Embed Size (px)
Citation preview
Azure Information protection and Personal emails (Gmail, Hotmail, Live, etc…)
Guess what!? Now it’s available to share any protected emails with personal accounts, the new
Office365 Message Encryption capabilities built on top of Azure Information Protection, your
organization can use protected email communication with people inside and outside your
organization. The new OME capabilities work with other Office 365 organizations, Outlook.com,
Gmail, and other email services.
How the new capabilities for OME work?
The new Office 365 Message Encryption capabilities use the Azure Rights Management data
protection service from Azure Information Protection. Azure Rights Management uses
encryption, identity, and authorization policies to help secure your email. You can encrypt
messages by using Rights Management templates or the Do Not Forward option. Users can then
encrypt their messages and a variety of Office 365 attachments by using these options.
As an example for Gmail accounts the Sender choose from the OWA the desired protection type
such as confidential. (NOTE: we must predefine the x.Gmail.com account in AIP portal label
protection.). or you can choose the normal exchange protection don’t forward.
How the process goes on in few steps?
1. Enable the OME on your exchange online IRM.
2. Add the recipients and mail body then Click on protection and choose your desired
protection.
3. Send it.
4. The Gmail user will get an email contains a Hyperlink to click on.
5. The Gmail user navigates to office 365 page and a google sign in form will appear.
6. Enter the credentials then go through authentication on google servers site.
7. After being authenticated the user can open the mail in the browser with your protection
applied on the email.
How to enable Office 365 Message Encryption Step by Step?
1. Ensure you have the right subscription for your organization. To use this service, you
need one of the following combinations:
An Office 365 subscription that includes Azure Rights Management as well as Exchange
Online or Exchange Online Protection (EOP).
An Azure Information Protection subscription and an Office 365 subscription that
includes Exchange Online or Exchange Online Protection (EOP).
2. If you do not already have the Windows module for Azure Rights Management from Azure
Information Protection installed, you need to download and install it. For instructions,
see Installing Windows PowerShell for Azure Rights Management.
3. Using a work or school account that has global administrator permissions in your Office
365 organization.
4. Connect to the Azure Rights Management service.
a. cred = Get-Credential
Connect-AadrmService -Credential $cred
5. Activate the service.
a. Enable-Aadrm
6. Get the configuration information needed for message encryption.
a. $rmsConfig = Get-AadrmConfiguration
$licenseUri = $rmsConfig.LicensingIntranetDistributionPointUrl
Disconnect-AadrmService
7. Create a remote PowerShell session and connect to Exchange Online.
a. $session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri
https://outlook.office365.com/powershell-liveid/ -Credential $cred -Authentication Basic
–AllowRedirection
Import-PSSession $session
8. Collect IRM configuration for Office 365.
a. $irmConfig = Get-IRMConfiguration
$list = $irmConfig.LicensingLocation
if (!$list) { $list = @() }
if (!$list.Contains($licenseUri)) { $list += $licenseUri }
9. Enable message encryption for Office 365.
a. Set-IRMConfiguration -LicensingLocation $list
Set-IRMConfiguration -AzureRMSLicensingEnabled $true -InternalLicensingEnabled
$true
10. Enable the Protect button in Outlook on the web (Optional).
a. Set-IRMConfiguration -SimplifiedClientAccessEnabled $true
11. Enable server decryption for Outlook on the web, Outlook for iOS, and Outlook for
Android.
a. Set-IRMConfiguration -ClientAccessServerEnabled $true
12. Verify that the new capabilities for OME are configured properly by running the Test-
IRMConfiguration cmdlet.
a. Test-IRMConfiguration [-Sender <email address>]
Where email address is the email address of a user in your Office 365 organization. While optional, providing a
sender email address forces the system to perform additional checks.Your results should look like these:
What Scenario that will happen:
1. You will login into your outlook web application.
2. Create your message, your recipients and protect it.
a.
b.
3. The recipient [email protected] will receive a mail with a link for
navigation to office 365 portal.
4. Then the recipient will be navigated to a page to enter his Google credentials or to
use on time pass code!
a.
b.
c.
5. After Entering your credentials and being authenticated from Google side, you’ll be
able to open the mail via browser with the applied protection which is in our case
Don’t forward!
a.
And now the using of Azure Information protection with personal accounts has
been covered!
Last and not the least don’t hesitate to contact me for any support!
Your Feedback is highly welcomed!
Best Regards,
John Nabil | Infrastructure System Engineer - MEA Professional Services
Link Development
Mob.: Egypt: +(2) 01275446259 | Fax: +(202) 2529 5888
www.linkdev.com | the productive digital!
