mewtd
asked on
Enabling encryption on office365
HI,
With GDPR, we are evaluating all our communication channels. Particularly, we are looking at email and whether that should even be used to communicate confidential information, e.g. HR staff emailing each other.
Some people are of the opinion that email is inherently insecure method of communication, and we shouldn't use it at all! They suggest using the likes of WhatsApp, which has end to end encryption.
Others take the view that office365 has sufficient security in it to protect its users, and we should not over-react.
Is there sufficient protections in Office 365 for email users? Or, if not, are there additional services can be applied to a domain using office365 which would provide the equivalent of end to end encryption?
Advice very welcome.
With GDPR, we are evaluating all our communication channels. Particularly, we are looking at email and whether that should even be used to communicate confidential information, e.g. HR staff emailing each other.
Some people are of the opinion that email is inherently insecure method of communication, and we shouldn't use it at all! They suggest using the likes of WhatsApp, which has end to end encryption.
Others take the view that office365 has sufficient security in it to protect its users, and we should not over-react.
Is there sufficient protections in Office 365 for email users? Or, if not, are there additional services can be applied to a domain using office365 which would provide the equivalent of end to end encryption?
Advice very welcome.
Implement the Azure Information Protection subscription if you're using O365 for Business plans. E3 and higher subscriptions include AIP.
Once you have an AIP subscription, you can then configure forced email encryption transport rules that will allow you to send messages that are encrypted in transit and at rest without much difficulty. I'll write up some instructions today and post them here.
Once you have an AIP subscription, you can then configure forced email encryption transport rules that will allow you to send messages that are encrypted in transit and at rest without much difficulty. I'll write up some instructions today and post them here.
ASKER
Sounds excellent, thank you Adam
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Excellent
Your best/better is to check with office365 support to setup the environment conforming with the regulatory rules that apply to your insudtry.
If ins ternal, you would need a Certificate authority that will issue certificates to user who will use these certificates to encrypt, sign emails to recipients.