다음을 통해 공유

Azure Information protection, Office 365 Message Encryption and Personal emails (Gmail, Hotmail, Live, etc…)

  • 아티클

Introduction

Now it’s available to share any protected emails with personal accounts, the new Office365 Message Encryption capabilities built on top of Azure Information Protection, your organization can use protected email communication with people inside and outside your organization. The new OME capabilities work with other Office 365 organizations, Outlook.com, Gmail, and other email services.

 

How the new capabilities for OME work?

The new Office 365 Message Encryption capabilities use the Azure Rights Management data protection service from Azure Information Protection. Azure Rights Management uses encryption, identity, and authorization policies to help secure your email. You can encrypt messages by using Rights Management templates or the Do Not Forward option. Users can then encrypt their messages and a variety of Office 365 attachments by using these options.

As an example for Gmail accounts the Sender choose from the OWA the desired protection type such as confidential. (NOTE: we must predefine the x.Gmail.com account in AIP portal label protection.). or you can choose the normal exchange protection don’t forward.

How the process goes on in few steps?

  1. Enable the OME on your exchange online IRM.
  2. Add the recipients and mail body then Click on protection and choose your desired protection.
  3. Send it.
  4. The Gmail user will get an email contains a Hyperlink to click on.
  5. The Gmail user navigates to office 365 page and a google sign in form will appear.
  6. Enter the credentials then go through authentication on google servers site.
  7. After being authenticated the user can open the email in the browser with your protection applied on the email.

How to enable Office 365 Message Encryption Step by Step?

  1. Ensure you have the right subscription for your organization. To use this service, you need one of the following combinations:

    • An Office 365 subscription that includes Azure Rights Management as well as Exchange Online or Exchange Online Protection (EOP).
    • An Azure Information Protection subscription and an Office 365 subscription that includes Exchange Online or Exchange Online Protection (EOP).

  2. If you do not already have the Windows module for Azure Rights Management from Azure Information Protection installed, you need to download and install it. For instructions, see Installing Windows PowerShell for Azure Rights Management.

  3. Using a work or school account that has global administrator permissions in your Office 365 organization.

  4. Connect to the Azure Rights Management service.

  5. cred = Get-Credential

    http://johnnabil.azurewebsites.net/wp-content/uploads/2017/10/a.png

    Connect-AadrmService -Credential $cred

    http://johnnabil.azurewebsites.net/wp-content/uploads/2017/10/b.png

  6. Activate the service.

    Enable-``Aadrm

    http://johnnabil.azurewebsites.net/wp-content/uploads/2017/10/c.png

  7. Get the configuration information needed for message encryption.

    $rmsConfig = Get-AadrmConfiguration

    $licenseUri = $rmsConfig.LicensingIntranetDistributionPointUrl

    Disconnect-AadrmService

    http://johnnabil.azurewebsites.net/wp-content/uploads/2017/10/d.png

  8. Create a remote PowerShell session and connect to Exchange Online.

    $session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365``.com/powershell-liveid/ -Credential $cred -Authentication Basic –AllowRedirection

    Import-PSSession $session

    http://johnnabil.azurewebsites.net/wp-content/uploads/2017/10/e.png

  9. Collect IRM configuration for Office 365.

    $irmConfig = Get-IRMConfiguration

    $list = $irmConfig.LicensingLocation ``if (!$list) { $list = @() } ``if (!$list.Contains($licenseUri)) { $list += $licenseUri }

    http://johnnabil.azurewebsites.net/wp-content/uploads/2017/10/g.png

  10. Enable message encryption for Office 365.

    Set-IRMConfiguration -SimplifiedClientAccessEnabled $true

    Set-IRMConfiguration -AzureRMSLicensingEnabled $true -InternalLicensingEnabled $true

    http://johnnabil.azurewebsites.net/wp-content/uploads/2017/10/f.png

  11.  Enable the Protect button in Outlook on the web (Optional).

    Set-IRMConfiguration -SimplifiedClientAccessEnabled $true

  12. Enable server decryption for Outlook on the web, Outlook for iOS, and Outlook for Android

    Set-IRMConfiguration -ClientAccessServerEnabled $true

  13. Verify that the new capabilities for OME are configured properly by running the Test-IRMConfiguration cmdlet.

    Test-IRMConfiguration [-Sender <email address>]

    Where an email address is the email address of a user in your Office 365 organization. While optional, providing a sender email address forces the system to perform additional checks.Your results should look like these:

 

What Scenario that will happen:

  1. You will login into your outlook web application.
  2. Create your message, your recipients and protect it.