Without email encryption, messages go over the internet in clear text. This makes them easy to intercept. When at rest, the messages may not be encrypted, either, particularly on the recipient’s machine without special protection. This makes them easier to steal.

Historically, however, encrypted email users have had to worry about their recipients having to use a portal, which requires registration and using a new email interface. Even worse are systems that require users to manually manage encryption keys. Administrative adjustments have been complex, too. Now, however, all this is much easier.

A Simple Example

I’m going to show you a few screenshots I took when I sent an encrypted email message from the current version of Outlook for Office 365 to my spouse’s Gmail account. Here’s what I did to encrypt the message:

After composing the message, I clicked on the Options tab. From the Options ribbon, I clicked the little black triangle in the Permission section. In the “Set permission on this item” pop-up, I clicked CGNET’s name, In the next pop-up, I clicked “Encrypt-Only.” Then I clicked Send, and the encrypted email was sent.

I really like that I could choose whether to encrypt the message or not. This voluntary feature makes the system more appealing to users, who will feel in control. If you want to, however, admins can set policies to make encryption mandatory in all or some cases.

What my spouse received looked like this:

To read the message, you begin by clicking “Read the message.” That takes you here:

This looks a little complicated. It turns out, however, that if a Gmail user clicks on “Sign in with Google,” the very next thing they see is the message. Sign-in has already happened. This was the next thing my spouse saw:

The Effort Involved

For the sender, encrypting the message took three additional clicks. For the receiver, opening the message took only two clicks. I think this is simple enough for most users. Also, note in the picture above that “Recipients can’t remove encryption.” Even on the recipient’s hard drive, the message is safe. Finally, the latest releases of Outlook make the procedures for sending to people within or outside your organization the same. One procedure fits all.

The only thing admins have to do to enable this encryption is to ensure that Azure Rights Management is active in your organization’s Office 365 tenant. Usually Azure RMS is activated by default. If you want to make sure it is, see this article. Office 365 Message Encryption is included in Office 365 Enterprise E3, which is the usual license sold to nonprofits. If you have another license, such as E1, you will have to purchase and add Azure Information Protection Plan 1.

If, as an administrator, you want to do something more complicated, such as setting policies to determine what gets encrypted, without the user being involved, there are several articles you can read, which you can find here. As usual with Microsoft documents, a list of articles will be in the left-hand list, in addition to the many links in the article.

The point, however, is that fussy users will have a lot less to complain about, so now email encryption in your organization may be feasible.