This is a transcript of the video 10 Minute Tips & Tricks with J. Peter Bruzzese Azure Information Protection: Office 365 Encryption.
In this lesson, we will review the encryption options available to an end user when they have AIP enabled. Enabling Azure Information Protection gives users the ability to send encrypted and rights protected messages. There are default options available that end users can apply ad-hoc or manually to an email behind the scenes.
Administrators can use AIP to do all sorts of interesting things without a user even being involved in the process and they can also add to the types of options available. However, in this particular lesson, we’ll only focus on the encryption option. Office 365 message encryption is built on top of Azure Information Protection. The best part about this option is that you can encrypt your email and it remains protected whether you send it to someone in your organization, or to someone outside your organization. When you do send it to someone outside your organization, either another Office 365 organization or an on-premises email environment, or a Gmail account, and so on, the email remains protected.
If the recipient is using Outlook, the experience is seamless, and they can see the encrypted message. But if they aren’t using Outlook, let’s say in the case of a Gmail account, the recipient receives an email that includes a limited time web link provided by Office 365, and the recipient doesn’t have to install any software.
Instead, they’re given the ability to access a separate page set up my Office 365, so that they can access that email. Let’s look at how this is done in both Outlook and Outlook on the Web because the process is different for each, and we’ll look at how the recipient receives those messages, what that looks like to the end user whether they’re using outlook or they’re using Gmail, you’ll get a chance to see what it looks like to both the sender and the recipient.
OK, so for starters, what you see here is a person logged into Outlook on the Web called Travis Walker and because their administrator has enabled Azure Information Protection for their organization, and because Travis has an account that can take advantage of that. He has the proper licensing through Office 365, well in that case when Travis goes to click new message notice he’s given the option to encrypt this message.
Now, some may see the word protect instead of encrypting in this version, if the interface is the latest version of the Office 365 interface. However, if you haven’t selected to use the latest interface. You would still see ‘protect’ instead of ‘encrypting’ as this option.
Now, when we click encrypt notice, it says this message is encrypted recipients can’t remove encryption if we click change permissions. We can see that we can choose other types of permissions. There’s confidential, and then there’s confidential view only, and do not forward.
These are all connected back to rights management and will talk about these in a future lesson. For now, will stick with encrypt and we’ll send this email to two different types of mailboxes. We’ll put in a subject line and a brief message.
Now in this case, the first email that is going to an account that is in Office 365. The second one is going to a Gmail account, if we hit Send, off it goes now. This is through Outlook on the Web, how would we do the same thing using the Outlook application itself? Let’s take a look.
So, here we are in Outlook 2019 and we’ve connected to Travis’ account. If we wanted to send an encrypted message from here, we would click New Email, and we can apply encryption in two different ways, we could go to Options, Permission, Encrypt-Only, or we could go to File, Set Permissions, Encrypt-Only and this would put encryption on that message.
So, we can see, there are different ways to encrypt the message depending on whether we’re using Outlook or Outlook on the Web. Now, what does that message look like to the recipient? Well, if we just scroll down, we have H Freemont’s mailbox connected right here in Outlook, if we select the Inbox. Here we see the message from Travis Walker, it says Encrypt-Only. This message is encrypted. Recipients can’t remove encryption. But they can see the message, they didn’t have to do anything special in order to see this message and that’s because they’re using Outlook the same would be true with outlook on the web. Let’s see how it works with the Gmail account.
Well, here we can see we have the message from Travis Walker. We click to open the message but notice. It doesn’t show us the message. It says Travis has sent a protected message, if we click Read the message. It gives us an option of either signing into view the message with Google or signing in with a one-time passcode. Well, we could sign in with our Google account, but let’s see what happens when we click sign in with a one-time passcode. It says they sent a one-time passcode, so if we go back to our Inbox, there’s the code.
OK. We could choose This is a private computer. Keep me signed in for 12 hours. But in this case, I don’t think will need that much time to see this message. And, notice we’re taken to a special page that doesn’t give us a lot in terms of options. It shows us the message itself. It tells us that the message is encrypted, and it gives us options to Reply, Reply all, Forward or Print. But again, the message itself is encrypted and we appreciate that it’s locked in through Office 365.
So even though this email was sent outside the organization to two different accounts. One ‘@elevareskills.com’, the other ‘@gmail.com’, in both cases, the recipients were able to open this encrypted message, but the message remains protected through encryption.