Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Next »

Overview

Microsoft encrypts all data in transit and at rest, but also offers item-level encryption that users can opt into per message.

OME is based on Azure Rights Management Service (RMS) and provides additional options for users to secure their messages and makes these options more accessible. There are four templates currently available with the new OME:

  • Encrypt-only
  • Do Not Forward
  • Confidential
  • Confidential view-only

This document will discuss the differences between the legacy OME and new OME systems and demonstrate the new system.

If you are interested in reading more about the differences between legacy and new OME, that can be found here: https://docs.microsoft.com/en-us/microsoft-365/compliance/ome-version-comparison?view=o365-worldwide

Table of Content

Encrypted message recipients that are not using Microsoft 365 (e.g. gmail, outlook.com, yahoo, etc.) will receive a link to the OME portal. They can login with their email address or have a one-time passcode (OTP) sent to them to authenticate.

Microsoft 365 recipients will see a native inline experience and will not need to go through the OME portal.

Encrypt-only

External users receive an email with a link to the OME portal with their email*. They can login with their email address or have a one-time passcode (OTP) sent to them to authenticate (see below). They’ll be able to download any attachments once logged in.

*Microsoft 365 recipients will see a native inline experience rather than a link to the OME portal

Back to top


Do not forward

External users will receive an email with a link to the OME portal*. They can login with their email address or use a OTP to authenticate and view the message.

*Microsoft 365 recipients will see a native inline experience with a banner at the top of the message notifying them that the message is encrypted, and recipients cannot forward it (see below).

One caveat about users who receive an email with a link to the OME portal WILL be able to forward the encrypted message to other users, but only the initial recipients will be able to authenticate and view the message.

Back to top


Confidential

External users will receive an email with a link to the OME portal* but will be met with an error message (see below) when they try to access it. Confidential messages are only meant for internal use. These messages can be forwarded and viewed internally, but can’t be copied/printed.

*We believe external Microsoft 365 recipients will receive the same email with a link to the OME portal and see the same error messages.

Back to top

Confidential view only

External users will receive an email with a link to the OME* portal but will be met with the same error message as above when they try to access it. These messages can only be viewed by the original recipients and cannot be forwarded.

*We believe external Microsoft 365 recipients will receive the same email with a link to the OME portal and see the same error messages.



A Note about Forwarding Rules

While “do not forward” and “confidential view only” messages cannot be manually forwarded, it appears that this can be bypassed if a client has a forwarding rule in place that forwards the message automatically. However, only the initial recipients should be able to view the message.

Back to top

If you are unable to solve your issue with this knowledge article you can contact the IT Service Desk by calling (813) 974-HELP (4357) or emailing help@usf.edu. 

If you find any errors or omissions on any knowledge base page, please send an email to the 'DocTeam' at ITDocTeam@usf.edu.

  • No labels