Encrypt Inbound and Outbound Emails Containing SIT

Question

Encrypt Inbound and Outbound Emails Containing SIT

jpcapone 1,776

I am looking to determine the best way to automatically encrypt inbound and outbound emails that contain ssn and cc numbers. I have created an auto labeling policy and only select the Exchange service but I am getting mixed results and none close to fulfilling the requirement. I would like to ensure that both emails containing text instances of the ssn and cc as well as attached documents with the same information triggers encryption for the specific inbound or outbound email message. Any assistance would be appreciated..

Accepted answer

1 additional answer

Your answer

Answer 1

Konstantinos Passadis 19,591 MVP

Hello @jpcapone !

This is an action with planning and trial and error

For your reference i suggest have a good look here :

https://learn.microsoft.com/en-us/microsoft-365/compliance/ome-sensitive-info-types?view=o365-worldwide

https://learn.microsoft.com/en-us/microsoft-365/compliance/ome-advanced-message-encryption?view=o365-worldwide

https://learn.microsoft.com/en-us/microsoft-365/compliance/manage-office-365-message-encryption?view=o365-worldwide

https://practical365.com/custom-sensitive-information-types/

Work with Custom Sensitie Info types and when you are ready to Test give some time to the engine to make the config

What i suggest is to create the Policy from Exchange Online :

https://learn.microsoft.com/en-us/microsoft-365/compliance/ome-sensitive-info-types?view=o365-worldwide

I hope this helps!

Kindly mark the answer as Accepted and Upvote in case it helped!

Regards

jpcapone 1,776 Reputation points

2023-07-15T14:23:34.4966667+00:00

Thank you for the reply. Trial and error has led me to making this post as using the compliance options isn't yielding good outcomes.

I have created labels/auto labeling policies that have had no effect on emails with SIT. I can get DLP policies to encrypt outbound messages but not inbound. I wouldn't think that this process would be so overly complex and ambiguous based on the capabilities of Purview. In the meantime I can indeed continue trial and error but if anyone that has successfully done this before can weigh in please do, thanks!
jpcapone 1,776 Reputation points

2023-07-15T14:34:17.4033333+00:00

After further investigation I have found this article: https://learn.microsoft.com/en-us/microsoft-365/compliance/define-mail-flow-rules-to-encrypt-email?view=o365-worldwide

which states

'You can't encrypt inbound mail from senders outside of your Exchange Online organization. If a mail flow rule is set up to encrypt mail from outside the organization, the inbound mail will be delivered without encryption."
So unless anyone can refute this statement, I think the case is closed?
Yuki Sun-MSFT 41,376 Reputation points Moderator

2023-07-17T02:56:03.04+00:00

Hi @jpcapone ,

'You can't encrypt inbound mail from senders outside of your Exchange Online organization. If a mail flow rule is set up to encrypt mail from outside the organization, the inbound mail will be delivered without encryption." So unless anyone can refute this statement, I think the case is closed?

Thanks for the share!

You can consider hitting the "Accept Answer" button under this conversation so that the information you shared can be helpful to the community look for answers to similar questions. Thx!

Answer 2

Hello @jpcapone !

For Inbound Emails , it is true. Only the sender has this ability . Other solutions: you can make the Email delivered into a Shared Mailbox , apply encrytpion before forward it to the respective recipients .

This of course has some work and i can only imagine that it could work if you have for example 1-2 specific domains/partners hat you would like to have encrypted inbound emails , It is quite a config to make it work for EVERY incoming mail! Also an External Gateway could do this for you, but we are getting out of scope , and looking into costs and budgets !

Thank you for updating !

Kindly mark the answer as Accepted and Upvote in case it helped!

Regards

Share via

Encrypt Inbound and Outbound Emails Containing SIT

1 additional answer

Your answer