Sending/Receiving Encrypted Emails with Office 365

On occasion there is a need to share sensitive or protected data through email.  Examples include, social security numbers, banking account numbers, passwords, credit card numbers, and other personal identification numbers and data.  Protected or sensitive shared through email should always be encrypted.  The purpose of this document is to provide R-MC email users with instructions on how to safely and securely send and receive encrypted emails using the applications available through Microsoft Office 365. 

With Office 365 Message Encryption (Azure Information Protection), an encrypted email can be sent from the Office Outlook client and Outlook Web Access (OWA).  Recipients of encrypted messages who are part of R-MC are able to read encrypted messages in many versions of Outlook available on different systems, including Windows, Apple computers, Outlook Web Access, iPads and iPhones, and Android devices. Employees and college correspondents should use the email encryption services to ensure confidential or sensitive emails can only be read by the intended recipient(s).  

Attachments included from the Microsoft Office suite will be encrypted using the features built-in with Microsoft email and the Office 365 portal.  We have successfully tested this feature with Microsoft Office files and Adobe PDFs. 

The instructions apply to R-MC Faculty, Staff, and Students.  In order to use Azure Information Protection, the sender must be licensed in Office 365 to use this feature.  At this time the license is not available to retirees or alumni using R-MC email.  Email can be encrypted and sent to external users using the tools available in Office 365. 

The email client is available through a number of different platforms. Instructions are provided below for the Outlook 365 client available on Windows computers. Basic information regarding encrypted messages on other operating systems are also provided. 

Outlook 365 Client Application (Windows) 

Send 

In an email message, choose Options, select Encrypt and pick the encryption that has the restrictions you want to enforce, such as Encrypt-Only, Do Not Forward, etc. 

The email is encrypted. If do not forward is chosen, recipients can read the message but cannot forward, print, or copy content without the owner’s permission. 

If the Encrypt option is not visible, a second option may be used to send an encrypted message from the Outlook client. In an email message, choose Options, select Permissions and pick the encryption option that has the restrictions you'd like to enforce, such as Do Not Forward. 

Read 

If you're in an Office 365 organization, you can read messages encrypted with the do-not-forward policy or custom protection templates in Outlook 365 for Windows, Outlook 365 for Mac, Outlook on the web (OWA), Outlook for iOS, and Outlook for Android.  

View and Reply to an Encrypted Message Using Other Mail Applications (also applies to external users) 

If you're not using Outlook with Office 365, your encrypted message will contain a link in the message body. 

Select read the message.  

2. Select how you'd like to sign in to read the message. If your email provider is Google, Yahoo, or Microsoft, you can select Sign in with Google, Yahoo, or Microsoft respectively. Otherwise, select sign in with a one-time passcode. 

3. Once you receive the passcode in an email message, make a note of the passcode, then return to the web page where you requested the passcode and enter the passcode, and select CONTINUE. 

4. Each passcode expires after 15 minutes. If that happens, or if you can’t open the message for any reason, start over by opening the attachment again and following the steps. 

The instructions provided below are for the Outlook Web Access client available through a web browser (Edge, Chrome recommended) at https://outlook.office365.com.   

Outlook Web Access (website for email access) 

Send 

To add or remove digital encryption from an individual message that you’re composing: 

1. Go to the top of the message and select the ellipsis (...) > show message options... 

2. Select or deselect Encrypt this message (S/MIME). 

3. You can also send an encrypted message by selecting the Encrypt icon. To add additional restrictions such as Do Not Forward, select Change permissions and choose them from the pull-down menu. 

If you encrypt an outgoing message and OWA can’t verify that all recipients can decrypt the message, you’ll see a notice or warning.  The warning will let you know which recipients may not be able to read the encrypted message. You can then send the message anyway, remove those recipients, or retry to check again. 

Read 

A key icon in the message list or reading pane indicates an encrypted message. If you normally use Conversation view, you will have to open the message in a new window to read it. There will be a link on the message to make this easier.  When you receive an encrypted message, Outlook Web App will check to see if the necessary components are installed to unencrypt the message.  If the components are installed, the message will be decrypted when you open it.  If the necessary components are not installed, you will be prompted to install. 

Reply 

1. To reply to an encrypted message, choose Reply or Reply All. 

2. On the page that appears, type a reply and choose Send. An encrypted copy of your reply message is sent to you. 

• https://support.office.com/en-us/article/send-view-and-reply-to-encrypted-messages-in-outlook-for-pc-eaa43495-9bbb-4fca-922a-df90dee51980?ui=en-US&rs=en-US&ad=US 
• https://support.office.com/en-us/article/encrypt-email-messages-373339cb-bf1a-4509-b296-802a39d801dc#ID0EAABAAA=Newer_versions 
• https://docs.microsoft.com/en-us/office365/securitycompliance/ome#sending-viewing-and-replying-to-encrypted-email-messages