Email Encryption – How does Microsoft do it?

As explained in our last Tech Tip, email encryption works by changing plaintext emails into ciphered text that is decryptable with a private key. Office 365, which is Microsoft’s flagship business email product containing both hosted Exchange and Outlook as the email client, automatically offers service-level encryption via Transport Layer Security (TLS), protecting your individual connection to Microsoft’s email servers. Office 365 offers three methods of email encryption when sending encrypted emails to others: Office Message Encryption (OME), Secure/Multipurpose Internet Mail Extensions (S/MIME), and Information Rights Management (IRM). As all of this might sound like a foreign language to you, please find a brief explanation for each method below.

OME allows encrypted email capability to any email address, whether within your Office 365 organization or your long-gone AOL account from 20 years ago. Recipients of your OME-encrypted emails can sign in via their personal or business Microsoft accounts or get a one-time passcode to view the email. Recipients can also send replies via OME that are also encrypted. OME is browser-based, can be branded for your organization, can be automated based on rules, and is managed by Microsoft.

S/MIME relies on sharing of public keys and certificates to both encrypt and sign an email. This keeps data encrypted and verifies the identity of the person who sent the email. This can be useful; however, messages cannot be scanned for malware. Additionally, if a recipient’s private keys are compromised, they must generate a new private key and distribute their new public key to any potential person who will send email to them with S/MIME.

IRM is an email encryption solution that focuses on restrictions. It can, for example, disable the forwarding or printing of emails. It provides protection for emails both online and offline; however, it may not be compatible with all devices. It, like OME, can be automated based on rules defined by the Office 365 administrator.


More about Email Encryption next week!