Office 365 encrypts email between the client and the server automatically, so the odds of getting hacked on an airplane like the reporter who was using Earthlink (Earthlink?) for email claims to have been are pretty slim if you're using Office 365.

It also automatically encrypts email between the server and recipient servers that support TLS encryption. So if I send an email from my Office 365 account to a client who has an Office 365 account the email will automatically be TLS encrypted all the way to their server (Office 365). Assuming my client is using Outlook to read email the message is encrypted end-to-end.

But, what if you are sending to a client whose server DOESN'T support TLS (or you're not sure) and you want to make sure it's encrypted from your Office 365 to them? Well, with Office 365 Message Encryption you can force a message to be encrypted to any recipient. It's done by configuring transport rules in your Office 365 server to encrypt messages that meet certain criteria.

Recently Microsoft talked about allowing OWA users to manually trigger encryption on any message. This was particularly for messages that might not match any of your transport rules but which the user wanted to secure anyhow. Unfortunately, Microsoft has announced that they're going to cancel that feature.


If you were really looking forward to it though, no worries. You can roll your own in a manner of speaking. Simply create a Message Encryption transfer rule that triggers off a unique word or phrase. For example it might look for "[secure]" and if it sees that word in the message it will apply the encryption. You might use the word "secure" in normal messages but you probably wouldn't typically enclose it in brackets like that, so by adding the brackets you've created a custom key that can trigger encryption but probably won't trigger it accidentally.

Then all your users have to do is add the word [secure] to their message and that outgoing message will be encrypted by Office 365 Message Encryption even if the message doesn't meet your other automatic triggers for encryption.

Bonus: It works from any messaging client you're using - OWA, Outlook for PC, Outlook for Mac, iOS, Android...anything that sends through your Office 365 account.

If you have questions about Office 365 or need assistance with it feel free to reach out to us. You can email me at or find me on twitter @bschorr.