Rights Management and Encryption Part 3: Office 365 Message Encryption
6 hours 59 minutes
security minded cyber professionals
to the M s 3 65 Security Administration course
it is my utmost privilege and extend honor.
Yes, honor to be your instructor for this course. My name is Jim Daniels,
and we are still model for in this 3 65 infant protection lesson to
rights management and encryption
Office 3 65 Message encryption.
You may have guessed what we're learning about based on the intro. However,
just for clarity in this lesson, we're going to learn all about 03 65 message encryption mechanisms
and how to create Mel flu rules. That force of any.
So I'm gonna give a little bit of another day
right now over any is still very viable. There are many organizations that still utilize it. However, in the future,
a lot of the other me based processes
we're going to be slowly phased out and preferred to use a API.
So the unified labeling that utilizes as your information protection
that has labels and triggers and policies across your whole environment because it's unified,
that is preferred
So if your organization already has openly set up, that's cool.
I mean, if your organization looking for message protection from the ground up,
You may want to look at
and applying those 10 place
to your email messages based one
The way marker salt is going
just a little romance.
State of the Union kind of thing. State of the server
office for 65 message encryption over me.
Let me combines email, encryption and rice management capabilities that provide you with a happy
other me and s mind. Both encrypt email messages. However, s mind requires the client sending the message to encrypt that, you know, message using a PK I public infrastructure certificate,
as installed or available on the client computer
over me, uses built and certificates to encrypt messages in office. 3 65 Using transport off the message
before unify Leg one came out.
I did. I didn't use That's mine.
If it was exchange online if we was a officer 65 10 it
we use over any
and less moving parts. Less things to have to set up
definitely has a foothold.
An older tenants
and tenants who aren't ready to move toward you inviolable and yet
o M E ensures only the intended recipient. Confuse a message
again. It's for your I. Only
there has to be some more of the rings fan out there, right? At least one. Maybe.
Okay, all right. For your I only
So I was really. Tourney could have went with Mike Wazowski in Monsters, Inc
for your eye,
but I went straight of Lord of the Rings
No, we'll see.
Well, let's take a closer look at how over me works.
The user sends an email message.
The message is filtered by admin. The fund rules and matches a role for encryption, so it
this feels hurt and masters a trigger.
The message is encrypted without any.
Then it gets sent to the recipient Smell service, which is
any service. Could be Gmail out. Log
Yeah, product Next sovereign begin Anything
in creative messages delivered with HTML attachment
you were sipping opens html attachment. To connect to the portal,
the recipient authenticates by signing in or entering a one time passcodes.
The message is decrypted
recipient views, a message and consent and encrypted reply.
You can send in the primitive reply. However, he cannot afford that message to a user that wasn't one of the initial email
because it's intended to be encrypted.
So if you send other than the message to person, a person A can't open it and forded the person, be
that's my default
person. A views it
remember they just get the html attachment
so it doesn't download when there are local client that go into a protective portal who survived Microsoft toward then they can view and respond to it.
This is how we create a exchangeable on no floral.
We go into the exchange, I'm in center, got a cell phone
of EMI encryption and rice protection to messages.
We're gonna name it of me Trigger
plough the rule if the message properties include this classification.
So it is a data classification. You can also sort a number of different triggers.
You're gonna have it any time a message is sent from this particular address of amazing plot.
Any time it goes to this particular domain of any supplied, any time it has this word in the subject or body other than these applied,
you are very, very flexible with the triggers that you can build in use an exchange melt for
the action after the trigger is we're going to apply over me and rice protection to the message with Apply Over me and rice protection.
This is what it looks like in action.
Here's an example
that was sent to my Gmail. My personal Gino
Gmail person gets it,
and it just says someone saying You're protected message. Read the message. You see, there's a
the tax from the bottom
click and read the message.
It says, How do you want to view the message?
I could see that signing with Google
Federation is enable between Microsoft and Google
Or I can sign in with the once on task
I want complete that.
Here's the mist
So this is what it looks like At the top. We can see the euro is https
that is the hosted portal for Microsoft for over me.
It even has a told him
This message is encrypted. Recipients cannot remove encryption
at the bottom right? We have an example of my Gmail replying to the message.
So even though it says it was sent by me, it actually goes through the message. Import Sources Office 3 65 and messaging that Microsoft dot com.
Yeah, that was actually mind Gmail user,
but because you reply to other me message in the enemy portal,
that's how it comes across.
when a user sends an email message in exchange that matches encryption role,
the message is sent out with
an HTML attachment. True
It's true, right? If a match is that over me, role is going to trigger that.
Remember, with the exchange, Malfoy rules, we have lots of flexibility.
What I would recommend for your mental environment is to map out a scenario based on your business processes
requirement in compliance needs. Toe where, when you need over me applied,
you have a scenario written down and then you go into exchange Mel four and you can create there's triggers for
You can even get reports
Well, how often those rules or apply to the messages provided that you audits
to recap. Today's lesson
over me is a online service that is built on Microsoft Azure Rice Management, which is part of a happy
So Ernie is built on a Oren S, which is a rt.
Acronyms got a little
only uses building certificates to encrypt messages in the 03 65 service during the transport of the message.
You got to do more legwork to get it going. Other than me, if you already have a 3. 65 tenant
is super simple. Ricky, go.
Thank you for joining me. When this lesson about money
before you want something,
I hope to see you next time. Take care.