Purview message encryption

Encryption in general

Encryption is the process by which information is encoded so that only an authorized recipient can decode and access the information. Microsoft 365 uses encryption in two ways: in the service, and user/policy controlled. In the service, encryption is used in Microsoft 365 by default; you don't have to configure anything. For example, Microsoft 365 uses Transport Layer Security (TLS) to encrypt the connection, or session, between two servers.

Where the user/ policy side of things is the measure many companys could benefit from, both in terms of being able to guarantee that their content ONLY is viewed by the intended recipient, but also making others able to fullfill legal requirements.

Like for instance here in Denmark where since 1 January 2019, it has been the practice that private companies – just as it has been the case for public authorities since 2000 – will normally have to use encryption when transmitting confidential and sensitive personal data by e-mail via the Internet.

This is not to confuse with encryption when data are at rest, like for instance Bitlocker.

O365

So how is this handled by Microsof 365 - The classis OME message encryption which was there for long is now being replaced by Purview message encryption, giving a much more flexible and customizable experience both for the internal user, but even more for the recipient.

The branding experience alone, giving the external confidence that this strange looking message is infact coming from your organization is super nice.

Take a look at our consultant Thomas Juhl article on how to configure this: https://www.thomasjuhlolesen.dk/2022/11/ms-purview-replaces-ome-encryption.html

For many this is an overlooked feature, and i would urge anyone to start scrathing the surface to get comfortable with the feature, in a not so far future, encryption will be the default experience for ALL correspondance in my opinion.

Our favorite approaches for encryption:

Mail flow rule

By means of a mail flow rule, that encrypts based on specific words, then use a "word" like encryptthis and put this in as a hidden word in an autosignature - giving the user super easy access to on-demand encryption.

Labelling

Encrypt be means of a label policy in Microsoft purview that uses predefined content types

Manually in Outlook

In an email message, choose?Options, select?Encrypt?and pick the encryption that has the restrictions you want to enforce, such as?Encrypt-Only?or?Do Not Forward.

Licensing and Get started

To use Microsoft Purview Message Encryption, you need one of the following plans:

• Microsoft Purview Message Encryption is offered as part of Office 365 Enterprise E3 and E5, Microsoft 365 Enterprise E3 and E5, Microsoft 365 Business Premium, Office 365 A1, A3, and A5, and Office 365 Government G3 and G5. You don’t need additional licenses to receive the new protection capabilities powered by Azure Information Protection.
• You can also add Azure Information Protection Plan 1 to the following plans to receive Microsoft Purview Message Encryption: Exchange Online Plan 1, Exchange Online Plan 2, Office 365 F3, Microsoft 365 Business Basic, Microsoft 365 Business Standard, or Office 365 Enterprise E1.

The internet contains tons of info on how to get started.

Intro to Purivew:?https://learn.microsoft.com/en-us/azure/purview/overview

Encryption in general info:?https://learn.microsoft.com/en-us/microsoft-365/compliance/encryption?view=o365-worldwide

In Arkimentum we have consultants that are experienced and certified in how to get this setup properly.

Have a great and encrypted day