EHE to Office 365 Message Encryption upgrade FAQ
Applies to: Exchange Online Protection
Topic Last Modified: 2014-10-17
This list gives answers to frequently asked questions about the Exchange Hosted Encryption (EHE) to Office 365 Message Encryption upgrade. If you have questions that aren’t answered below or if you need more information, contact the Office 365 Support team by signing into the Office 365 admin resource center and opening a ticket through the Support option.
Q. My users send encrypted email messages to recipients outside our organization. Is there anything that these recipients have to do differently in order to read and reply to messages that are encrypted with Office 365 Message Encryption?
A. Yes. Recipients outside your organization who receive email messages that are encrypted with Office 365 Message Encryption will sign in to view and reply to encrypted messages in much the same way as before with the EHE process. But instead of entering an EHE-specific user account and password, they will be asked to sign in with a Microsoft Account or the work account they use with Office 365. Recipients who don’t have either of these accounts will be provided with instructions to create a Microsoft account. Alternatively, they can choose to get a one-time passcode. To learn more, see Use a one-time passcode to view an encrypted message.
Q. Do I need to open any URLs, IP addresses, or ports in my organization’s firewall to support Office 365 Message Encryption?
A. Yes. You have to add URLs for Exchange Online to the allow list for your organization to enable authentication for messages encrypted by Office 365 Message Encryption. For a list of Exchange Online URLs, see Office 365 URLs and IP address ranges.
Q. What happens to the transport rules I set up using EHE?
A. After your subscription is established, we will copy all Exchange Transport Rules that enabled the encryption and decryption of email messages using EHE, and create new transport rules to encrypt and decrypt email messages using Office 365 Message Encryption. Here’s what will happen to new and old ETRs:
EHE rules that trigger encryption will be disabled. A new equivalent rule will be created by using Office 365 Message Encryption.
EHE rules that trigger decryption will be disabled. A new equivalent rule will be created that uses Office 365 Message Encryption.
To preserve the order of the rules, the new Office 365 Message Encryption encrypt and decrypt rules will immediately follow the old EHE encrypt and decrypt rules.
The disabled EHE encrypted rule name will be prepended with “Disabled-EHE upgrade”.
The newly created Office 365 rules will have the same names as the old EHE rules except that the names will be prepended with “EHE-Upgrade”.
On the day of the upgrade, after your Office 365 Message Encryption rules have been created and the old EHE rules have been disabled, the Office 365 Message Encryption service will start automatically encrypting email messages.
|You do not have to change, disable, or enable any transport rules as part of EHE upgrade. All of these steps are handled automatically. After the upgrade, do not enable the EHE encrypt rules or create a rule to enable the EHE encrypt service. Doing so will result in email messages not being delivered and the generation of a non-delivery report (NDR).|
Q. How does the upgrade to Office 365 Message Encryption change the way my email users send encrypted messages?
A. This upgrade won’t change the way your email users send encrypted messages. Rules that you set up to trigger encryption will remain unchanged. This means that users can use the same keywords to trigger encryption. For example, if you have set up a rule that requires “sendsecure” in the subject line, users can continue to use that keyword to trigger encryption of outgoing mails. To learn how to set up new rules for Office 365 Message Encryption, see Define rules to encrypt or decrypt email messages.
Q. Will all my email messages that are currently encrypted with EHE be automatically encrypted with the new Office 365 Message Encryption?
A. All email messages that were encrypted with EHE will remain encrypted, using keys from EHE. The condition of these messages won't be affected by Office 365 Message Encryption rules.
Q. Will I be able to access EHE encrypted email messages after the upgrade?
A. Yes. You will be able to view and save EHE encrypted messages until September 30, 2015. However, you cannot reply to or forward EHE encrypted messages from the EHE portal.