How to apply server-side signature to emails before encrypting them

Scenario

Your organization uses Office 365 Message Encryption (OME) to encrypt emails that contain sensitive information. You want to ensure that server-side signatures are applied to the emails before they are encrypted and sent to the recipient.

Resolution

In order to ensure that a server-side signature can still be applied, it is necessary to ensure that the email is routed to Exclaimer Cloud before the encryption occurs.

The solution presented below requires users to add a trigger word to the subject line of the email so is suitable in scenarios where only certain emails require encryption.

Once the email is processed by Exclaimer Cloud, a mail flow rule will apply encryption to any email that contains the trigger word in the subject line.

To apply encryption using a subject line trigger and mail flow rule:

1. Sign in to the Exchange Online admin portal (https://admin.exchange.microsoft.com) as an Administrator.
   
   The Exchange admin center is displayed.
   
   
2. From the left-hand navigation menu, select Mail flow, then select Rules.
   
   
3. In Rules, select the Identify messages to send to Exclaimer Cloud Transport Rule which you created when setting up Signatures for Microsoft 365. 
   
   
   
   The details are displayed on the right-hand pane.
   
   
4. Click Edit rule settings.
   
   
   
   
5. Ensure that the Stop processing more rules option is selected before you click Save.
   
   
   
   
6. Now, click Add a rule then select the Apply Office 365 Message Encryption option.
   
   
   
   The Set rule conditions pane is displayed.
   
   
7. In Name, enter an appropriate name for the rule.
   
   
8. From the Apply this rule if... drop-down list, select The sender then select is external/internal. From the select sender location, select Inside the organization.
   
   
9. Click Save to save the changes made. 
   
   The updated condition is added to the selected rule:
   
   
   
   
10. Click + to add a condition.
    
    
    
    
11. From the And drop-down list, select The subject or body. From the adjacent drop-down list, select subject includes any of these words.
    
    
    
    
12. In the Specify words or phrases pane, enter Encrypted:
    
    
    
    
13. Click Add then click Save.
    
    The updated condition is added to the selected rule:
    
    
    
    
14. From the Do the following section, in Rights protect message with, click Select One.
    
    
    
    The select RMS template pane is displayed.
    
    
15. From the drop-down list, select Encrypt.
    
    
    
    
16. Click Save to save the changes made then click Next.
    
    
17. Select Activate this rule on and specify a suitable time to enable the rule.
    
    
18. Select the Defer the message if rule processing doesn't complete option.
    
    
19. Click Next.
    
    
20. Review the settings then click Finish to save the new rule.
    
    Once the rule has been created, users can add the subject line trigger word 'Encrypted:' to the emails that require encryption.
    
    
    NOTES:
    

    • Please allow up to one hour for the new mail flow rule to replicate in Microsoft 365.
    • If required, you can substitute another word in the subject line trigger instead of 'Encrypted:' 

Example:

NOTES:

- The email will only be encrypted after it is processed by Exclaimer Cloud.
Example:


- The signature will only be applied to the first email in the chain as any further replies will already be encrypted before being processed by Exclaimer Cloud.