/
Encryption in Microsoft Office 365 Encryption in Microsoft Office 365

Encryption in Microsoft Office 365 - PowerPoint Presentation

jane-oiler
jane-oiler . @jane-oiler
Follow
347 views
Uploaded On 2018-11-07

Encryption in Microsoft Office 365 - PPT Presentation

Tariq Sharif OFCB332 Why is encryption needed Departmental Only Emails Medical Records Bank Statements Trade Secrets Design Documents Inter Company Confidential Memos Office 365 Message Encryption ID: 719284

encryption 365 office message 365 encryption message office microsoft encrypted rights management exchange account email azure online user owa admin messages view

Share:

Link:

Embed:

Download Presentation from below link

Download Presentation The PPT/PDF document "Encryption in Microsoft Office 365" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.


Presentation Transcript

Slide1
Slide2

Encryption in Microsoft Office 365

Tariq Sharif

OFC-B332Slide3

Why is

encryption needed?

Departmental Only Emails

Medical Records

Bank Statements

Trade Secrets

Design Documents

Inter

Company Confidential

MemosSlide4

Office 365 Message Encryption –

Encrypt messages to any SMTP address

Personal

account statement from a financial institutionsInformation Rights Management – Encrypt content and restrict usage; usually within own organization Internal

company confidential memoS/MIME – Sign and encrypt messages to users using certificates Peer to peer signed communication within a government agencyEncryption Solutions in Office 365Slide5

Admin:

Simple to provision and configure

Policy driven via Transport Rules

Customizable branding of encrypted emails and mail reading portal

Allows for Enterprise content inspection and complianceSender:Ability to send encrypted messages to any SMTP address regardless of recipient’s client or service providerRecipient:View encrypted messages on Office 365 Message Encryption portal after sign-inOffice 365 Message Encryption portal has rich OWA controls for viewing and composing messagesReplies from the portal are also encryptedOffice 365 Message EncryptionSlide6

How do recipients sign-in to view messages? – 2 ways

Microsoft

account – used for sign-in to Microsoft services like OneDrive, XBOX Live, etc…

Microsoft account for hotmail.com, outlook.com, live.com already exists

User can create Microsoft account for any SMTP address, like gmail.com, mycustomdomain.com – address verification done as part of account creation processIf recipient does not have a Microsoft account, recipients are navigated through the process of creating oneFor a given email address, a single Microsoft account is used to access all Microsoft services and view future encrypted emailsOrganizational Account – used for sign-in to workloads like Exchange Online, SharePoint Online, etc…As Office 365 embraces additional identity providers, so will Office 365 Message Encryption.Office 365 Message EncryptionSlide7

Demo

Contoso

Pharma

wants to send encrypted emails to its partner

doctorsAdministrator has configured an ETR to encrypt any message going to Dr Toni when the subject contains the word “Encrypt”Dr Toni gets the encrypted email at his hotmail address and follows instructions to view the encrypted message send from SerenaSlide8

New ETR actions configurable via UI or PowerShell

Office 365 Message Encryption –

Admin

Configuration

New-TransportRule –Name EncryptRule <Condition for which to apply encryption> -

ApplyOME $trueNew-TransportRule –Name DecryptRule <Condition for which to remove encryption> -RemoveOME $trueSlide9

Customize opening text in encrypted email and disclaimer statement

Office 365 Message Encryption –

Admin

Configuration

Set-OMEConfiguration -Identity default -EmailText

"Encrypted message from ContosoPharma secure messaging system"Set-OMEConfiguration -Identity default -DisclaimerText “This email message and its attachments are for the sole use of the …"Slide10

Customize portal text and

logo

Office 365 Message Encryption –

Admin

ConfigurationSet-OMEConfiguration -Identity default -PortalText

"ContosoPharma secure e-mail portal"Set-OMEConfiguration -Identity default -Image (Get-Content "C:\Users\admin\Desktop\contoso.png” -Encoding byte)Slide11

Modern O365 UI and rich OWA controls

Office 365 Message Encryption –

Modern UISlide12

Office 365 Message Encryption - Under the hood

Exchange Online

Policy detection and Enforcement

Tenant configuration

O365 User

Internet User

SendMicrosoft account/Organization AccountMail Reading Portal

DeliverPostSlide13

Office 365 Message Encryption uses IRM as a platform to encrypt message

Sending organization needs to have purchased and configured Azure Rights Management Services (RMS)

Keys imported from Azure RMS are 2048 bit and use SHA-256

encryption (Crypto Mode 2)

Encrypted messages are wrapped in an HTML file and sent as an attachment to intended recipientsHTML file contains the encrypted message along with other metadataMessages can be viewed on any device that can open and post from an HTML fileWhen user opens and clicks on link in the attachment, encrypted content is posted and held temporarily while user authenticatesUser authenticates using a Microsoft account or Organizational AccountIf user has neither, user is told and asked to create a Microsoft account before viewingAny email address (@yahoo.com, @gmail.com, etc…) can be used to create a Microsoft accountOnce the authentication completes, message is decrypted and shown in modern UI with all rich OWA controls

Messages replied from the portal are also encryptedOffice 365 Message Encryption - Under the hoodSlide14

Purchasing Office 365 Message Encryption

Office 365 Message Encryption is included with Azure RMS

* On-premise customers need to route mails through Exchange Online

** Windows Azure Rights Management is not available for Office 365 Small Business plans

Plan

Requires

PriceOffice 365 E3, E4

Windows Azure Rights Management is includedIncludedOffice 365 E1, K1Windows Azure Rights Management$2 PUPMOffice 365 Exchange Online Plan 2, Plan 1, KioskWindows Azure Rights Management$2 PUPMOffice 365 SharePoint Plan 2, Plan 1Windows Azure Rights Management

$2 PUPMOffice 365 Midsize BusinessWindows Azure Rights Management$2 PUPMExchange on-premisesWindows Azure Rights Management$2 PUPMSlide15

Customers using EHE will be upgraded to Office 365 Message Encryption at no additional cost

Awareness and transition emails will be sent prior to transition – Transitions

started

for Q1CY14

No action required on tenant admins – existing EHE policies will be automatically migrated to Office 365 Message Encryption policiesEHE mail recipients will continue to have access to view their old encrypted emailsEHE account store and emails already encrypted with EHE will not be migrated to Office 365 Message Encryption Upgrade: Exchange Hosted Encryption to Office 365 Message EncryptionSlide16

Upgrade: Exchange Hosted Encryption to Office 365 Message Encryption

Feature

Exchange

Hosted Encryption

Office 365 Message EncryptionSend Encrypted Mail to anyone

AvailableAvailableCustom BrandingNot AvailableAvailableMessage attachment size limit10 MB25 MBIntegration with Exchange transport rulesAvailable, but complex headers involvedAvailable and simplified

User experienceCustom EHE portalEnhanced Office 365 UIIntegration with Data Loss PreventionAvailableAvailablePurchase OptionSold StandaloneIncluded with Azure RMSSlide17

Information Protection technology

Protection is persisted with the data, content can travel anywhere (desktops, file shares, USB keys, cloud drives, network and devices

)

Combines encryption and usage restrictions

Prevent accidental disclosure of sensitive data by applying usage polices (cannot forward, cannot print, read-only)Simple to useAuthors just select a policy option, consumers just open documentsAdministrators can configure policies to protect content automaticallySecurely share data with individuals within organizationInformation Rights ManagementSlide18

Admin:

Simple to provision and configure using Windows Azure Rights Management – No on-premises RMS server required

Policy driven via Transport Rules

Allows for Enterprise content inspection and compliance

Sender:Ability to send IRM protected messages to recipients in the organization using supported clients - OWA and Microsoft Office 2010 and 2013Recipient:Ability to view IRM protected content just like regular emails using supported clients (OWA, Microsoft Office 2010 and 2013, EAS)Information Rights Management – Exchange OnlineSlide19

Automatically protect email with IRM using Exchange Transport Rules

Information Rights Management –

ETR

& DLPSlide20

Protect

email with IRM right from the Outlook Web App.

Information Rights Management –

OWASlide21

Admin:

Simple to provision and configure using Windows Azure Rights Management – No on-premises RMS server required

Protection managed at individual library level protecting Office and Adobe pdf file formats

End-user:

Documents are protected at the time of download from a library and rights given to appropriate user accounts per the library settingsUser can edit the document in supported office clients and protection is removed at time of uploadInformation Rights Management – SharePoint OnlineSlide22

Government preferred way to secure email communication

Based on a published and broadly supported standard

Must know recipients public cert to send them encrypted mail

Must have private key associated with sending email address to sign email

Without having recipients private key, no one can open and view the messageExchange on-prem continues to support S/MIMEOWA 2013 support added in SP1S/MIMESlide23

Admin:

Admin provisions certificates to users and synchronizes them with Exchange Online

Simple Exchange Online configuration for S/MIME OWA behavior

Sender:

Ability to send signed and encrypted email to intra organization recipients who are properly configuredRecipient:Ability to view signed and encrypted emails using OWA and supported clients and replyS/MIME in Exchange OnlineSlide24

Admin Exchange Online configuration options

S/MIME in Exchange OnlineSlide25

Demo

Contoso

Pharma

researchers want to discuss and talk about a research drug securely

Serena sends email to Rosella using OWA Rosella views the email on OWA and respondsSlide26

Summary

Office 365 Message Encryption –

Encrypt messages to any SMTP address

Personal account statement from a financial institution

Information Rights Management – Encrypt content and restrict usage; usually within own organization or trusted partners Internal company confidential memoS/MIME – Sign and encrypt messages to users using certificates Peer to peer signed communication within a government agencySlide27

Q/ASlide28
Slide29

Resources

Learning

Microsoft Certification & Training Resources

www.microsoft.com/learning

msdn

Resources for Developers

http://microsoft.com/msdn

TechNet

Resources for IT Professionalshttp://microsoft.com/technet

Sessions on Demand

http://channel9.msdn.com/Events/TechEdSlide30

Complete an evaluation

and

enter to win!Slide31

Evaluate this session

Scan this

QR

code

to evaluate

this session.Slide32

©

2014

Microsoft Corporation. All rights reserved. Microsoft, Windows,

and

other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.