Great video! They are all so helpful. I do have a Business Premium license, but the encryption lock does not show up in my New/Old Outlook or OWA. Any ideas?
If i click on "encrypt" a message box pops up saying that an encrypted message couldnt be created. If i do it in the web outlook online i get the error that the S/MIME extension isn't installed. How to solve this?
@Jonathan Edwards how does it work in Outlook, you showed how it works in OWA. Also I guess attachments appear in the outlook portal when the external user logs into it to view the encrypted email?
Thank you for your thorough explanation of encryption. If an email is initially encrypted does the threaded back and fourth communication remain encrypted?
With the encryption and do not forward option activated, the recipient can still click reply and add someone in to the message, or delete to whom he is replying and input someone else, to whom he would like to forward this?
Cheers Jonathan, been working in IT for just under a year, and your videos are so helpful for understanding what's possible and even potentially some troubleshooting steps inside the various policies that have been created. thanks again
HI Jonathan, thank you for you great videos. i am currently a personal user, but after watching some of your videos, i was thinking having a business premium licence would be a good idea to increase security, is that something you would recommend?
Your explanations are clear and easy to understand. Thanks to your videos, I've learned a lot and successfully applied that knowledge to my work. Wishing you continued health and success!
really nice video. can you make one on the double key encryption feature for encryption in transport rules. would be nice to see an extra level of encyption deployment video. thanks!
Hello Jonathan, thank you for the great and helpful video! I'm bit confused when you created a label policy. There are two features for sensitivity label: "Label Policies" and "Auto - Labeling", could you please let me know the difference between these two policy features and how should we decide which to use? Based on my understanding, "Label Policies" allows you to apply labels manually, while "Auto - Labeling" will just apply labels to files and emails automatically. Please correct me if I was wrong and thank you!
@Jonathan Edwards. Thanks for the knowledge. On which M365 service do we test/validate the 'Disable persistent browser session' after setting up the Conditional Access Policy?
What a great video, thank you I really enjoyed it. But..... please mind your attachments when using Encryption this way, especially when you automate the encryption. If you need more info, let me know. Kind regards.
how about an encrypted email sending from one company using M365 outlook to another company using M365 outlook as well? the recipient in Outlook will show the encrypted header? ( i tested it from 1 tenant to another tanant, it shows nothing about email encryption, why? )
That process is seamless, just like sending an internal email. You’ll still see the padlock next to the email and a header saying “This email is encrypted”
@bearded365guy A supplier got compromised their M365 user account, that account sent out Sharepoint Shared documents to several companies. People did not suspect the threat because they used to be in communication with the affected person. All of them ended up given away their session cookies to the attacker. Imagine how easy will he using a "fake" encrypted email. Hey! That is a good topic to cover in your channel "cookie sessions" to bypass MFA.
@@bearded365guyTo be honest, I had the same thought as @tuxmc. I think it would be crucial to ensure the branding is top-notch but also communicate beforehand with likely recipients that future emails may/will be encrypted and show what they will look like, what the recipients can and should do to validate authenticity and who they can contact if they have any concerns.
@@bearded365guy I agree with @tuxmc We learn ours customers to not click on links in emails, and especially not login with your credentials if you did click on it. Now, in Gmail or in de classic outlook you get this message. Since we have used this we received a callback from everyone that received this encrypted message to verify if it was actually us or people telling us that we are being spoofed on! Now with the new outlook, that is perfect but 80% of our customers do not use that version so this would be a disaster.
I am hooked to your videos, I mean I learn more from your videos rather than attending hours-long meetings with vendors telling us how much they need to be paid to implement best practices. Waiting for your full M365 course, is it still on track for this summer?
About the encrypted email send to external email (Gmail), i saw that to read the message that external must re-authenticate after click on "Read the message" button. I wonder if the receiver forward that email to other people, can he/she be able to read that message? if yes, then what is the point of encrypting the email?
No, they wouldn’t be able to do that. To read the message, the gmail user has to sign into gmail with their credentials. In the demo, my account was already signed in. Hope that clarifies!
Is there a way to incorporate this with DLP in Purview? I'm in the states and have a DLP policy for GLBA. From what I can tell in Purview, my options are limited. I can notify the user and an admin they've sent sensitive data, but then the only other option I really have is to block the content. Basically, I don't want to encrypt ALL emails, but I would like to automatically encrypt emails that trigger the DLP policy.
Think I found it, it's in the auto-label section, I can auto-label based on GLBA data classifications. They're not bundled up nicely into a single "GLBA" grouping, but I can add them individually to mimic what's available in DLP.
In attempting to do the branding portion, I get an error when trying to use the New-OME command. My PS states I only have access to Get-OMEConfiguration and Set-OMEConfiguration, not New-OMEConfiguration. Am I missing something?
For anyone else running into this - just using the Set command lets me do everything but I just have to modify the default OME Confiugration, which is fine since I don't currently understand a reason to have two. Please correct me if I'm missing something
@@bearded365guy I am. I also didn't have any of the azure information protection options available to me until I activated it through azure. I was able to completely modify the default ome to customize for my org, I just can't make a new one, and I'm using my GA account. I couldn't even make the email label until enabling it
Didn't work for me either. I did run PowerShell as administrator. Gives me this error: New-OMEConfiguration : The term 'New-OMEConfiguration' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again. At line:1 char:1 + New-OMEConfiguration -Identity "B365 branding templete" + ~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : ObjectNotFound: (New-OMEConfiguration:String) [], CommandNotFoundException + FullyQualifiedErrorId : CommandNotFoundException
Thank you, another amazing video, one question i am using Business Premium license but i do not see padlock sign in option, do i have to enable anything else on my admin portal ?
Great video! They are all so helpful. I do have a Business Premium license, but the encryption lock does not show up in my New/Old Outlook or OWA. Any ideas?
Ah, you will need to run a powershell script to enable it…. I will try and make a short video.
@@bearded365guy this would be super helpful! Exactly what I also need!
If i click on "encrypt" a message box pops up saying that an encrypted message couldnt be created. If i do it in the web outlook online i get the error that the S/MIME extension isn't installed. How to solve this?
@Jonathan Edwards how does it work in Outlook, you showed how it works in OWA. Also I guess attachments appear in the outlook portal when the external user logs into it to view the encrypted email?
Thank you for your thorough explanation of encryption. If an email is initially encrypted does the threaded back and fourth communication remain encrypted?
With the encryption and do not forward option activated, the recipient can still click reply and add someone in to the message, or delete to whom he is replying and input someone else, to whom he would like to forward this?
I wanted to know if the attachments can also be encrypted with this option and a way for the recipient to decrypt it?
Cheers Jonathan, been working in IT for just under a year, and your videos are so helpful for understanding what's possible and even potentially some troubleshooting steps inside the various policies that have been created.
thanks again
@@HandZ_gaming Great to hear!
HI Jonathan, thank you for you great videos. i am currently a personal user, but after watching some of your videos, i was thinking having a business premium licence would be a good idea to increase security, is that something you would recommend?
Yes, I would. For £18.10 per license/per month for Business Premium (in your own currency), you get so many features and apps.
Why you just create encrypt under do the following in the exchange rule instead the sensitivity policy
The label dictates the behaviour and settings.
Thanks for this video. Your gmail address is visible so I do not know if you want to block that.
Yes, realised that afterwards. Nevermind.
Your videos are just amazing. Short, precise, at point and funny too. Really helpful 😊
Your explanations are clear and easy to understand. Thanks to your videos, I've learned a lot and successfully applied that knowledge to my work. Wishing you continued health and success!
Love to hear that!
really nice video. can you make one on the double key encryption feature for encryption in transport rules. would be nice to see an extra level of encyption deployment video. thanks!
I’ll add it to the list
@@bearded365guy thanks! 🥳
You have to have Microsoft 365 E3 license for this to work right?
@@obee-one No, Business Premium
Hello Jonathan, thank you for the great and helpful video! I'm bit confused when you created a label policy. There are two features for sensitivity label: "Label Policies" and "Auto - Labeling", could you please let me know the difference between these two policy features and how should we decide which to use?
Based on my understanding, "Label Policies" allows you to apply labels manually, while "Auto - Labeling" will just apply labels to files and emails automatically. Please correct me if I was wrong and thank you!
@Jonathan Edwards. Thanks for the knowledge. On which M365 service do we test/validate the 'Disable persistent browser session' after setting up the Conditional Access Policy?
What a great video, thank you I really enjoyed it. But..... please mind your attachments when using Encryption this way, especially when you automate the encryption. If you need more info, let me know. Kind regards.
how about an encrypted email sending from one company using M365 outlook to another company using M365 outlook as well? the recipient in Outlook will show the encrypted header? ( i tested it from 1 tenant to another tanant, it shows nothing about email encryption, why? )
That process is seamless, just like sending an internal email. You’ll still see the padlock next to the email and a header saying “This email is encrypted”
It would be nice if M365 would offer signing of email. Or even BIMI.
You are the bearded man!
did it like in the video but still didnt work. maybe ill have to leave it till tomorrow for it to kick in or something
The label can take 24 hours…
@@bearded365guy yeah figured. Thanks!
For some reason I don't have the "lock"/encryption option.
It works when I use the browser, but when I use the app it lets me print and forward
Thank you as always. Always appreciate how you take things Microsoft makes more complex than necessary and break it down.
Thank you Jonathan for this good explanatory video.
Encryption is one thing.
But how to sign (digitally) also via Microsoft 365 ?
Stay tuned…
Unfortunately, that encrypted email looks like a phishing email. Tech companies should come out with a solution together
Do you think? I think if more time is spent on the customisation and text, then it wouldn’t look like a phishing email.
@bearded365guy A supplier got compromised their M365 user account, that account sent out Sharepoint Shared documents to several companies. People did not suspect the threat because they used to be in communication with the affected person. All of them ended up given away their session cookies to the attacker. Imagine how easy will he using a "fake" encrypted email. Hey! That is a good topic to cover in your channel "cookie sessions" to bypass MFA.
@@bearded365guyTo be honest, I had the same thought as @tuxmc. I think it would be crucial to ensure the branding is top-notch but also communicate beforehand with likely recipients that future emails may/will be encrypted and show what they will look like, what the recipients can and should do to validate authenticity and who they can contact if they have any concerns.
I agree. Unless I had been explicitly told to expect such an email, alarm bells would be going off in my head.
@@bearded365guy I agree with @tuxmc We learn ours customers to not click on links in emails, and especially not login with your credentials if you did click on it. Now, in Gmail or in de classic outlook you get this message. Since we have used this we received a callback from everyone that received this encrypted message to verify if it was actually us or people telling us that we are being spoofed on!
Now with the new outlook, that is perfect but 80% of our customers do not use that version so this would be a disaster.
I am hooked to your videos, I mean I learn more from your videos rather than attending hours-long meetings with vendors telling us how much they need to be paid to implement best practices. Waiting for your full M365 course, is it still on track for this summer?
Hi mate, thanks….. yes, it’s on track……. I just need to bury myself in the studio and film the videos instead of watching Euros 24 ⚽️
@@bearded365guy i know you will be recording pretty soon then. Not like England have a chance. :D
@@adventuresofa9jaguy322 You’re right about that!!!
@@bearded365guy 😂 😂
@@bearded365guy great, yeah indeed It is a hard decision to make here.
About the encrypted email send to external email (Gmail), i saw that to read the message that external must re-authenticate after click on "Read the message" button. I wonder if the receiver forward that email to other people, can he/she be able to read that message? if yes, then what is the point of encrypting the email?
No, they wouldn’t be able to do that. To read the message, the gmail user has to sign into gmail with their credentials. In the demo, my account was already signed in. Hope that clarifies!
i sent this to my boss because i dont want to get fired.
Would this avoid the need for client portal when sending documents securely?
Hi Peter, yes it would.
Is there a way to incorporate this with DLP in Purview? I'm in the states and have a DLP policy for GLBA. From what I can tell in Purview, my options are limited. I can notify the user and an admin they've sent sensitive data, but then the only other option I really have is to block the content. Basically, I don't want to encrypt ALL emails, but I would like to automatically encrypt emails that trigger the DLP policy.
Think I found it, it's in the auto-label section, I can auto-label based on GLBA data classifications. They're not bundled up nicely into a single "GLBA" grouping, but I can add them individually to mimic what's available in DLP.
@@robertneal1973 Yes you can….. but you know that now!
Fantastic guide as always! I share your videos with my team regularly, straight to the point & easy to follow.
Thank you.
Help for microsoft
In attempting to do the branding portion, I get an error when trying to use the New-OME command. My PS states I only have access to Get-OMEConfiguration and Set-OMEConfiguration, not New-OMEConfiguration. Am I missing something?
For anyone else running into this - just using the Set command lets me do everything but I just have to modify the default OME Confiugration, which is fine since I don't currently understand a reason to have two. Please correct me if I'm missing something
Are you running PowerShell as admin?
@@bearded365guy I am. I also didn't have any of the azure information protection options available to me until I activated it through azure. I was able to completely modify the default ome to customize for my org, I just can't make a new one, and I'm using my GA account. I couldn't even make the email label until enabling it
Didn't work for me either. I did run PowerShell as administrator. Gives me this error:
New-OMEConfiguration : The term 'New-OMEConfiguration' is not recognized as the name of a cmdlet, function, script
file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct
and try again.
At line:1 char:1
+ New-OMEConfiguration -Identity "B365 branding templete"
+ ~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (New-OMEConfiguration:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException
@@davidmatveyev4210 you should be able to use the Set command instead of the new command and just change the default ome config
Awesome
Yer gmail address is still shown in the browser tab. 😳 Don’t worry. I won’t tell.
Yeah, I know!
Thank you, another amazing video, one question i am using Business Premium license but i do not see padlock sign in option, do i have to enable anything else on my admin portal ?
It seems something missing, is there any prerequisite for this?