Today's digital workplace is more connected than ever. We rely on email and other messaging applications to communicate sensitive information such as passwords and social security numbers. This communication is what keeps business moving. 

That said, the growing threat of cybercrime means businesses must consider which actions they take to keep critical data from falling into the wrong hands. As our digital lives become increasingly enmeshed with our work lives, businesses must take action to prevent vital information from being released unintentionally — whether by malicious means or otherwise. 

One way is to use encrypted email messaging. End-to-end encryption technology uses an algorithm to scramble the text in your message, preventing malicious actors from reading your messages and attachments. Only your intended recipients, who hold the decryption key, can view the message. 

Fortunately, Microsoft Office 365 has a built-in email encryption feature you can use to secure your communications. We discuss how and why to use this feature in this quick guide.

Office 365 Email Encryption Setup

You have three options for encrypting emails in Office 365: 

1. Certificate-based encryption: Both parties must install public certificates in order to send and receive encrypted emails with Office 365.
2. Office 365 Message Encryption: OME is a built-in Office 365 feature that allows you to send and receive encrypted emails using Outlook or any other email client. 
3. Third-party extensions: If you want to encrypt messages in Outlook without buying Office 365, you can install reliable third-party add-ins.

All of Microsoft's Office products, including Office 365, Windows 10 and Enterprise Mobility + Security, come together to protect your sensitive data without hindering workplace productivity. Microsoft Office message encryption is a user-friendly part of this holistic approach to modern threat defense. Get started by following these easy steps.

How To Send an Encrypted Message

Once you have composed your email as you normally would, add your intended recipient and select Options --> Encrypt. Different protection options may appear. Choose the one that best fits the contents of your message.

While you will see some pre-defined options from your admin, you can always apply your own rule to the message. For example, you can set a rule that requires a message to be encrypted if it is sent outside of your organization.

How To Open Encrypted Emails

If you are on the receiving end of an encrypted message, here is what you can expect. Usually, encrypted messages will feature the words [Secure] in the subject line to alert you that the message is confidential. The message text will also state that you have received an encrypted message.

To open the message, follow these steps:

1. If you are a Microsoft 365 user, click the attachment. A new page will open in your web browser stating that you have received an encrypted message. 
2. If you are a non-Microsoft 365 user, click on the link in the body of the message.
3. You will see two options to view the message: "Sign in" or “Use a one-time passcode.” 
4. Click “Sign in” if you are the only user who will be receiving and viewing the message.
5. Select “One-time passcode” if you want to be able to send the message to others. The passcode will be sent to your email and will expire after 15 minutes. Once you receive your passcode, you can copy it and paste it into the encrypted message browser.
6. After you select continue, you will be able to view the message and open any attachments.

To respond to an encrypted message, simply choose either “Reply” or “Reply all” directly on the encrypted email. A separate page will then appear where you can type your reply. When you are done, select send. You will also receive a copy of the encrypted message. 

How To Set Up Message Encryption in Microsoft Office 365

If you want to forward or share an attachment from an encrypted message, it is important to select the correct sensitivity label. This can be easily done after opening your attachment by using the Azure Information Protection Toolbar, which appears at the top of the attached document. This toolbar respects the policies your organization created for secure attachments or messages, and you can select a sensitivity option directly in the document. The five most basic options include:

1. Personal
2. Public
3. Internal
4. Confidential
5. Secret

Once you select the option appropriate for your message, you can save your attachment and encrypt it in a new message to send.

Advantages of Adding Email Encryption to Your Office 365 Account

Using OME in your Office 365 account can help your company in many ways. For example, using Office 365's built-in encryption feature saves your company money by eliminating the need to purchase individual email servers. 

Some other advantages include:

Stricter Cybersecurity

Social engineering, identity theft and message replay attacks are serious threats to any business that regularly sends sensitive information over email. Message replay attacks are an excellent example. In a message replay attack, a hacker intercepts and saves an unprotected email from your network. They will then either delay or resend the message to trick the recipient into giving them sensitive data.

Email encryption reduces the risk of this issue with tools like one-time passwords and random session keys, which prevent unauthorized users from gaining access to secure network communications.

Compliance Management

Businesses that regularly deal with sensitive personal information must comply with strict legal guidelines and industry regulations. Many of these standards require companies to use advanced technologies like email encryption in order to maintain their compliant status.

For example, HIPAA's Security Rule requires healthcare providers to use technical safeguards such as email encryption to protect patients' electronic protected health information (ePHI). Additionally, the GDPR standard strongly encourages companies doing business in the European Union to encrypt sensitive emails to protect personal and company privacy.