Situation
Your customer uses Microsoft 365 email services, and you are asked the following question:
We need to send documents by email to business partners and we want to make sure that the information is not forwarded or copied.
Is this possible with the mail service we currently have?
You can tell them yes that there is a way to resolve this situation. The solution is to use Microsoft 365 Sensitivity Label Message Encryption available through Azure Information Protection. This encryption uses sensitivity labels that allow you to collaborate while limiting the use of organizational data.
Context
Nowadays a lot of information travels electronically. The use of email communications is very common as well as all types of information that can be transmitted there.
A lot of information is contained within these electronic communications and for certain reasons and in some cases, it is necessary to control how the information can be used by the recipient.
The purpose of the approach is to try to prevent data leakage and unauthorized actions relating to the transmitted information.
Solution
Using the Microsoft 365 Sensitivity Label Message Encryption not only secures the transmission while it is being sent but can also limit the actions that can be taken with respect to an email and the information it contains.
In our example, the use of the confidentiality label “Do not forward” makes it possible to restrict what can be done with the email and the information it contains.
In the present case, the method makes it possible to control in the following way:
The scenario used shows us that the confidentiality label used, in this case, is ideal when we want to:
“Do Not Forward: Recipients can’t forward the email, print it, or copy from it. For example, in the Outlook client, the Forward button isn’t available, the Save As and Print menu options aren’t available, and you can’t add or change recipients in the To, Cc, or Bcc boxes.”1.
How to use this feature
Outlook desktop
Click New mail to open the window for composing a new mail, then Options, Encrypt and click on Do not forward.
The first time you send encrypted mail the following message appears:
Once the connection to the server has been established, click on Do not forward
Compose the email and click Send
When adding an attachment, the following message will be displayed :
Click on OK to send the message
Outlook web
Click New message to open the window for composing a new mail, then Options, Encrypt and click on Do not forward.
Compose the email and Send
When receiving:
In both cases, regardless of whether the email is sent from Outlook desktop or web, the recipient will see a padlock symbol appear in the email indicating that it is encrypted.
For Microsoft 365 email service users:
“If you receive a protected email message sent to your Microsoft 365 account in Outlook 2016 or Outlook on the web, the message should open like any other message”2.
For non-Microsoft 365 email service users:
“If you’re using a different email service, you may receive a notification that you’ve received a protected message and need to take additional action”3.
Conclusion
As the example has demonstrated, sending an encrypted email using Azure Information Protection is simple and requires no technical knowledge from users.
Receiving an encrypted email also does not require any technical knowledge on the part of the recipient.
The example that was used is suitable for the scenario where we want to:
In this situation the sender required that the propagation of the information be limited.
Nowhere in this document is there any mention of needing to configure anything. The encryption service is automatically activated and configured by Microsoft when a license that contains Azure Protection Information P1 is present in the customer’s 365 environment. Once this license is assigned to a user, the user can use email encryption as demonstrated.
The functionality discussed in this article is included in Microsoft 365 Business Premium.
Don’t hesitate to contact our experts at ITCloud.ca if you need help ensuring your customers’ data is secure.
write to us at partners@itcloud.ca
References
1 – Apply encryption using sensitivity labels | Do not Forward
