Agencies
Services
Purview Message Encryption Overview
What is Purview Message Encryption?
Microsoft Purview Message Encryption is an online service that is part of Microsoft Purview Information Protection. This service includes encryption, identity, and authorization policies to help secure your email. You can encrypt messages by using rights management templates like Do Not Forward option and the Encrypt-Only option. Microsoft Purview Message Encryption also encrypts replies from recipients of encrypted email.
How it Works
Message encryption is available whether you are sending mail inside your organization or to recipients outside of Microsoft Office 365. Users can read the encrypted mail seamlessly, even if they are not in the same organization as the sender.
Tech Note: Supported Outlook clients are Outlook Desktop, Outlook Mac, and Outlook on the web.
Recipients of encrypted messages on non-supported mail platforms (not listed in the Tech Note above) will receive a link which directs them to the Purview message portal. It will require them to authenticate using their mail provider credentials to view the message.
How to Send a Purview Encrypted Message
- In Outlook, create a new message as normal.
- Select Options
- Select Permissions from the 2 options available:
- DoNotForward - The recipient cannot forward it, print it, or copy from it. For example, in the Outlook client, the Forward button, Save As and Print menu options are not available. The recipient cannot add or change recipients in the To, Cc, or Bcc boxes.
- Encrypt-Only - The recipients have all usage rights except Save As, Export and Full Control. This combination of usage rights means that there are no restrictions, except that they cannot remove the protection. For example, a recipient can copy from the email, print it, and forward it.
How Encryption Affects Attachments
The sender can attach any file type to a protected email and many file types that are attached to the Purview encrypted email will inherit the same permissions.
MS Purview encrypts the following M365 Office file extensions:
.docx |
.docm |
.dotx |
.dotm |
.pptx |
.pptm |
.potx |
.potm |
.ppsx |
.ppsm |
.thmx |
.xlsx |
.xlsm |
.xlsb |
.xltx |
.xltm |
.xlam |
.xps |
Protection is inherited from mail to unencrypted attachments only. If a file format is supported, such as a Word, Excel, or PowerPoint file, the file is always protected, even after the recipient downloads the attachment.
For example, say an attachment is protected by Do Not Forward. The original recipient downloads the file, creates a message to a new recipient, and attaches the file. When the new recipient receives the file, they can't open it.