Solved

Can I configure encryption defaults on outlook using Group Policy?

Posted on 2011-09-16
1
346 Views
Last Modified: 2012-05-12
I've been asked if its possible to use group policy to force a user to encrypt messages by default.  I have been able to do this using Group Policy but it forces encryption on every message and doesn't give the option to send as unencrypted.  Essentially management wants a set-up where a user has to make a concious decision to send an unencrypted email.

Thanks,
Ciaran
0
Comment
Question by:ciaran_k
1 Comment
 
LVL 38

Accepted Solution

by:
Adam Brown earned 500 total points
ID: 36550397
Exchange uses an All or Nothing approach for email encryption on Internal emails. Either the entire conversation between Outlook and Exchange is encrypted or it isn't. There isn't a way to allow users to send unencrypted emails if mail encryption is turned on. Now, this is for internal emails only (communication between Outlook clients and the exchange servers). Encryption on email going outside of the organization requires configuration of TLS or the use of S/MIME.

It may be possible to do it if you turn off exchange encryption with clients and utilize S/MIME. This will allow you to configure the default settings in Outlook to set the email Sensitivity level to Confidential by default (thereby allowing users to select a lower sensitivity) but that requires a significant increase in infrastructure, training, and work, since S/MIME requires user certificates to work (and user certificate distribution, which would be a phenomenal pain in the rump for a larger organization).
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You may have a outside contractor who comes in once a week or seasonal to do some work in your office but you only want to give him access to the programs and files he needs and keep privet all other documents and programs, can you do this on a loca…
When we talk about DevOps toolchains, I sometimes wonder how many people really get what we’re talking about. I don’t know if it’s just semantics or tone or something else, but sometimes I think it just sounds like buzzword sausage. So it’s always …
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

943 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

4 Experts available now in Live!

Get 1:1 Help Now