Send, view, or reply to encrypted messages
Applies to: Exchange Online Protection
Topic Last Modified: 2014-02-17
Messages that are encrypted by Office 365 Message Encryption are delivered to recipient inboxes just like normal email messages but with an added HTML file attachment that enables recipients to sign in to an encryption portal to view the encrypted message. The email message includes instructions for viewing the encrypted message, as in the following example:
Email users in your organization can send encrypted messages the same way they send email messages that are not encrypted. Messages that match admin-defined encryption rules are automatically encrypted and sent to the specified email addresses. Recipients can view and reply to the encrypted messages by following the instructions in the message, as described in the following procedures.
|If a rule requires a keyword, such as “encrypted”, in a subject line, senders can use that keyword in the subject line when they want a message to be encrypted.|
Encrypted email messages arrive in addressee inboxes with an HTML attachment. Upon opening the attachment, recipients see instructions for opening and viewing the attached encrypted email message. Regardless of their type of email service, the experience is the same. The following procedure provides details.To view an encrypted message
Follow the instructions in the email message to save the attachment.
Open the <message>.html file and select the link VIEW YOUR ENCRYPTED MESSAGE.
Sign in to the encryption portal with a Microsoft account or an Office 365 organizational account, as instructed in the message.
Note: The Microsoft account used must have an email address that matches the address in the encrypted message. Otherwise, it will not be accepted.
Recipients who don’t have either of these accounts are instructed to create a Microsoft account using the email address to which the encrypted message was sent. For example, recipients who receive an encrypted message with their @gmail.com email address are asked to create a Microsoft account associated with that address.
Note: If a recipient has already signed into the email account with a Microsoft ID, such as <RecipientName>@outlook.com or <RecipientName>@hotmail.com, the recipient won’t have to sign-in again.
After entering credentials and successfully authenticating, recipients can view the contents of the encrypted message.
Note: If a signed-in recipient is inactive on the portal for more than 15 minutes, the recipient is automatically signed out and the timeout page appears.
Choose Reply or Reply All.
On the new page that appears, type a reply, and choose Send.
Recipients of encrypted messages receive an encrypted copy of any replies they send.
Note: If administrators of the sender’s organization have set a rule to decrypt replies, recipients of these replies won’t have to sign in to the encryption portal to view them. To learn about setting this rule, go to Define rules to encrypt or decrypt email messages.