Emails encryption in Office 365
Introduction:
Encryption is the process by which information is encoded so that only an authorized recipient can decode and consume the information.
Steps:
The process to setup and enable Office 365 Message Encryption is easy. There are three main steps that need to be followed:
- Activate Azure Rights Management.
- Setup Azure Rights Management for Exchange Online.
- Setup transport rules to enforce message encryption in Exchange Online.
Step 1: Activate Azure Rights Management for O365 Message Encryption.
- Sign in to Office 365.
- In O365 Admin Center, go to Settings > Services & Add-ins and select Microsoft Azure Information Protection.
- Click on Manage Microsoft Azure Information Protection settings and you will be redirected rights management Activate the Rights Management.
Step 2: Set up Azure Rights Management for O365 Message Encryption.
- In this step we will use PowerShell to connect to Exchange Online, Open PowerShell as Administrator and enter the following commands to connect and import the session
Set-ExecutionPolicy RemoteSigned $cred = Get-Credential $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $cred -Authentication Basic –AllowRedirection Import-PSSession $Session
- Verify your IRM is not already configured
Get-IRMConfiguration - Configure RMS with the online key-sharing locationfor Exchange Online with PowerShell (locations below).
Set-IRMConfiguration -RMSOnlineKeySharingLocation https://sprms.ap.aadrm.com/TenantManagement/ServicePartner.svc
Location RMS key sharing location North America https://sp-rms.na.aadrm.com/TenantManagement/ServicePartner.svc European Union https://sp-rms.eu.aadrm.com/TenantManagement/ServicePartner.svc Asia https://sp-rms.ap.aadrm.com/TenantManagement/ServicePartner.svc South America https://sp-rms.sa.aadrm.com/TenantManagement/ServicePartner.svc Office 365 for Government https://sp-rms.govus.aadrm.com/TenantManagement/ServicePartner.svc - Import the Trusted Publishing Domain(TPD) from RMS Online
Import-RMSTrustedPublishingDomain -RMSOnline -name “RMS Online”
- Verify successful setup of IRM in Exchange Online.
Test-IRMConfiguration –sender [email protected]
- Disable IRM templates in OWA and Outlook.
Set-IRMConfiguration -ClientAccessServerEnabled $false
- Enable IRM for Office 365 Message Encryption.
Set-IRMConfiguration -InternalLicensingEnabled $true
- Viewthe IRM Configuration.
Get-IRMConfiguration
Step 3: Create transport rule to encrypt message.
- In Office 365 Admin Center, go to Exchange Online Admin Center.
- Go to Mail Flow > Rules.
- Click the + and create your transport rule.
- This rule will encrypt anything that is sent external.
- Make sure the rules are active.
- Testing that the transport rule applies Office 365 Message Encryption.
Conclusion:
Its easy to encrypt your mail and secure it in Office 365.