Export (0) Print
Expand All

Define rules to encrypt or decrypt email messages

 

Applies to: Exchange Online Protection, Exchange Online

Topic Last Modified: 2014-03-12

As an administrator, you can create transport rules to enable Microsoft Office 365 Message Encryption. This service lets you encrypt outgoing email messages and remove encryption from incoming encrypted replies to those messages, depending on conditions defined in the rule. You can use the Exchange admin center (EAC) or Windows PowerShell cmdlets for Exchange Online to create these rules.

NoteNote:
To use the procedures in this topic, your organization must have Windows Azure Rights Management set up for Office 365 Message Encryption, as described in Set up Windows Azure Rights Management for Office 365 Message Encryption.

You can define transport rules for triggering email message encryption by using the EAC or Windows PowerShell cmdlets for Exchange Online.

To create a rule for encrypting email messages by using the EAC
  1. From the EAC, go to mail flow > rules > New. If you need help to become familiar with the EAC, see Exchange Admin Center in Exchange Online.

  2. Select + > Create a new rule.

  3. In Name, type a name for the rule, such as Encrypt mail for DrToniRamos@hotmail.com.

  4. In Apply this rule if select a condition, and enter a value if necessary. For example, to encrypt messages going to DrToniRamos@hotmail.com:

    1. In Apply this rule if, select the recipient is.

    2. Select an existing name from the contact list or type a new email address in the check names box.

      To select an existing name, select it from the list and then click OK.

      To enter a new name, type an email address in the check names box and then select check names > add > OK.

  5. To add more conditions, select add condition and select from the list. For example, to specify that the previous rule applies only if the recipient is outside your organization:

    1. Select add condition and then select The recipient is located > Outside the organization.

    2. Select OK.

  6. To enable encryption, in Do the following, select Modify the message security > Apply Office 365 Message Encryption, as shown below, and then select Save. You can select add action if you want to specify another action.

    Apply encryption rule
To create a rule for encrypting email messages by using PowerShell cmdlets
  1. Connect to Office 365 using Remote PowerShell, as described in Connect to Exchange Online using Remote PowerShell.

  2. Define a rule with the ApplyOME attribute set to True. For example, to require that all email messages that are addressed to drToniramos@hotmail.com must be encrypted, type:

    New-TransportRule "Encrypt rule for drtoniramos" -SentTo "drtoniRamos@hotmail.com" -SentToScope "NotInOrganization" -ApplyOME $true
    

    Where:

     

    This parameter Specifies:

    New-TransportRule "Encrypt rule for drtoniramos@hotmail.com"

    Name of the new rule

    -SentTo "drtoniramos@hotmail.com"

    Condition 1

    -SentToScope "NotinOrganization"

    Condition 2

    -ApplyOME $true

    Encrypt the message

When your email users send encrypted messages, recipients of those messages can respond with encrypted replies. You can create transport rules to automatically remove encryption from replies so email users in your organization don’t have to sign in to the encryption portal to view them. You can use the EAC or Windows PowerShell cmdlets to define those rules.

To create a rule for removing encryption from email replies by using the EAC
  1. From the EAC, go to Mail flow > + > Create a new rule.

  2. In Name, type a name for the rule, such as Remove encryption from incoming mail.

  3. In Apply this rule if, select the conditions where encryption should be removed from messages, such as The recipient is located > Inside the organization.

  4. In Do the following, select Modify the message security > Remove Office 365 Message Encryption.

  5. Select Save.

To create a rule to remove encryption from email replies by using PowerShell cmdlets
  1. Connect to Exchange Online using Remote PowerShell.

  2. Define a rule with the RemoveOME parameter. For example:

    New-transportrule -name "Remove encryption from incoming mail" -SentToScope "InOrganization" -RemoveOME $true
    

    Where:

     

    This parameter Specifies:

    New-TransportRule "Remove encryption from incoming mail"

    Name of the new rule

    -SentToScope "InOrganization"

    Condition

    -RemoveOME $true

    Encrypt the message

 
Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft