Encryption is now available within Office 365. The current rule will encrypt email from an @calpoly.edu address with the word [Encrypt] anywhere in the subject line.
The email recipient can be an internal Cal Poly address or an external address.
Sending an Encrypted Message
- A Cal Poly Office 365 user encrypts a message by adding [Encrypt] anywhere in the Subject line and sends the message.
- Microsoft detects the [Encrypt] trigger, encrypts the message and sends it to the recipient.
- The recipient receives a notification that they have been sent an encrypted message. The message contains an HTML attachment with some instructions and two options to access the message.
Viewing the Encrypted Message
- The first option is for the user to view the message by logging in with their Office 365 account.
- If the recipient is not on Office 365, the recipient will need to request a one-time passcode. The code is emailed to the address to which the encrypted message was sent to. The recipient enters the code on the login page and has the option to have the code work for only 15 minutes (default) or extend this to 12 hours if they are on a private computer. The recipient can always request another code if the first code expires.
- The message is then temporarily loaded into the Microsoft encrypted server to be displayed for the recipient. The recipient can reply or forward the message from this area if they wish. A reply or forward from this interface will be sent as an encrypted message, even from external users.
Additional Information on Encryption
- Inbound messages coming from firstname.lastname@example.org addresses with [Encrypt] in the Subject will not be encrypted.
- Messages sent to a Sympa email list will have mixed results. List members could possibly open the message using the one-time passcode method but only if the email list is configured to allow the Microsoft server to send the code to the list. The Sympa list would need to be configured to have the Send option set to Public, or have the MicrosoftOffice365@messaging.microsoft.com account listed as an owner/moderator.
- Messages sent from:
- An IMAP client which is using the Cal Poly outgoing mail servers (mail.calpoly.edu or smtp.calpoly.edu) will not be encrypted to either internal or external users. These messages are routed by the Ironport servers, which do not contain the encryption processing.
- An IMAP client that is using Microsoft's outgoing mail server (smtp.office365.com) will be encrypted to both internal and external recipients.
- Any email client using an Exchange setup will be encrypted to both internal and external recipients. This is the recommended setup for campus desktop Outlook clients and most mobile email clients