This blog post is about New Message encryption capabilities of office 365 that are based on Azure Information Rights Management. Most of us are already aware of how to set it up and various articles exists on Internet for assistance. You can refer below Microsoft link if you are not aware about its setup/configuration.
This post is not about setting it up but checking how the message appears in Journal and how it appears when you use office 365 e-discovery capabilities.
We need to pass thru below tests mentioned in the article so that we can convince customer Legal teams to approve these capabilities for its implementation in their organization.
To start, there are two ways that most organizations can use this encryption feature
- Using Outlook/OWA –> Do Not Forward and Encrypt default IRM templates
- Use transport rule on Exchange online that detects some text in subject line and based on that Encrypt the message using IRM.
Example: If the word [encrypt] is prepend to the subject of email and message is sent outside the organization than encrypt the message using Azure Rights management template.
We will discuss on these two cases thru out this Post.
Case 1
Message is sent inside the organization
Message Encryption with Subject Line Prepend to [Encrypt] –> Nothing will happen to the message as transport rule is configured to only encrypt when message is sent outside the organization.
Message Encryption using Outlook/OWA default Templates –> Message is encrypted as this capability is based Information Rights management and will be encrypted inside mailbox.
Case 2
Message is sent outside the organization
Message Encryption with Subject Line Prepend to [Encrypt] –> Message is encrypted when it hits transport rule and outside organization id will receive encrypted email but message inside the mailbox itself will not encrypt.
Message Encryption using Outlook/OWA default Templates –> Message is encrypted from the start as it is based on IRM templates which are applied from outlook/OWA itself so email will be encrypted inside sent items of the mailbox.
We will take the CASE 2 discussion further and will see how email message appears when encryption is used by both transport rule as well as when user uses outlook/OWA default IRM templates.
- Email Encrypted inside the Mailbox
Message Encryption with Subject Line Prepend to [Encrypt] –> NO (as its done via transport rule)
Message Encryption using Outlook/OWA default Templates –> Yes (as its based on IRM)
2. Is Email Decrypted in Journal ? (assumption is that JournalReportDecryptionEnabled : True under IRM configuation)
Message Encryption with Subject Line Prepend to [Encrypt] –> Yes (creates two copies, encrypted as well as decrypted)
Message Encryption using Outlook/OWA default Templates –> Yes (creates two copies, encrypted as well as decrypted)
3. Message state in Office 365 eDiscovery Search (export to PST)
Email is discover-able in both situations and you ate able to see message in e-discovery but it differs when exported to PST.
Message Encryption with Subject Line Prepend to [Encrypt] –> Export to PST , message discovery and download original item has no visible difference as message was not encrypted or kept encrypted inside the organization, it is encrypted by transport rule & will appear encrypted only to the outside recipient to whom it was sent.
Message Encryption using Outlook/OWA default Templates –> Message discovery is successful along with message visibility inside e-discovery center but when message results are exported to PST it behaves as encrypted IRM message (that is where customer legal team has some concerns, 4th point kind of resolves their purpose but when they are working with huge number of items it becomes impractical)
4. Message state in Office 365 eDiscovery Search (Download original Item)
Message Encryption with Subject Line Prepend to [Encrypt] –> Export to PST , message discovery and download original item has no visible difference as message was not encrypted or kept encrypted inside the organization, it is encrypted by transport rule & will appear encrypted only to the outside recipient to whom it is sent.
Message Encryption using Outlook/OWA default Templates –> Message discovery is successful along with message visibility inside e-discovery center & thankfully when item is downloaded it is not retaining the IRM protection which is what is a ask by Customers legal departments as they need to know what is inside that message & if its required for the legal suite in question.
Hitting Download Original item will download it as eml format.
Here is the Summary of all the results discussed above.
| Message Encryption with Subject Line Prepend to [Encrypt] | |||||
| Email Encrypted in Mailbox | Email Decrypted in Journal | E-discovery – Pst Export encrypted | Email discoverable | E-discovery – Original Item Download as decrypted | |
| No | Yes (Creates two copies – Encrypted/Decrypted copy) | No | Yes | Yes | |
| Message Encryption using Outlook/OWA default Templates | Email Encrypted in Mailbox | Email Encrypted in Journal | E-discovery – Pst Export encrypted | Email discoverable | E-discovery – Original Item Download as decrypted |
| Yes | Yes (Creates two copies – Encrypted/Decrypted copy) | Yes | Yes | Yes |
I will say it is a good feature but still needs some polishing in terms of discovery to be used effectively by legal departments.
For our customers, most of them agreed for Message Encryption based on transport rule which will eliminate the use of third-party products they are currently using but they need some time for decision on using default outlook/IRM templates as they may need to change their existing process/procedures of exporting of items for the cases(currently many of customers produce PSTs for the suites to provide the data)
Thanks for reading
Sukhija Vikas
Tech Wizard 
Pingback: Office 365 New Message Encryption and Discovery/Journal | Cloud Computers Guide