Send, view, and reply to encrypted messages


Applies to: Exchange Online, Exchange Online Protection, Office 365

Topic Last Modified: 2016-08-25

A message that is encrypted by Office 365 Message Encryption is delivered to a recipient’s inbox just like any other email message, but it contains an HTML file attachment. After opening the attachment, the recipient can sign in or use a one-time passcode to view the message on the Office 365 Message Encryption portal. The email includes instructions for viewing the encrypted message, as in the following example (the attachment is highlighted):

An Office 365 Encryption message

There are two primary ways to send encrypted messages. You can set up admin-defined encryption rules, as described in Define rules to encrypt or decrypt email messages, which automatically encrypt messages meeting certain criteria. For instance, you can create a rule that encrypts all messages sent outside your organization. (In this case, the sender doesn’t have to take extra steps to encrypt the message.)

Alternatively, you can create a rule that gives the sender the ability to encrypt messages at will. For example, a rule can initiate encryption for each message where the sender adds “encrypt” to the subject line.

An encrypted email message arrives in the recipient’s inbox with an HTML attachment. After opening the attachment, recipients see instructions for opening and viewing the message. Regardless of their type of email service, the experience is the same. The recipient can choose to sign in with a work account associated with Office 365, with a Microsoft account. Alternatively, the recipient can choose to use a one-time passcode if, for example, they don't have a work account or a Microsoft account and don’t want to create a new Microsoft account. To learn more, see Use a one-time passcode to view an encrypted message.

View an encrypted message with a Microsoft Account

An administrator can set a rule to automatically decrypt replies. This means that the recipients of your reply don’t have to sign in to the encryption portal to view the message. To learn about setting this rule, go to Define rules to encrypt or decrypt email messages.

To view an encrypted message using a Microsoft account
  1. Follow the instructions in the email message to save the attachment.

  2. Open the message.html file and select Sign in.

    Sign in to view your encrypted message
    If a message appears that asks if you want to submit information to an external page, choose OK. You may also need to allow pop-ups, if your web browser blocks them.
  3. Sign in to the encryption portal with a Microsoft account, as instructed in the message. If you don’t have a Microsoft account, you can choose the option to create one associated with your email address. (You’ll have to fill out a form and complete a verification step.) In order to view the encrypted message, he email address for the Microsoft account must match the address to which the encrypted message was sent.

    If you’re already signed in, you won’t have to sign in again.

  4. After signing in, you can view the contents of the encrypted message.

    If you are inactive for more than 15 minutes, you are automatically signed out of the encryption portal.
To reply to an encrypted message
  1. Choose Reply or Reply All.

  2. On the page that appears, type a reply and choose Send. An encrypted copy of your reply message is sent to you.