region is not listed select the one closest to you and press enter.
3. Enter the credentials of a tenant administrator.
4. Give the script a couple of minutes to run and agree to any modules that need installing if prompted.
5. If everything is successful your output should look something like this. If not copy all of the text and review the error messages. I had to run this script a couple of times on one of my labs because there appears to be some replication time needed between various commands that run.
If all is good then write a test message with the text ‘Encrypt:’ in the subject line. Here I send an email to an external address and add the tag at the start of the subject.
6. If the recipient receives something like this then congratulations, message encryption is working!
To access the message the recipient needs to open up the message.html file.
7. The recipient can log into their 365 account if they are using one or click ‘Use a one-time passcode’.
8. A passcode is sent to the recipients email address.
9. The recipient enters the one time passcode and clicks on continue.
10. The message is then displayed along with any attachments available to download!
Office 365 message encryption is a great feature you can use to send sensitive information to people outside your organisation. Do you need to send your accountants financial files? Need to send someone a list of passwords?
This feature gives you an option to add extra security protection to sensitive emails without any complicated steps or processes.