A few things that need to be sorted out – RMS Templates. You can access this through the Azure Portal and then Azure Information Protection. Expand protection templates – I used a previously created template “Encryption (All Users)” and then went in to edit it. (You can create a new template through the Exchange Powershell as well – article will be in helpful articles section.) You will want to edit these permissions accordingly – if you want external users to be able to view these emails you will need to add AuthenticatedUsers to the permissions list as well as the OU for your internal users.
Once you have Authenticated Users added you will want to select their permissions in accordance to your Information Security standards. We selected Co-Owner as it allows our partners to edit, send, print, and forward those encrypted emails.
From there you can then create a rule in Exchange to trigger this encryption. Below you will see a screen shot of our rule. Ensure that the Encryption method you select matches the one you just configured. You can customize the rule however you would like and add any additional key words you feel are needed.
After that turn the rule on and run a test verify it works. If the Encryption is working you are all set. If interested, you can do some customization of the message the end user receives. This is recommended as it will help end users distinguish your message from potential phishing messages. Articles on customization will be added below.
Helpful Articles
- Configuring Office Protection Templates / Creating New Templates
- Understanding OME and the Options that it Includes
- Add Organizations Branding to your Encrypted Messages
- Create New OME Template using Powershell
- Set-OMEConfiguration – How to Set OME Configuration using Powershell
Azure Information Protection / Exchange Rule Image Guides
