Office 365 provides automatic and manual mechanisms to send secure email. Sending secure email will result in the contents being encrypted to the recipients. The process for reading encrypted email will vary depending on the recipient:
- Recipients who are within the state and registered in the Office 365 state shared tenant and accessing the encrypted email from Outlook or the Outlook web portal will be able to read the email without any additional decryption steps.
- Recipients who are at a Microsoft email destination such as @live.com or @outlook.com, or in another Microsoft Office 365 tenant, and accessing email from Outlook or the Outlook web portal will be able to read the email without any additional decryption steps.
- All other recipients, including out of state, and state agencies who are not registered in an Office 365 tenant will have to use the process outlined below to access encrypted email.
See the guide on reading secure email for details on the process of accessing encrypted email.
Manually Sending Secure Mail
In order to encrypt outgoing email, there are several available options.
Option 1: Using the [secure] keyword
Using the secure keyword with brackets in the subject of an email as shown below, will cause the email to be encrypted to all the recipients.
Option 2: Using the “Confidential” property
Setting the “Sensitivity” option to “Confidential” for an email as shown below, will also cause the email to be encrypted to all the recipients. This property can be found from the File / Info menu of an email.
Data Loss Prevention – Automatic Mail Encryption
Office 365’s Data Loss Prevention (DLP) feature will automatically encrypt outgoing email if certain criteria are met. If an outgoing email contains Social Security Numbers or IP addresses, then the email will be automatically encrypted to all recipients. Automatic encryption occurs if the following criteria are met as shown below:
- Social Security Number: This could be a Social Security number without any additional keywords
- IP Address: Automatic encryption only occurs if the email not only contains the IP address, but also the keywords “IP Address” in the email
If you have sensitive data to send and want to make life easier for the recipient, put the data in a secure location and send a link rather than including it in an email. This way you know the recipient will receive the email and leverage existing login protocols to see the data where it is safely stored.