Office 365 Message Encryption

[Jan. 15, 2018 note: A more recent version of this report can be found at www.directionsonmicrosoft.com/research/secured/2018/01/office-365-message-encryption.]

A new implementation of the Office 365 Message Encryption service improves the user experience and offers more control over encrypted messages and cryptographic keys. Office 365 Message Encryption is a Microsoft-hosted service that automatically encrypts e-mail messages based on organization-defined rules. It is particularly useful for preventing eavesdropping on messages sent to external customers. Recent improvements could open the service to more regulated organizations and encourage users to encrypt sensitive data more frequently, which will enhance security. However, the new implementation imposes new technical requirements, and transitioning to it could be disruptive.

Capabilities and Limitations

Office 365 Message Encryption automatically encrypts outbound messages that match transport rules defined by the sending organization. For example, it can encrypt all messages whose subject lines contain specific keywords or that are being sent to external recipients. Recipients can view encrypted messages from most clients through a browser interface.