Microsoft 365 Message Encryption (OME)

Overview

For users who require additional email security, USF offers item-level encryption that users can opt into on a per message basis by leveraging Microsoft 365 Message Encryption (OME). The encryption offered by OME is useful in cases where users want an extra layer of security for sensitive information.

Encrypted message recipients that are not using Microsoft 365 (e.g. gmail, outlook.com, yahoo, etc.) will receive a link to the OME portal. They can login with their email address or have a one-time passcode (OTP) sent to them to authenticate.

Microsoft 365 recipients will see a native inline experience and will not need to go through the OME portal.

How do I encrypt a message?

To encrypt a message, simply click on the “Encrypt” button when composing a message and select the encryption template you’d like to use. The “Encrypt” button can be found under the “Options” section of the Outlook desktop client, or at the top of the message in the Outlook web client.

Alternatively, if you include the word “encrypt” anywhere in the subject line of your message (case insensitive), then the “Encrypt-only” template will automatically be applied to your message.

There are currently four templates available for encryption:

  • Encrypt-only
  • Do Not Forward
  • Confidential
  • Confidential view-only


Encrypt-only

External users receive an email with a link to the OME portal with their email. They can login with their email address or have a one-time passcode (OTP) sent to them to authenticate (see below). They will be able to download any attachments once logged in.

Back to top

Do not forward

External users will receive an email with a link to the OME portal*. They can login with their email address or use a OTP to authenticate and view the message.

*Microsoft 365 recipients will see a native inline experience with a banner at the top of the message notifying them that the message is encrypted, and recipients cannot forward it (see below).

One caveat about users who receive an email with a link to the OME portal WILL be able to forward the encrypted message to other users, but only the initial recipients will be able to authenticate and view the message.

Back to top

Confidential

Confidential messages are only meant for internal use. External users will receive an email with a link to the OME portal but will be met with an error message (see below) when they try to access it. These messages can be forwarded and viewed internally, but can not be copied/printed.


Back to top

Confidential view only

These messages can only be viewed by the original internal recipients and cannot be forwarded. External users will receive an email with a link to the OME portal but will be met with the same error message as above when they try to access it.


A Note about Forwarding Rules

While “do not forward” and “confidential view only” messages cannot be manually forwarded, this can be bypassed if a client has a forwarding rule in place that forwards the message automatically. However, only the initial recipients should be able to view the message.

Back to top


If you are unable to solve your issue with this knowledge base article, please contact the USF IT Service Desk by using Chat at itchat.usf.edu, calling (813) 974-HELP (4357) or emailing help@usf.edu. 

If you find any errors or omissions in any knowledge base article, please contact and inform the USF IT Service Desk by calling (813) 974-HELP (4357) or emailing help@usf.edu.