Microsoft cuts the hassle from email encryption with Office 365 upgrade

Office 365 Message Encryption uses Microsoft Exchange's EHE for easy mail security, but experts should look at its implementation

Two big complaints people have had about encrypted email often derail its use outside of a small circle. Complaint one: It's hard to use. Complaint two: You have to get the people on the receiving end of the email to use it as well (good luck with that), or it's useless.

Microsoft's newest Office 365 feature is intended to fix both of those problems at once. Named Office 365 Message Encryption, this new feature is actually an implementation of Microsoft Exchange's long-standing feature Exchange Hosted Encryption (EHE). It's likely Microsoft has built this on top of its existing Rights Management System, the mechanism Exchange has used to secure email against unauthorized forwarding or copying.

Office 365 Message Encryption works by sending encrypted emails as an HTML attachment. When the user opens the attachment, they'll be presented with instructions for signing in via an Office 365 or Microsoft Account. Once they're authenticated, the message is decrypted and shown to them in the browser via an interface much like that of Outlook Web Apps. Replies sent through Office 365 Message encryption are also encrypted. (Manual replies, however, such as those sent from your own email client, aren't encrypted.)

Most encrypted email solutions have been cumbersome, not just because they required third-party software at both ends to work, but because of all the other hoops that have to be jumped through. Enigmail, for instance, makes it much easier to work with OpenPGP encryption in Mozilla Thunderbird, but it still requires creating and managing public and private keys. Office 365 Message Encryption removes the need to deal with keypairs.

Many outfits have also previously marketed software that needs only to be run by the sender, which removes many of the hurdles needed to get the whole process working. (WinZip Courier, for instance, allows people to send encrypted attachments; large attachments are simply sent as a link to a hosted, encrypted file.) Likewise, there's been a slew of third-party add-ons to Exchange that have worked the same way, but Office 365 Message Encryption would bring that functionality to Office 365 users without the need for a non-Microsoft product or service.

One possible downside to the way Office 365 Message Encryption works: The recipient needs to have, or create, some manner of Microsoft credentials to read the encrypted message. An easy way to improve this would be to add authentication through one of a number of common third-party services (Facebook, Google, or Twitter).

Those who have Office 365 E3- and E4-level subscriptions will receive Office 365 Message Encryption as a standard part of their plans, and it'll be included for any users of Windows Azure Rights Management. The product itself will be available sometime in the first quarter of 2014. By that time, many other email providers (such as Yahoo) are almost certain to be looking into some form of encrypting everything as standard procedure.

This story, "Microsoft cuts the hassle from email encryption with Office 365 upgrade," was originally published at InfoWorld.com. Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog. For the latest developments in business technology news, follow InfoWorld.com on Twitter.

From CIO: 8 Free Online Courses to Grow Your Tech Skills
Join the discussion
Be the first to comment on this article. Our Commenting Policies