In the era of security regulations such as GDPR, companies are putting a great effort into making email protection technologies more widely available. Lately, Microsoft has introduced significant changes to Office 365, helping users to safeguard their messages in a quicker and easier way. As people send more and more protected emails on a daily basis, some of you might be wondering: How this works with CodeTwo software?
Mail protection features in Office 365 – what’s changed?
Organizations that use Office 365 Message Encryption (OME) can benefit from out-of-the-box email protection policies such as Do Not Forward and Encrypt-Only. Recently, a new feature, Office 365 sensitivity labels, has been introduced to Office 365. Sensitivity labels do not require additional Azure Information Protection (AIP) licenses, so they are likely to become popular in the upcoming months.
Office 365 admins can manage the Do Not Forward and Encrypt-Only policies by using mail flow transport rules in the Exchange admin center. Office 365 sensitivity labels are handled through the Security and Compliance Center and can be used for message encryption, content marking, access control, or data retention.
From the users’ perspective, the new Office 365 mail protection features can be triggered on supported email clients such as Outlook or Outlook on the web (OWA). In OWA, the Protect option in the compose mode allows users to encrypt an email (Encrypt-Only), prevent it from being forwarded (Do Not Forward), or apply one of the organization’s protection policies, including sensitivity labels (as mentioned before, the available options depend on your Office 365 plan).
The viewing experience depends on who opens a protected message. If the recipient is within the same Office 365 organization and uses a current version of Outlook (including the mobile versions and Outlook on the web / OWA), the message can be opened normally. If the recipient is outside the sender’s organization, does not have an Office 365 account, or uses a different email client, they might need to take additional action, for example open a message wrapper and verify their identity in a web browser to access the protected content.
Message protection vs email signatures added by CodeTwo
Office 365 environments
Our email signature solution for Office 365 tenants, CodeTwo Email Signatures for Office 365, adds signatures server-side when emails are routed through our services hosted in Microsoft Azure datacenters.
If a message is protected server-side, e.g. by using a mail flow transport rule that applies a rights management template (such as Do Not Forward or Encrypt-Only), then the whole message (including a signature added by CodeTwo) is encrypted.
An important advantage of adding signatures to a message and protecting this message server-side is that every email client (including mobile apps and Outlook for Mac) is supported.
If message protection is applied client-side, for example via the Protect options in Outlook on the web, email signatures are not added by our software because we do not interfere with the protected content.
A technology used in one of our older mail signature products allows us to add email signatures on the mail client side using a dedicated add-in, making it possible to add a signature to a protected email in Outlook. However, we are currently working on a modern solution to support all types of Office 365 protected emails on the client side.
Hybrid and on-premises environments
The programs from the CodeTwo Exchange Rules software family automatically recognize emails protected by Office 365 and exclude them from processing, so that they do nothing to the protected content. This applies to both incoming and outgoing protected emails.