Before your upgrade to Office 365 Message Encryption

  • Article

 

Applies to: Exchange Online Protection

Before the upgrade from Exchange Hosted Encryption (EHE) to Office 365 Message Encryption is a good time to learn about the new service. We encourage you to get familiar the upgrade process. This topic provides an overview of the service, discusses upgrade pre-requisites, and provides other useful information to help ensure that you experience a smooth upgrade.

Learn about Office 365 Message Encryption

Office 365 Message Encryption is included with the Windows Azure Rights Management service, enabling you to deliver confidential business communications to your customers, business partners, and anyone else inside or outside your organization. With Office 365 Message Encryption, email messages can be encrypted to protect sensitive or private material against snooping or interception, regardless of an email message’s destination—Outlook.com, Yahoo, Exchange Online or other email apps and services.

For more information about Office 365 Message Encryption, see the blog post, Introducing Office 365 Message Encryption.

Feature comparison between EHE and Office 365 Message Encryption

Feature description Exchange Hosted Encryption (EHE) Office 365 Message Encryption

Send Encrypted Mail to anyone

Yes

Yes

Custom branding

No

Yes. For more information, see Add branding to encrypted messages.

Language localization

No

Yes. For information, see Service information for Office 365 Message Encryption.

Message size limit

10 MB

25 MB

Integration with Exchange transport rules

Yes (requires complex headers)

Yes (simplified with single-action encryption and decryption rules)

Integration with Microsoft’s Data Loss Prevention (DLP) service

Yes

Yes

User experience

Legacy portal (for external recipients)

Rich, modern Office 365 user interface

Purchase Option

Sold standalone

Included with Windows Azure Rights Management subscription and Office 365 E3 and E4 Suites

Authentication method for recipients outside your organization to access encrypted messages

EHE Authentication

Microsoft account or Office 365 work account

Upgrade prerequisites

We will take care of upgrading your service for you before enabling Office 365 Message Encryption. In addition, you should take the following preparatory steps:

  • For Office 365 Suite or Exchange Online environments   Before upgrading from EHE to Office 365 Message Encryption you must have completed the Office 365 Service Upgrade, as described in Office 365 Service Upgrades and Service Updates

  • For Exchange and other on-premises email environments   If your email server is on-premises, you must have upgraded from Forefront Online Protection for Exchange (FOPE) to Exchange Online Protection and updated your MX record and smart host information. For more information about the FOPE Transition and how to update your MX record and smart host information, visit the FOPE Transition Center.

  • Open ports in your organization’s firewall to support Office 365 Message Encryption   You will have to add URLs or IP addresses for Exchange Online to the allow list for your organization to enable authentication for messages encrypted by Office 365 Message Encryption. For a list of Exchange Online URLs, see Office 365 URLs and IP address ranges.

Upgrade notifications

You will receive an email notification approximately four weeks before your scheduled upgrade from EHE to Office 365 Message Encryption. You will also receive a reminder approximately two weeks before your scheduled upgrade date. Once the upgrade is complete, you will receive a welcome email message informing you of how you can start using new features in Office 365 Message Encryption.

Postponing the upgrade

The upgrade to Office 365 Message Encryption does not require administrator interaction or does not involve any interruption in service. Therefore, we aren’t offering the ability to postpone the upgrade.

How the encryption service will change for email users

This upgrade won’t change the way your email users send encrypted messages. Rules that you set up to trigger encryption will remain unchanged. This means that users can use the same keywords to trigger encryption. For example, if you have set up a rule that requires “sendsecure” in the subject line, users can continue to use that keyword to trigger encryption of outgoing mails.

For external email users who receive encrypted messages, the process of signing in to view and reply to encrypted messages also remains the same, except that instead of signing in with an EHE-specific user account and password, users will sign in with a Microsoft account or Office 365 work account. Recipients who do not have a Microsoft account or an Office 365 work account will be provided with instructions for signing up.

We recommend that you inform external recipients of EHE encrypted messages of the upcoming changes to the user interface. All existing email messages that were originally encrypted using EHE before the upgrade will remain encrypted and will continue to be viewable after the upgrade to Office 365 Message Encryption finishes.

Sample email messages for announcing the upgrade to your email users and external recipients

You can use the following templates to announce the EHE upgrade to email users in your organization and to external recipients of encrypted messages. You can customize the text to meet the needs of your company. For example, you could replace “In two weeks…” with the date that your service update will begin.”

Sample upgrade announcement to email users in your organization

To: [email users in your organization]

Subject: Our message encryption service is being upgraded

In two weeks, Microsoft will be upgrading our current message encryption service, Exchange Hosted Encryption (EHE), to the Office 365 Message Encryption service, bringing us many new features.

During the upgrade, which takes approximately 15 minutes, you will be able to continue to send and receive emails. However, if you send a secure encrypted email during that time, your email will bounce back generating a non-delivery report (NDR). If this occurs please wait a few minutes and send it again.

After the service upgrade, email users outside of our organization who receive encrypted messages from us will notice the following changes:

  • In order to view an encrypted message, they will be asked to sign in using their Microsoft Account or Office 365 work account. If a user does not have a Microsoft Account, instructions will provide information about how to create a Microsoft Account and password. For more information about Microsoft accounts, visit https://windows.microsoft.com/en-US/windows-live/sign-in-what-is-microsoft-account

  • Once they open the message attachment they will see the new portal at the top of the browser window.

Thank you for your attention. We hope that you will enjoy the new service features.

Sample upgrade announcement to recipients outside your organization

To: [external recipients who receive EHE-protected messages from your organization]

Subject: Our message encryption service is being upgraded

In two weeks, the encryption service we use to send secure email messages to you will be upgraded. After the service upgrade, you will notice the following changes:

  • In order to view the encrypted message, you will be asked to sign in using your Microsoft account or Office 365 work account. If you do not have a Microsoft Account, instructions will provide information about how to obtain a new Microsoft Account and password. For more information about Microsoft accounts, visit https://windows.microsoft.com/en-US/windows-live/sign-in-what-is-microsoft-account

  • When you open the message attachment, you will see the new portal at the top of the browser window.

Thank you for your attention. We hope that you will enjoy the new service features.

See Also

Exchange Hosted Encryption (EHE) Upgrade Center