Rights Management and Encryption Part 3: Office 365 Message Encryption

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
or

Already have an account? Sign In »

Time
6 hours 59 minutes
Difficulty
Intermediate
CEU/CPE
7
Video Transcription
00:00
welcome back
00:02
security minded cyber professionals
00:05
to the M s 3 65 Security Administration course
00:09
it is my utmost privilege and extend honor.
00:15
Yes, honor to be your instructor for this course. My name is Jim Daniels,
00:20
and we are still model for in this 3 65 infant protection lesson to
00:26
rights management and encryption
00:29
Office 3 65 Message encryption.
00:33
You may have guessed what we're learning about based on the intro. However,
00:38
just for clarity in this lesson, we're going to learn all about 03 65 message encryption mechanisms
00:46
and how to create Mel flu rules. That force of any.
00:51
So I'm gonna give a little bit of another day
00:53
right now over any is still very viable. There are many organizations that still utilize it. However, in the future,
01:03
a lot of the other me based processes
01:06
we're going to be slowly phased out and preferred to use a API.
01:11
So the unified labeling that utilizes as your information protection
01:17
that has labels and triggers and policies across your whole environment because it's unified,
01:23
that is preferred
01:26
moving for,
01:26
So if your organization already has openly set up, that's cool.
01:30
I mean, if your organization looking for message protection from the ground up,
01:34
You may want to look at
01:37
unified labeling
01:38
and applying those 10 place
01:40
to your email messages based one
01:44
The way marker salt is going
01:47
just a little romance.
01:49
State of the Union kind of thing. State of the server
01:53
office for 65 message encryption over me.
01:57
Let me combines email, encryption and rice management capabilities that provide you with a happy
02:05
other me and s mind. Both encrypt email messages. However, s mind requires the client sending the message to encrypt that, you know, message using a PK I public infrastructure certificate,
02:15
as installed or available on the client computer
02:20
over me, uses built and certificates to encrypt messages in office. 3 65 Using transport off the message
02:30
before unify Leg one came out.
02:32
I did. I didn't use That's mine.
02:35
No.
02:36
If it was exchange online if we was a officer 65 10 it
02:39
we use over any
02:42
let's headache
02:43
and less moving parts. Less things to have to set up
02:49
so many
02:51
definitely has a foothold.
02:53
An older tenants
02:54
and tenants who aren't ready to move toward you inviolable and yet
03:01
o M E ensures only the intended recipient. Confuse a message
03:07
again. It's for your I. Only
03:14
there has to be some more of the rings fan out there, right? At least one. Maybe.
03:17
Maybe.
03:19
Okay, all right. For your I only
03:23
So I was really. Tourney could have went with Mike Wazowski in Monsters, Inc
03:28
for your eye,
03:29
but I went straight of Lord of the Rings
03:30
Eyes are
03:36
No, we'll see.
03:45
Well, let's take a closer look at how over me works.
03:50
The user sends an email message.
03:53
The message is filtered by admin. The fund rules and matches a role for encryption, so it
03:58
this feels hurt and masters a trigger.
04:00
The message is encrypted without any.
04:03
Then it gets sent to the recipient Smell service, which is
04:09
any service. Could be Gmail out. Log
04:12
Yeah, product Next sovereign begin Anything
04:15
in creative messages delivered with HTML attachment
04:18
you were sipping opens html attachment. To connect to the portal,
04:24
the recipient authenticates by signing in or entering a one time passcodes.
04:29
The message is decrypted
04:30
recipient views, a message and consent and encrypted reply.
04:35
You can send in the primitive reply. However, he cannot afford that message to a user that wasn't one of the initial email
04:43
because it's intended to be encrypted.
04:45
So if you send other than the message to person, a person A can't open it and forded the person, be
04:50
that's my default
04:53
person. A views it
04:55
remember they just get the html attachment
04:58
so it doesn't download when there are local client that go into a protective portal who survived Microsoft toward then they can view and respond to it.
05:08
This is how we create a exchangeable on no floral.
05:12
We go into the exchange, I'm in center, got a cell phone
05:15
liberal,
05:15
applying
05:16
of EMI encryption and rice protection to messages.
05:20
We're gonna name it of me Trigger
05:23
plough the rule if the message properties include this classification.
05:28
So it is a data classification. You can also sort a number of different triggers.
05:32
You're gonna have it any time a message is sent from this particular address of amazing plot.
05:38
Any time it goes to this particular domain of any supplied, any time it has this word in the subject or body other than these applied,
05:46
you are very, very flexible with the triggers that you can build in use an exchange melt for
05:53
the action after the trigger is we're going to apply over me and rice protection to the message with Apply Over me and rice protection.
06:02
This is what it looks like in action.
06:04
Here's an example
06:05
that was sent to my Gmail. My personal Gino
06:11
Gmail person gets it,
06:13
and it just says someone saying You're protected message. Read the message. You see, there's a
06:18
the tax from the bottom
06:19
click and read the message.
06:21
It says, How do you want to view the message?
06:25
I could see that signing with Google
06:27
because
06:28
Federation is enable between Microsoft and Google
06:30
Or I can sign in with the once on task
06:34
I want complete that.
06:36
Here's the mist
06:38
So this is what it looks like At the top. We can see the euro is https
06:44
that is the hosted portal for Microsoft for over me.
06:49
It even has a told him
06:50
This message is encrypted. Recipients cannot remove encryption
06:57
at the bottom right? We have an example of my Gmail replying to the message.
07:03
So even though it says it was sent by me, it actually goes through the message. Import Sources Office 3 65 and messaging that Microsoft dot com.
07:12
Yeah, that was actually mind Gmail user,
07:15
but because you reply to other me message in the enemy portal,
07:18
that's how it comes across.
07:21
Quizzed on
07:23
when a user sends an email message in exchange that matches encryption role,
07:28
the message is sent out with
07:30
an HTML attachment. True
07:31
or false?
07:34
Correct answer.
07:35
It's true, right? If a match is that over me, role is going to trigger that.
07:42
Remember, with the exchange, Malfoy rules, we have lots of flexibility.
07:46
What I would recommend for your mental environment is to map out a scenario based on your business processes
07:54
requirement in compliance needs. Toe where, when you need over me applied,
07:58
you have a scenario written down and then you go into exchange Mel four and you can create there's triggers for
08:07
You can even get reports
08:09
Well, how often those rules or apply to the messages provided that you audits
08:13
those rules
08:16
to recap. Today's lesson
08:18
over me is a online service that is built on Microsoft Azure Rice Management, which is part of a happy
08:26
So Ernie is built on a Oren S, which is a rt.
08:30
Acronyms got a little
08:33
only uses building certificates to encrypt messages in the 03 65 service during the transport of the message.
08:41
It's mine.
08:41
You got to do more legwork to get it going. Other than me, if you already have a 3. 65 tenant
08:46
is super simple. Ricky, go.
08:50
Thank you for joining me. When this lesson about money
08:54
before you want something,
08:56
I hope to see you next time. Take care.
Up Next
MS-500: Microsoft 365 Security Administration

The Microsoft 365 Security Administration course is designed to prepare students to take and pass the MS-500 certification exam. The course covers the four domains of the exam, providing students with the knowledge and skills they need to earn their credential.

Instructed By