When you need to protect the privacy of an email message, encrypt it. Encrypting an email message in Outlook means it's converted from readable plain text into scrambled cipher text. Only the recipient who has the private key that matches the public key used to encrypt the message can decipher the message for reading. Any recipient without the corresponding private key, however, sees indecipherable text. MDVA uses Microsoft 365 Message Encryption (Information Rights Management).
Two of the features are intended mostly for external recipients. 1. Encrypt Only and 2. Do Not Forward (which also applies encryption but will also disallow forwarding, printing or copying the content). The other two features are intended for internal recipients. 3. Confidential \ All Employees means confidential data that requires protection, but gives all recipients full permissions. Sender can track and revoke content. and 4. Highly Confidential \ All Employees means highly confidential data that allows all employees view, edit, and reply permissions to the content. Data owners can track and revoke content.
This "How To" will demonstrate how to use the "Encrypt-Only" feature.
Sending a secure email is very simple, it can be done in just a few clicks, but this document is detailed and demonstrates what the sender must do to send a secure email, and what the receiver will see and must do to read the message.
Step 1. In Outlook start a New Email. In the new message, select Options in the menu.
Step 2. Click on the down arrow on Permissions.
Step 3. Select “Encrypt-Only”
Step 4. Address your message and compose the body of the message. You may also add attachments to the message which will also be protected by the encryption. In this example, I’ve addressed the message to a yahoo.com email address to demonstrate that this is being sent to an external recipient. When done click "Send".
That is all there is to it. The rest of this document demonstrates what happens on the other side of this communication so that you know what the recipient will likely see on their side. It’s important that you understand this on a basic level in case your recipient has questions about what they received from you. This way, you can offer guidance on what they must do to read the message you’ve sent securely.
Demo 1. The recipient will see the new message notification in their inbox.
Demo 2. When they click on the message to read it, instead of the message you sent they will see instructions which prompts them to authenticate in order to read the actual content of the message. The recipient must click on the "Read this message" link to start the process.
Demo 3. The recipient will be taken to another browser tab which will give them two choices on an authentication method depending on what email service they're using. In the example, yahoo mail was used. The consistent method to authenticate across all platforms is "Sign in with One-time passcode". The rest of this demo covers that method.
Demo 4. After selecting "Sign in with One-time passcode" another message is sent to the recipient's address containing that passcode. They have 15 minutes to receive the message and input the passcode received into the space provided.
Demo 5. The message containing the pass code is show in the recipient's inbox below.
Demo 6. The recipient then selects the new message in their inbox to view the pass code. They can then copy the pass code normally, and paste it in the space provided in "Demo 4".
Demo 7. After pasting the pass code into the space provided, the recipient can select "This is a private computer. Keep me signed in for 12 hours." This will allow them to skip authentication on subsequent new encrypted messages from you for that period of time. Recipient then selects "Continue".
Demo 8. The recipient is then presented with the message you originally sent in readable format. Notice in the address bar that the un-encrypted message is located in Office 365. Not Yahoo Mail. The encrypted message notification is sent to Yahoo Mail in this example, but the readable format of the message is securely kept in Office 365 and cannot be viewed without the authentication token.
Demo 9: The recipient can reply to the message as shown below. Notice that the browser displays "Encrypted Message" and the message footer displays "Message Encryption by Microsoft Office 365". Attachments can be included in the reply and also notice that there are many tools available for formatting the reply.
Demo 10: After the recipient finishes composing their reply and sends it, after a short time the reply will arrive in the sender's inbox. The conversation can continue normally with an additional layer of security. Notice that the message displays the encryption level just over the body of the message.