Skip to content Skip to main navigation Report an accessibility issue

OIT News

Using Microsoft 365 email encryption

Microsoft 365 Email Encryption

Microsoft is changing the functionality when you use encrypt in the subject of your emails to secure your messages sent from Microsoft 365. This change will occur for the University of Tennessee on June 1, 2022. 

Some of the benefits of the new functionality include: 

  • Incorporating a native inline experience for Microsoft 365 recipients 
  • Seeing the banner at the top of all secure messages indicates that it is encrypted. 
  • Sending automated messages securely from systems and applications, such as Argos and Banner
  • Access for external recipients through Microsoft’s portal; no download or app is required.  

One of the drawbacks of Microsoft’s new encryption platform is that this functionality will not work for UT faculty, staff, and students who use UT’s Gmail as their preferred mailbox. We recommend using Vault when sending secure messages to those users.   

Microsoft is moving from the current legacy Office 365 message encryption (OME) to the recommended modern version (Microsoft Purview Message Encryption). With Office 365 Message Encryption, UT members can send and receive encrypted email messages between people inside and outside your organization. Unlike the previous version of OME, the new capabilities provide a unified sender experience whether you’re sending mail inside your organization or to recipients outside of Microsoft 365.

In the current legacy version, recipients receive an HTML message, which they download and open in a web browser or mobile app. The modern version incorporates a native inline experience for Microsoft 365 recipients. All other recipients can read the message from the OME portal (no download or app required).

Non-UT Accounts outside of Microsoft 365, such as personal Gmail, Yahoo, and Microsoft accounts, are federated with the OME portal, which provides a better user experience for these recipients. All other identities use a one-time passcode to access encrypted messages.