Encrypted Email in Microsoft 365 – Is it for you?

email lock icon on keyboard depicting encrypted email.jpg


Sending an email is like sending a letter through Canada Post, without an envelope. It can be easily intercepted and read. For this reason, sensitive information should never be sent via regular email.

If you work with sensitive client info information, consider the encrypted email in Office 365 feature.

Email encryption is concealing information in email messages to avoid the contents being read by anyone except the intended recipients.

Think of encrypted email as encloses your email contents in a secure envelope, or message delivery vehicle.

For those working with sensitive information such as social security numbers, login authorizations, or bank account information on a regular basis, it may be time to consider an encrypted email solution.

This will limit your risk of being hacked, and limit your liability in the event of a breach, as reasonable precautions for handling sensitive info are in place.

An Extra Layer of Email Protection

Microsoft knows protecting small business information from cyber attack is more important than ever, so it’s rolling out new security options for Office 365. These regular updates are one of the key ways Office 365 helps small business with general computer security.

While default email messages are encrypted at rest, this doesn’t ensure your information won’t fall into the wrong hands during transit or at the receiving end.

An add on for Office 365 eliminates this vulnerability by offering end-to-end email encryption, suitable for small business use.

It includes security measures on the receiving end, as well. When the intended recipient opens the email in Outlook’s browser login, app, or Windows Mail, they will be sent to a credible Office 365 web page for a temporary pass code, which allows them to view the encrypted message.  With this add on, you also have the ability to encrypt messages that have been downloaded, restricting the forwarding or copying of emails sent from Outlook.com.

Protecting Sensitive Emails with Encryption

Included with their integrated investments in information protection, Microsoft has revealed comprehensive new email encryption and rights protection options with Office 365. Composed on Azure Information Protection, you now have the ability to send secure messages to anyone, whether they belong to your organization or not. These extended capabilities cost an extra $2 per month on your subscription, and you will have to pay for your IT provider to configure this new program.

With message encryption, no message in the thread is left unprotected. This service increases the security of email responses by encrypting each individual message. Message encryption also enables you to utilize the recipient’s email address as the public key, making certificates unnecessary. Encrypted and rights protected messages will be at your fingertips with this add on, allowing you to communicate safely with those inside and outside of your organization using Do Not Forward or custom Rights Management Services templates to allow for B2B and B2C situations.

As for attachments, any kind of file can be attached to encrypted emails, but only certain formats will be protected.  The PDF will not receive additional protection after being opened by the recipient. On the other hand, even after the attachment has been downloaded, Word, Excel, or PowerPoint files are always protected.  This makes Office 365 suite an attractive option for solo professionals in personal finance, mortgages and health care, as well as for small business handling sensitive information, including employee tax forms, payroll, HR files and more.

You can use these state-of-the-art capabilities if you have never set up Online Message Encryption or Information Rights Management for Exchange Online in Office 365. You are also eligible if you have set up these programs and are using Azure Rights Management service from Azure Information Protection.

However, if you are still using Active Directory Rights Management service (AD RMS) within Exchange Online, you won’t have instant access to these new features. Before gaining encryption and rights protection, you must switch from AD RMS to Azure Information Protection. After making the change, you can set up message encryption and be eligible for rights protection. If you want to stay with AD RMS instead of converting to Azure, you won’t have access to these capabilities.  Have a conversation with your IT Provider about your email security today.

Toronto IT Consultants: TUCU in Toronto offers IT services including Office 365 setup and support, and Identity Access Management using Azure AD. We help clients across Canada and the US with their cloud services needs. Please schedule your free consultation to discuss your needs. We’d love to help you setup and manage your cloud & security services.

Related Posts

Ready to make some changes?

Speak to our Toronto IT Consultants for options & an estimate.

Book A Call


More Posts

Free Consultation

Get IT Solutions for your business.