Product Navigation

Master Office 365 Email Encryption Process to Secure Emails

Overview To Office 365 Mail Protection

The process of Encrypting an information is encoding the piece of code so that only an authorized recipient can decode and access that information. Office 365 email encryption allow users to send encrypted emails to protect their sensitive piece of data. The encrypted emails of O365 can be sent to any of the email services- Gmail, Yahoo, Lotus Notes, Exchange Server etc which when decrypted can be accessed. Office 365 advanced threat protection can basically be utilised in two ways:

  • As a Service
  • As a Customer control

Service Encryption is used by default in Office 365 for which the user doesn't need to configure anything. For example, Office 365 uses Transport Layer Security (TLS) to encrypt the connection, or session, between two servers. Whereas As a Customer Control the user needs to configure email encryption in Office 365 manually.Exchange Online message encryption capabilities make the process easier to share protected emails with anyone. This article aims to explain the root concept of Office 365 email encryption and decryption, how to add email encryption to O365 as well as how to open encrypted email.

Note: It should be kept in mind that Office 365 mail protection only works for E3 and E4 plan of O365 or if you have bolted on Exchange Online Protection to accounts.

How Does Email Encryption works in Office 365

Before we explain the process to configure email encryption in Office 365 user need to understand the process that actually works in email encryption:

  • When the client send emails from Office 365 account a message is encrypted (transformed from plain text into unreadable ciphertext either on the sender’s machine, or by a central server) while the message is in transit mode.
  • The message remains in cipher code, while it transit in order to protect it from being read to elicit user.
  • Once the recipient receive encrypted email, Office 365 process the encoded text and transformed back into readable plain text in one of two ways:
    • Either the recipient client uses a key to decrypt message in Exchange Online for Office 365 Email Encryption or
    • The central server decrypt message on behalf of the recipient, after it validate the identity of recipient.
  • This process will encrypt/decrypt the data easily

Watch Video to Learn Email Encryption

Features of Office 365 E3 Email Encryption

  1. End-user controls enables users to easily encrypt mails and apply protected management templates in O365 account.
  2. Provide and manage encryption keys that helps to bring out the Owner Key for Azure Information Protection.
  3. Easily Manage Sensitive Data using single action Exchange transport rules that automatically encrypt messages at the gateway in Office 365 email encryption process
  4. Easily Navigate to Encrypted Messages with easy Office 365 interface that decrypts email without installing software at end side.
  5. Native in-line Reading Experience using Outlook clients for Office 365 users. Deliver encrypted email directly to recipients inbox and not to a Web service.

Configure Email Encryption in Office 365

For Office 365 email encryption user needs E3 or better to enable mail encryption options. Otherwise, a user needs to bolt on Exchange Online Protection from the subscriptions section.

Follow These Steps for Exchange Online Email Encryption

Step 1: Login to O365 portal and enable Rights Management by going to Service Settings on the Left Menu Bar.

office 365 email encryption

Step 2: Then Install Azure AD Management Powershell Plugin in Office 365 account
Click Here to Download

Step 3: Create PowerShell Script. Copy and paste the code into a text file and save it with extension *.ps1. Get Code Here

open code encrypted email

Step 4: Set PowerShell Execution Policy by executing Powershell as Administrator. Run the command - Set-ExecutionPolicy Unrestricted and hit Y
then Enter to accept

cmd in powershell

Step 5: After running the script you will be prompted to enter your Office 365 Global Administrator credentials. Usually the format of mail is
like this

Step 6:This will configure Email Encryption in Office 365 account

Testing Configure Email Encryption in Office 365

Step 1: Send email to someone known to test the email encryption with the word Encrypt in the subject line

sender_encoding text

Step 2: The receiver of the mail will get email with URL link attached. Double clicking or right click will open this link in browser to receive a Public Key

Step 3: If the receiver doesn't have Microsoft Online account then opt for the one time passcode email to be emailed to you that will allow you to decrypt the message immediately without having to create an account.

decryption of mail via pass


Office 365 Email Encryption, is used in order to create a safe journey of emails from one end to other. Exchange online protection of email through encryption reduce the chances of human intervention between the passage hence reducing data leak. Through this Office 365 mail protection technique client can remain relax sending their important data via emails. This section include the ways to configure email encryption in Office 365 to protect their data.