Send encrypted emails to anyone using Office 365!

Have you ever needed to send an email to someone, but didn’t want them to forward the email nor copy sensitive text out of the attachment or email? You probably only want the intended recipient to view the email, and not accessible to anyone else. In other words, you probably want that email to be encrypted. If you are an Office 365 subscriber – you have this capability today: Office 365 Message Encryption (OME)! Would this be useful in your environment? If so, read on…

OME enables only the intended recipient to open the message using their identity: Azure AD, Office 365, Microsoft Account, Gmail, or a One Time Passcode (OTP). Once accessed, they can read the email but based on your policy they cannot forward the email – and they have read only of the attachments (and cannot download the attachments).

Let’s take a look at the user experience and what OME is all about!

IMPORTANT: For the full technical documentation on how to setup and the IT Admin configuration that is required see: Office 365 Message Encryption and Set up new Office 365 Message Encryption capabilities for more information.

Sending the email:

I am going to send an email to a Gmail account. Office 365 Message Encryption in my environment is configured using a Mail Flow rule in Exchange Online to apply encryption to any email leaving my organization that has the key words of Sales Quote. I am also going to send the same email to a account. I’ll explain later why the two accounts.

The message will now be received at Gmail and Note the experience (subject line and body of message) in Gmail:

The email is encrypted. To view its contents I am going to click “Read the message”. A new browser window will appear asking me to authenticate. From here I can use my Gmail (Google) credentials to view the email– or a One Time Passcode emailed to me:

For purposes of this demo I am going to click Or,sign in with a one-time passcode. The OTP will be emailed to me:


Next, I am going to type in the OTP to gain access to the encrypted email:

Once I have authenticated using the OTP, I can now view the contents of the encrypted email. Notice how the Forward button is grayed out and the email is only viewable in the browser. Even right click functionality is disabled!


If I try to open the attached document, I can download it, but once opened I can view the text but cannot cut/copy text out of the document (it is protected). Also, notice how I cannot take a screen shot – it’s blacked out!

Pretty cool huh? Remember I also sent the same email to an address.
IMPORTANT: and Azure AD (Office 365) subscribers, will never have to authenticate using a OTP or have a secure browser session – pass thru authentication will enable the recipient to view the email within the email application. Here’s what this looks like in without having to take any additional action to read the encrypted email (note the forward button is also grayed out)


Depending on you business scenario Office 365 Message Encryption may help you to stay compliant and ensure that only intended recipient can view your email, and stay confident the information in the email will be protected. Enjoy!

Understanding Office365 Security Capabilities

So you want to learn more about the security capabilities in Microsoft Office 365? You’ve come to the right place! Below is a list of resources that will provide you with a good foundational knowledge of the various advanced security workloads in Office365. Stay tuned as I will update this list periodically.

Start Here -> Office365 Trust Center


Office 365 Secure Productive Enterprise

Getting Started:

Address your CXO’s top five cloud security concerns

Take control of your security and compliance with Office 365

Learn how Office 365 security and compliance leverages intelligence in a cloud first world

Secure Office 365 like a cybersecurity pro—assessing risk and implementing controls

Own your data with next generation access control technology in Office 365

General Data Protection Regulation (GDPR)

How Does Microsoft IT Secure Office 365?

Keep calm and automate: How we secure the Office 365 service

Office 365 Secure Score:

Introducing the Office 365 Secure Score

Learn about Office 365 Secure Score: actionable security analytics

An introduction to Office 365 Secure score

New Office 365 capabilities help you proactively manage security and compliance risk

Advanced Threat Analytics:

Learn how Microsoft Advanced Threat Analytics combats persistent threats

Plan and deploy Microsoft Advanced Threat Analytics the right way

Advanced Security Management:

Overview of Advanced Security Management in Office 365

Get started with Advanced Security Management

Gain visibility and control with Office 365 Advanced Security Management

Advanced Threat Protection:

Introducing Office 365 Advanced Threat Protection

Advanced threat protection for safe attachments and safe links

Learn about advancements in Office 365 Advanced Threat Protection

Data Loss Prevention:

Protect your sensitive information with Office 365 Data Loss Prevention

Customize and tune Microsoft Office 365 Data Loss Prevention

Customer Lockbox:

Announcing Customer Lockbox for Office 365

Office 365 Customer Lockbox Requests


Building security and compliance solutions with the O365 Activity API – a Microsoft IT case study


Deliver management and security at scale to Office 365 with Azure Active Directory

Secure your Active Directory to mitigate risk in the cloud


Implement Microsoft Exchange Online Protection

Get an edge over attackers – what you need to know about email threats

Understand how Microsoft protects you against Spoof, Phish, Malware, and Spam emails

Learn about advancements in Office 365 Advanced Threat Protection

Advanced eDiscovery:

Office 365 Advanced eDiscovery

Video: Office 365 Advanced eDiscovery

Reduce costs and challenges with Office 365 eDiscovery and Analytics

Azure Information Protection:

What is Azure Rights Management?

Information Protection and Control (IPC) in Office 365 with Microsoft Rights Management service (RMS) whitepaper

Collaborate confidently using Rights Management

Adopt a comprehensive identity-driven solution for protecting and sharing data securely

Mobile Devices:

Secure access to Office 365, SaaS, and on-premises apps and files with Azure AD and Intune

Deliver a BYOD program that employees and security teams will love with Microsoft Intune

Manage BYOD and corporate-owned devices with MDM solutions

Secure Android devices and apps with Microsoft Intune


Introducing Office 365 Message Encryption: Send encrypted emails to anyone!

Encryption in Office 365

Challenge cloud encryption myths and learn about Office 365 BYOK plans

Windows Defender Advanced Threat Protection:

Detect and respond to advanced and targeted attacks with Windows Defender ATP

Advanced Data Governance:

Advanced Data Governance overview

Take control of your data with intelligent data governance in Office 365

Applying intelligence to security and compliance in Office 365

Threat Intelligence:

Applying intelligence to security and compliance in Office 365

Resource I will post soon: Enterprise Mobility Suite, AppLocker, Credential Guard, Device Guard, Windows Hello, Windows Information Protection, Cloud App Protection, Azure Active Directory Premium.