How to Secure Emails in Microsoft 365 with Email Encryption
Vložit
- čas přidán 3. 07. 2024
- Check out this informative CZcams video on email encryption in Microsoft 365! In this video, you'll learn step-by-step instructions on how to set up email encryption to ensure the security of your emails. Additionally, you'll discover how to brand your company portal, giving it a personalized touch. Don't miss out on these essential tips to protect your sensitive information and create a professional image for your business. #EmailEncryption #Microsoft365 #datasecurity
Powershell Scripts for Branding Portal
►Connect-ExchangeOnline -UserPrincipalName YOUR365GLOBALADMIN
►New-OMEConfiguration -Identity "YOUR TEMPLTE NAME"
►Set-OMEConfiguration -Identity "YOUR TEMPLTE NAME" -BackgroundColor "#YOURHEXCODE"
►Set-OMEConfiguration -Identity "YOUR TEMPLTE NAME" -Image ([System.IO.File]::ReadAllBytes('YOURLOGOLOCATION'))
►Set-OMEConfiguration -Identity "B365 branding template" -IntroductionText "PORTALTEXT"
Further info:
learn.microsoft.com/en-us/pur...
🆓 FREE Facebook Group
From security to productivity apps to getting the best value from your Microsoft 365 investment, join our Microsoft 365 Mastery Group
/ microsoft365mastery
🆓 FREE Microsoft 365 Guide
Our FREE Guide - Discover 5 things in Microsoft 365 that will save your business time and money….. and one feature that increases your Cyber Security by 99.9%
► Download our guide here today: bearded365guy.com
💻 Want to Work Together?
Drop me an email: jonathan@bearded365guy.com
😁 Follow on Socials
TikTok @bearded365guy
Instagram @bearded365guy
📽️ Video Chapters
00:00 Introduction
00:38 The Problem with Email
02:26 Email Encryption in Outlook
04:49 Using Encryption with Gmail
06:27 How to Encrypt Emails Automatically
12:08 Brand your Encryption Portal
16:54 Final Thoughts
Thank you as always. Always appreciate how you take things Microsoft makes more complex than necessary and break it down.
Fantastic guide as always! I share your videos with my team regularly, straight to the point & easy to follow.
Thank you.
Your explanations are clear and easy to understand. Thanks to your videos, I've learned a lot and successfully applied that knowledge to my work. Wishing you continued health and success!
Love to hear that!
Awesome
Thank you for your thorough explanation of encryption. If an email is initially encrypted does the threaded back and fourth communication remain encrypted?
What a great video, thank you I really enjoyed it. But..... please mind your attachments when using Encryption this way, especially when you automate the encryption. If you need more info, let me know. Kind regards.
really nice video. can you make one on the double key encryption feature for encryption in transport rules. would be nice to see an extra level of encyption deployment video. thanks!
I’ll add it to the list
@@bearded365guy thanks! 🥳
Great video! They are all so helpful. I do have a Business Premium license, but the encryption lock does not show up in my New/Old Outlook or OWA. Any ideas?
Ah, you will need to run a powershell script to enable it…. I will try and make a short video.
@Jonathan Edwards. Thanks for the knowledge. On which M365 service do we test/validate the 'Disable persistent browser session' after setting up the Conditional Access Policy?
I am hooked to your videos, I mean I learn more from your videos rather than attending hours-long meetings with vendors telling us how much they need to be paid to implement best practices. Waiting for your full M365 course, is it still on track for this summer?
Hi mate, thanks….. yes, it’s on track……. I just need to bury myself in the studio and film the videos instead of watching Euros 24 ⚽️
@@bearded365guy i know you will be recording pretty soon then. Not like England have a chance. :D
@@adventuresofa9jaguy322 You’re right about that!!!
@@bearded365guy 😂 😂
@@bearded365guy great, yeah indeed It is a hard decision to make here.
Thank you, another amazing video, one question i am using Business Premium license but i do not see padlock sign in option, do i have to enable anything else on my admin portal ?
It seems something missing, is there any prerequisite for this?
HI Jonathan, thank you for you great videos. i am currently a personal user, but after watching some of your videos, i was thinking having a business premium licence would be a good idea to increase security, is that something you would recommend?
Yes, I would. For £18.10 per license/per month for Business Premium (in your own currency), you get so many features and apps.
Help for microsoft
Would this avoid the need for client portal when sending documents securely?
Hi Peter, yes it would.
how about an encrypted email sending from one company using M365 outlook to another company using M365 outlook as well? the recipient in Outlook will show the encrypted header? ( i tested it from 1 tenant to another tanant, it shows nothing about email encryption, why? )
That process is seamless, just like sending an internal email. You’ll still see the padlock next to the email and a header saying “This email is encrypted”
You are the bearded man!
Why you just create encrypt under do the following in the exchange rule instead the sensitivity policy
The label dictates the behaviour and settings.
It works when I use the browser, but when I use the app it lets me print and forward
About the encrypted email send to external email (Gmail), i saw that to read the message that external must re-authenticate after click on "Read the message" button. I wonder if the receiver forward that email to other people, can he/she be able to read that message? if yes, then what is the point of encrypting the email?
No, they wouldn’t be able to do that. To read the message, the gmail user has to sign into gmail with their credentials. In the demo, my account was already signed in. Hope that clarifies!
Is there a way to incorporate this with DLP in Purview? I'm in the states and have a DLP policy for GLBA. From what I can tell in Purview, my options are limited. I can notify the user and an admin they've sent sensitive data, but then the only other option I really have is to block the content. Basically, I don't want to encrypt ALL emails, but I would like to automatically encrypt emails that trigger the DLP policy.
Think I found it, it's in the auto-label section, I can auto-label based on GLBA data classifications. They're not bundled up nicely into a single "GLBA" grouping, but I can add them individually to mimic what's available in DLP.
@@robertneal1973 Yes you can….. but you know that now!
did it like in the video but still didnt work. maybe ill have to leave it till tomorrow for it to kick in or something
The label can take 24 hours…
@@bearded365guy yeah figured. Thanks!
Thanks for this video. Your gmail address is visible so I do not know if you want to block that.
Yes, realised that afterwards. Nevermind.
In attempting to do the branding portion, I get an error when trying to use the New-OME command. My PS states I only have access to Get-OMEConfiguration and Set-OMEConfiguration, not New-OMEConfiguration. Am I missing something?
For anyone else running into this - just using the Set command lets me do everything but I just have to modify the default OME Confiugration, which is fine since I don't currently understand a reason to have two. Please correct me if I'm missing something
Are you running PowerShell as admin?
@@bearded365guy I am. I also didn't have any of the azure information protection options available to me until I activated it through azure. I was able to completely modify the default ome to customize for my org, I just can't make a new one, and I'm using my GA account. I couldn't even make the email label until enabling it
Didn't work for me either. I did run PowerShell as administrator. Gives me this error:
New-OMEConfiguration : The term 'New-OMEConfiguration' is not recognized as the name of a cmdlet, function, script
file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct
and try again.
At line:1 char:1
+ New-OMEConfiguration -Identity "B365 branding templete"
+ ~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (New-OMEConfiguration:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException
@@davidmatveyev4210 you should be able to use the Set command instead of the new command and just change the default ome config
Yer gmail address is still shown in the browser tab. 😳 Don’t worry. I won’t tell.
Yeah, I know!
i sent this to my boss because i dont want to get fired.
Unfortunately, that encrypted email looks like a phishing email. Tech companies should come out with a solution together
Do you think? I think if more time is spent on the customisation and text, then it wouldn’t look like a phishing email.
@bearded365guy A supplier got compromised their M365 user account, that account sent out Sharepoint Shared documents to several companies. People did not suspect the threat because they used to be in communication with the affected person. All of them ended up given away their session cookies to the attacker. Imagine how easy will he using a "fake" encrypted email. Hey! That is a good topic to cover in your channel "cookie sessions" to bypass MFA.
@@bearded365guyTo be honest, I had the same thought as @tuxmc. I think it would be crucial to ensure the branding is top-notch but also communicate beforehand with likely recipients that future emails may/will be encrypted and show what they will look like, what the recipients can and should do to validate authenticity and who they can contact if they have any concerns.
I agree. Unless I had been explicitly told to expect such an email, alarm bells would be going off in my head.
@@bearded365guy I agree with @tuxmc We learn ours customers to not click on links in emails, and especially not login with your credentials if you did click on it. Now, in Gmail or in de classic outlook you get this message. Since we have used this we received a callback from everyone that received this encrypted message to verify if it was actually us or people telling us that we are being spoofed on!
Now with the new outlook, that is perfect but 80% of our customers do not use that version so this would be a disaster.