At the Ignite conference this year, Microsoft shared few new updates to Office 365 Message Encryption along with the general availability of Privileged access management.
a couple of we announced several new capabilities that enabled users to more seamlessly collaborate securely with anyone. Since then, we’ve released further updates such as a new out of the box template called encrypt-only, and others that make it easier for consumer recipients to collaborate on encrypted messages.
Message Encryption updates include enhancements to recipient experience. It also helps IT admins to proactively protect organizational sensitive data.
Here is what the new update brings to Office 365 Message Encryption:
Enables organizations to enabled or disable encryption for attachments when using “Encrypt-Only template. ”
Admins can enable this setting by running a Windows PowerShell cmdlet.
Customized branded emails offer new abilities such as to create branding templates to apply to business-to-consumer emails via Exchange mail flow rule; always enforce branded recipient experience regardless of recipient identity, and revoke business-to-consumer emails.
These capabilities are a planned release to be delivered by the end of the calendar year.
At the end of the calendar year, users will also be able to encrypt and rights protect PDFs.
With a data loss prevention (DLP) unified policy in Office 365 Security & Compliance Center, admins can identify, monitor, and automatically encrypt sensitive emails.
Also available now is a single location to view reports for DLP policies across Exchange Online, SharePoint Online and OneDrive for Business.
A look at the process of applying Office 365 Message Encryption through a DLP Policy:
IT Admins can now monitor and see reports on encrypted messages and proactively apply policies to sensitive emails based on observed patterns.
Following reporting capabilities will be available during preview:
- Breakdown of total encrypted message volume by encryption methods such as encryption applied through ad-hoc end-user controls or through an automatic policy such as an Exchange Mail Flow rule or a Unified DLP rule
- Number of encrypted messages by volume and by encryption template such as Do Not Forward, Encrypt-Only, OME Previous (OMEv1), or custom encryption templates
- Details for each encrypted email such as sender, recipient, encryption template, etc.
- Ability to schedule reports and have them sent to admins by email
- A report that shows the breakdown of total encrypted message volume by top recipient domains
Revocation of encrypted emails sent to consumer email accounts is now available in public preview. It can be done only if the recipient received a link-based branded email experience for encrypted email.
Organizations now have an ability to force a link-based experience regardless of the recipient identity.
Message Encryption is by default configured for all eligible Office 365 tenants. Create an Exchange Mail Flow rule or a Unified Data Loss Prevention policy to get started.
Office 365 Message Encryption is offered in Office 365 E3 and E5, or as an add-on.
Technical documentation is available over here, or watch the video embed to see how message encryption works in Office 365:
Privileged access management in Office 365 is now generally available and enable customers to enforce “Zero Standing Access” for privileged admin access within their organization.
Here is an approval workflow of Privileged access management that can be enumerated in the following steps:
Set up designed approvers and privileged access management policy within Microsoft 365 admin center and add members. under Settings then turn on Security & privacy, and configure specific access policy.
Admin now needs to ask privileged access permissions to execute high-risk task through Microsoft 365 admin center under Settings then Security & privacy, to make a new request.
Designated approver reviews request and take action through the Microsoft 365 admin center.
Admin receives notification and takes action for the specific amount of time
Privileges expire access expires after a specified length of time to reduce the risk of a malicious user stealing access.
With privileged access management in Office 365, access within an organization is governed, and all instances related to the capability will generate logs and security events.
With privileged access management organizations can also now manage Customer Lockbox requests, and Data Access requests from Azure Managed Apps from a single management pane for privileged access to your Microsoft 365 data.
Privileged access management is now available to all customers with Office 365 E5 and Advanced Compliance SKUs.