MIP Office 365 Message Encryption : Practice

Microsoft 365 Security
maher islaieh

introduction

in plreviouse article we have discussed the concept of OME 

 this articles we will see how to encrypt email with OME , and that that will effect email sent to outside organization 

activate RMS

OME capabilities leverage the protection features in Azure Rights Management Services (Azure RMS),

 the technology used by Azure Information Protection to protect emails and documents via encryption and access controls.

The only prerequisite for using the new OME capabilities is that Azure Rights Management must be activated in your organization’s tenant. If it is,

Microsoft 365 activates the new OME capabilities automatically and you don’t need to do anything.

  • navigate to the rights managementpage from the admin center: Settings > Org settings > Services tab > Microsoft Azure Information Protection > Manage Microsoft Azure Information Protection settings
  • On the rights management page, click activate.
  • When you see the message Do you want to activate Rights Management?, click activate.

You should now see Rights management is activated and the option to deactivate.

follow reds label
manage MS AIP settings
right management is activated

create mail flow rule

we will create mail flow rule  that encrypt :

  • any email have personal information like credit card number 
  • any email contain business company assets like quotation or RFQ  or RFP 

to create mail flow rule : >>

 

create new rule 
select apply OME

in image below 

  • set rule name 
  • apply if recipient out side organization 
  • apply if message contain credit card number or sales assets 
  • do the following : encrypt 
configure settings
no exception , and enforce rule >> then save
rule created

send email to external user

user hisham@networkspioneers.com send email to external users like [mahermmim@hotmail.com or maher.islaieh@gmail.com ] 

if email contain any credit card number or sales assets >> email will be encrypted 

in our case : email contain sales assets , which is Quotation >> so email should be encrypted  

For Better View > Open Image in different TAB

received email by external users

after hisham send email to external users 

let us to see how to this email look like with external mail users 

 

let us start with hotmail users 

hotmail first look >> then click read message
hotmail show email as encrypted
also with gmail get notification that we have got encrypted email
to open encrypted email >> user should provide credential
again : email encrypted

reply email by external users

we have seen how email received 

let us to see what will happened when external user reply to encrypted email 

external user reply
also replied email is encrypted 🙂 GREAT

conclusion

OME is Great feature to encrypt email and add extra layer of security to senstive email communication 

thank you 

maher islaieh
http://www.net-pioneers.com

Related Articles

Exchange Online Protection Introduction

maher islaieh

Identity Protection :emergency access and break glass

maher islaieh

Cloud App Security- Office 365 connector : the concepts

maher islaieh