Today we will learn how to setup message encryption in office 365, this comes with office 365 E3 + plans.

Many organizations use Ironport , proofpoint or thirdparty tools for achieving this function, if they have o365 E3 plan & still using thirdparty tools for this, than they can switch to office 365 message encryption and reduce their cost as they have already paid for o365 licenses.

First we need to activate the Rights management features.

Go to Admin Portal –> Settings –> Services & add-ins

Click on Microsoft Azure information Protection:

Click on Activate to activate Rights management

Now you need to configure IRM on exchange online so launch Exchange online shell.

SET RMS with key sharing location as per your Tenant Location

Set-IRMConfiguration -RMSOnlineKeySharingLocation https://sp-rms.na.aadrm.com/TenantManagement/ServicePartner.svc

Check by running Get-IRMConfiguration to verify the config:

Import the trusted Publishing domain

Import-RMSTrustedPublishingDomain -RMSOnline -name “RMS Online”

Disable the IRM templates in outlook & OWA as we just want to configure message encryption.

Set-IRMConfiguration -ClientAccessServerEnabled $false

Last step is to enable the message encryption.

Set-IRMConfiguration -InternalLicensingEnabled $true

Now you need to create a transport rule for  encrypting the message that are sent outside your organization.

Lets test the configuration now as a end user.

Now when the recipient receives the message it will be like below:

I will definitely get our organization third-party encryption feature removed and configure this, there are some features like message revoke, message read are not available but still it is a good replacement.

refer message encryption faq to know more:

https://technet.microsoft.com/en-us/library/dn569285.aspx

 

Thanks for reading

Sukhija Vikas

http://SysCloudPro.com