Page Menu

Send Secure Email With Office 365 Message Encryption

Office 365 Message Encryption - Secure Email

The purpose of an encrypted email is to maintain the confidentiality of data.  Encryption conceals the content of a message by translating it into code. It’s especially useful when you need to send sensitive information that other people should not be able to access. Because email is sent over the internet, it is subject to being intercepted by hackers. Encryption adds a valuable layer of security to ensure that your message can only be read by the intended recipient.


Top 5 Questions:

How do I send a secure email with Office 365 Message Encryption?
By simply putting the word SECURE in the subject line of your UMass Chan email, your message will be encrypted. Encryption can be activated by selecting the Encrypt function from the Outlook Mail client or Office 365 Outlook on the web.

How can non-UMass Chan individuals send me a secure email?
Create an E-Mail containing the word SECURE in the subject line, and send to recipient with whom you’d like to establish an encrypted e-mail thread. 

The email recipient should reply to the e-mail in the Encrypted Message, this ensures their reply will be received via an Encrypted Channel.

Further correspondence can occur via the typical reply mechanisms, all through the encrypted message thread. The key component of this workflow is that the initial message must originate from a UMass Chan Medical School e-mail address and be encrypted (via the word SECURE in the subject line).

By using secure email, will both my email and attachments be encrypted?
Yes, Office 365 Message Encryption encrypts the entire communication including attachments.

How long until the encrypted message expires?
Encrypted emails will be available to the recipient for 7 days

What if we already use TLS? 
If the Medical School has a "TLS" relationship established with another organization's email, secure is not required. If the word secure is in the subject of an email going to an address that's already registered within TLS, the email will not require the recipient to create an account. If you would like to confirm the listing of domains/organizations we have TLS set up with, please visit the following inside page: Listing of TLS

How do I request that a TLS relationship be established?

TLS relationships can be requested via ServiceNow Helpdesk ticket.  You will need to identify the domain name of the other party within the ticket.

A request should also be made to the other party to have them request that their IT department establish a TLS relationship in their environment.

Office 365 Office Message Encryption

How do I send a secure email?

Proofpoint send

As of Fall 2019, to send a secure email with Microsoft Office Message Encryption, you will simply need to put the word SECURE (case-insensitive) in the subject line of your email.  

Secure Proofpoint

Additionally, there is the option to set the permission level on the e-mail, which will force Encryption to external receipients. The first time the Permission button is used, you will need to click to connect to the Rights Management servers.

Secure Proofpoint

Unrestricted Access does NOT encrypt a given e-mail, and therefore should NOT be selected when sending Encrypted e-mail. Encrypt-Only has a less restrictive permission set than Do Not Forward, as Do Not Forward will prevent downloading of the message as well as forwarding to additional recipients.


What happens when an external recipient receives a Microsoft OME email?

Proofpoint Email

The recipient will be given seven days to read the message.  If the user does not have a Microsoft account, they will be asked to register or request a one time passcode in order to gain access to the message:


Proofpoint Account Setup


Otherwise, they will be directed to sign-in to their Microsoft Account in order to view the encrypted message.