Create an FOPE Encryption Button for Outlook
Overview
Microsoft Forefront Online Protection for Exchange (FOPE) is Microsoft’s cloud services for e-mail protection. One of the additional options of FOPE is encryption, enabling an organization to send e-mail to external users and have that e-mail send in an encrypted method. While FOPE can use many patterns to determine when an e-mail should be encrypted, one key feature is to enable the end user to simply click a button in Outlook to set the FOPE encryption setting.
The goal of this document is to outline one method of enabling the end user to determine and identify specific messages that should be encrypted by FOPE.
How it works
One approach is to set a property on the message and have FOPE encrypt based on this setting. Outlook already exposes the “sensitivity” property, and we can configure FOPE to encrypt based on this property (FOPE sees it as a header variable). To really simplify this setting for a user, we can define a macro that is exposed on the ribbon bar in Outlook 2010 saving the user 4 extra clicks. All of these settings are simple, supported and do not require installing or licensing any addition software.
How to set up
Step 1. Enable the developer tab following these steps as outlined in http://msdn.microsoft.com/en-us/library/bb608625.aspx:
i. In Outlook, click the File tab.
ii. Click Options.
iii. In the categories pane, click Customize Ribbon.
iv. In the list of main tabs, select Developer.
v. Click OK to close the Options dialog box.
Step 2. Create and save a macro named “setConfidential” with the following code (to be placed in the “sub setConfidential()” section):
ActiveInspector.CurrentItem.Sensitivity = olConfidential MsgBox ("This message will be encrypted for any recipients outside this organization.")
Step 3. Customize the ribbon bar by following these steps:
i. In Outlook, click the File tab.
ii. Click Options.
iii. In the categories pane, click Customize Ribbon.
iv. On the right side of the screen click the “New Mail Message” tab and click the “New Group” button.
v. Right click the “New Group (custom)” group and rename the group to “Encryption”.
vi. On the left side of the screen, in the “choose commands from” section, change the drop down to “Macros”.
vii. Now click the “Project1.setConfidential” macro and click the “add” button which will place the macro in the “Encryption (custom)” group.
viii. Right click on the “Project1.setConfidential” macro and rename it to “On” and select an appropriate icon.
ix. You may want to change the ordering of the “Encryption (custom)” group.
x. Click ok to close the ribbon bar dialog.
Step 4. Create a rule in FOPE that takes the action “Encrypt” on any message with the Header filed named “Sensitivity” set to “company-confidential” as shown below:
Step 5. In Outlook set the appropriate trust setting, as discussed at: http://msdn.microsoft.com/en-us/library/ee814736.aspx.
Additional Notes
I suggest signing all macros so that you can protect your enterprise. Also, you will want to read: http://msdn.microsoft.com/en-us/library/ee814736.aspx to understand how to deploy the macro to the enterprise.
Testing the setup
Once all the settings have been applied and replicated – FOPE can take up to several minutes for the changes to replicate – you are ready to test. Simply create a new message and click the new “Encryption On” button on the ribbon bar as shown below:
Once the button is clicked, the “sensitivity” property will be set to confidential. You can view this by clicking the file tab and the properties button. Once you message is composed, send it. It will take a few extra seconds and the recipient should get a special encrypted e-mail message as shown below:
