Search This Blog

Wednesday, May 8, 2019

Office 365 Message Encryption Templates

We are able to use multiple custom email templates in Office 365.

This will allow us to use customized logos and text when sending encrypted emails.

By default Office 365 will use the following layout when an external recipient receives an encrypted email:


Let’s try to change this, first we need to connect to Exchange online and since we are using MFA, we will need to use the Exchange Online Remote PowerShell Module for multi-factor authentication.

You can find it in the Exchange Admin Center – Hybrid – Configure (The one that supports multi-factor):

Select Install:

You will get a link on the desktop where you can start the Exchange module, but when you do the installation it will auto launch.

Now connect with your UPN.

Connect-EXOPSSession –UserPrincipalName []

We need to verify that the tenant is configured for Information Protection, so lets do that with the command:

Get-IRMConfiguration | select azureRMSLicensingEnabled

The returned value must be True.

We need a logo file as the first thing with the following rules:

  • File formats: .png, .jpg, .bmp, or .tiff
  • Optimal size of logo file: less than 40 KB
  • Optimal size of logo image: 170x70 pixels

In this example I have placed the logo in the folder c:\Temp

In this test I will create one template for Danish recipients and one standard English for all other recipients, both with a Mindcore logo.

The Danish template example:

New-OMEConfiguration -Identity "Mindcore_Encrypted_DK" -SocialIdSignIn $true -OTPEnabled $true -PortalText "Mindcore" -DisclaimerText "Denne besked er fortrolig og kun tiltænkt dig som modtager." -EmailText "Krypteretbesked fra Mindcore." -ReadButtonText "Læs krypteret besked" -IntroductionText "har sendt dig en krypteret besked." -Image (Get-Content "C:\Temp\Mindcore_encrypt.png" -Encoding byte) -BackgroundColor "#004e6d"

And the English using the standard Office 365 text:

New-OMEConfiguration -Identity "Mindcore_Encrypted_EN" -SocialIdSignIn $true -OTPEnabled $true -PortalText "Mindcore"  -Image (Get-Content "C:\Temp\Mindcore_encrypt.png" -Encoding byte) -BackgroundColor "#004e6d"

You can later change the created template with the command Set-OMEConfiguration.

Go back to the Exchange Admin Center and select mail flowrules – Add – Apply custom branding to OME messages:

Name the rule and select Apply this rule if the sender is located internal:

Select Inside the organization.

Add one more condition:

In this condition select The recipient address matches any of these text patterns:

In this test I will use the pattern ^*.dk for mails to Danish email addresses, click + and OK:

In Do the following select Modify the message securityApply custom branding to OME messages:

Select the template we created for Danish:

Save the rule:

After the Danish rule we create an other rule for the rest of the recipients:

Rules with Priority:

Now let’s send an encrypted email to a .dk and a .com address:

Danish message to the .dk address:

English message to the .com address:

Notice that the tab in the browser is named Mindcore as expected and that the logo also is used when you sign in:

Logo is also shown when reading the message:

That's it for this time, now test in your own environment.

No comments:

Post a Comment