Scenario
Your organization uses Office 365 Message Encryption (OME) to encrypt emails that contain sensitive information. You want to ensure that Server-Side signatures are applied to the emails before they are encrypted and sent to the recipient.
Resolution
In order to ensure that a Server-Side signature can still be applied, it is necessary to ensure that the email is routed to Exclaimer before the encryption occurs.
The solution presented below requires users to add a trigger word to the subject line of the email so is suitable in scenarios where only certain emails require encryption.
Once the email is processed by Exclaimer, a mail flow rule will apply encryption to any email that contains the trigger word in the subject line.
To apply encryption using a subject line trigger and mail flow rule:
- Sign in to the Exchange Online admin portal (https://admin.exchange.microsoft.com) as an Administrator.
The Exchange admin center is displayed.
- From the left-hand navigation menu, select Mail flow, then select Rules.
- In Rules, select the Identify messages to send to Exclaimer Transport Rule which you created when setting up Signatures for Microsoft 365.
The details are displayed on the right-hand pane.
-
Click Edit rule settings.
- Ensure that the Stop processing more rules option is selected before you click Save.
- Now, click Add a rule then select the Apply Office 365 Message Encryption option.
The Set rule conditions pane is displayed.
- In Name, enter an appropriate name for the rule.
- From the Apply this rule if... drop-down list, select The sender then select is external/internal. From the select sender location, select Inside the organization.
- Click Save to save the changes made.
The updated condition is added to the selected rule:
- Click + to add a condition.
- From the And drop-down list, select The subject or body. From the adjacent drop-down list, select subject includes any of these words.
- In the Specify words or phrases pane, enter Encrypted:
- Click Add then click Save.
The updated condition is added to the selected rule:
- From the Do the following section, in Rights protect message with, click Select One.
The select RMS template pane is displayed.
- From the drop-down list, select Encrypt.
- Click Save to save the changes made then click Next.
- Select Activate this rule on and specify a suitable time to enable the rule.
- Select the Defer the message if rule processing doesn't complete option.
- Click Next.
- Review the settings then click Finish to save the new rule.
Once the rule has been created, users can add the subject line trigger word 'Encrypted:' to the emails that require encryption.
NOTES:
- Please allow up to one hour for the new mail flow rule to replicate in Microsoft 365.
- If required, you can substitute another word in the subject line trigger instead of 'Encrypted:'
Example:
NOTES:
- The email will only be encrypted after it is processed by Exclaimer.
Example:
- The signature will only be applied to the first email in the chain as any further replies will already be encrypted before being processed by Exclaimer.
- The email will only be encrypted after it is processed by Exclaimer.
Example:
- The signature will only be applied to the first email in the chain as any further replies will already be encrypted before being processed by Exclaimer.