Send, view, and reply to encrypted messages
Applies to: Exchange Online Protection
Topic Last Modified: 2014-10-16
A message that is encrypted by Office 365 Message Encryption is delivered to a recipient’s inbox just like any other email message, but it contains an HTML file attachment. After opening the attachment, the recipient can sign in or use a one-time passcode to view the message on the Office 365 Message Encryption portal. The email includes instructions for viewing the encrypted message, as in the following example (the attachment is highlighted):
There are two primary ways to send encrypted messages. You can set up admin-defined encryption rules, as described in Define rules to encrypt or decrypt email messages, which automatically encrypt messages meeting certain criteria. For instance, you can create a rule that encrypts all messages sent outside your organization. (In this case, the sender doesn’t have to take extra steps to encrypt the message.)
Alternatively, you can create a rule that gives the sender the ability to encrypt messages at will. For example, a rule can initiate encryption for each message where the sender adds “encrypt” to the subject line.
An encrypted email message arrives in the recipient’s inbox with an HTML attachment. After opening the attachment, recipients see instructions for opening and viewing the message. Regardless of their type of email service, the experience is the same. The recipient can choose to sign in with a work account associated with Office 365 or with a Microsoft account.
|If the recipient does not have either of these accounts and doesn’t want to create a new Microsoft account, the recipient can use a one-time passcode to view the message instead. To learn more, see Use a one-time passcode to view an encrypted message.|
Follow the instructions in the email message to save the attachment.
Open the message.html file and select SIGN IN AND VIEW YOUR ENCRYPTED MESSAGE.
Tip: If a message appears that asks if you want to submit information to an external page, choose OK. You may also need to allow pop ups, if your web browser blocks them.
Sign in to the encryption portal with a Microsoft account, as instructed in the message. If you don’t have a Microsoft account, you can choose the option to create one associated with your email address. (You’ll have to fill out a form and complete a verification step.) The email address for the Microsoft account must match the address the encrypted message is sent to.
In the case where you’re already signed in, you won’t have to sign in again.
After signing in, you can view the contents of the encrypted message.
Note: If you are inactive for more than 15 minutes, you are automatically signed out of the encryption portal.
Choose Reply or Reply All.
On the page that appears, type a reply and choose Send. An encrypted copy of your reply message is sent to you.
Note: An administrator can set a rule to decrypt replies so recipients of those replies don’t have to sign in to the encryption portal to view them. To learn about setting this rule, go to Define rules to encrypt or decrypt email messages.