Cheers Jonathan, been working in IT for just under a year, and your videos are so helpful for understanding what's possible and even potentially some troubleshooting steps inside the various policies that have been created. thanks again
Thank you for your thorough explanation of encryption. If an email is initially encrypted does the threaded back and fourth communication remain encrypted?
Your explanations are clear and easy to understand. Thanks to your videos, I've learned a lot and successfully applied that knowledge to my work. Wishing you continued health and success!
Great video! They are all so helpful. I do have a Business Premium license, but the encryption lock does not show up in my New/Old Outlook or OWA. Any ideas?
Hi Jonathan, thank you a lot for such useful video. Would you mind to explain why we can't just use the predefined RMS Template 'Encrypt' (10:48 on your video) instead of creating the personal label?
Hello Jonathan, thank you for the great and helpful video! I'm bit confused when you created a label policy. There are two features for sensitivity label: "Label Policies" and "Auto - Labeling", could you please let me know the difference between these two policy features and how should we decide which to use? Based on my understanding, "Label Policies" allows you to apply labels manually, while "Auto - Labeling" will just apply labels to files and emails automatically. Please correct me if I was wrong and thank you!
Месяц назад
Nice Video - just a couple of questions - by default your emails in MS 365 is NOT encrypted right? - that means by default your exchange online admin could see what you sent right? But if you have the license and you were to encrypt the data and you were to go to mail trace the exchange admin wont be able to see the email right? Also with outlook signatures could you by using your script grab the job title attribute in entraid and use that in the outlook signature? cause most people have their job titles in their signature. thank for your god level knowledge !
really nice video. can you make one on the double key encryption feature for encryption in transport rules. would be nice to see an extra level of encyption deployment video. thanks!
I am hooked to your videos, I mean I learn more from your videos rather than attending hours-long meetings with vendors telling us how much they need to be paid to implement best practices. Waiting for your full M365 course, is it still on track for this summer?
@Jonathan Edwards how does it work in Outlook, you showed how it works in OWA. Also I guess attachments appear in the outlook portal when the external user logs into it to view the encrypted email?
What a great video, thank you I really enjoyed it. But..... please mind your attachments when using Encryption this way, especially when you automate the encryption. If you need more info, let me know. Kind regards.
HI Jonathan, thank you for you great videos. i am currently a personal user, but after watching some of your videos, i was thinking having a business premium licence would be a good idea to increase security, is that something you would recommend?
@Jonathan Edwards. Thanks for the knowledge. On which M365 service do we test/validate the 'Disable persistent browser session' after setting up the Conditional Access Policy?
Hey Jonathan, love the video! I am running into a bit of a snag. I created the Sensitivity label, but when I go to setting the rule conditions "Rights protect message with" to select the RMS template the label isn't populating. It just says "No data Available." Any and all help is appreciated!
@@bearded365guy Thanks for such a quick response! Latest update is that it has now been 24 hours and the changes I made have come through! Love all the videos you post, they have been such a huge help for me and our company. Seriously, can't thank you enough!
With the encryption and do not forward option activated, the recipient can still click reply and add someone in to the message, or delete to whom he is replying and input someone else, to whom he would like to forward this?
Is there a way to incorporate this with DLP in Purview? I'm in the states and have a DLP policy for GLBA. From what I can tell in Purview, my options are limited. I can notify the user and an admin they've sent sensitive data, but then the only other option I really have is to block the content. Basically, I don't want to encrypt ALL emails, but I would like to automatically encrypt emails that trigger the DLP policy.
Think I found it, it's in the auto-label section, I can auto-label based on GLBA data classifications. They're not bundled up nicely into a single "GLBA" grouping, but I can add them individually to mimic what's available in DLP.
Thank you, another amazing video, one question i am using Business Premium license but i do not see padlock sign in option, do i have to enable anything else on my admin portal ?
how about an encrypted email sending from one company using M365 outlook to another company using M365 outlook as well? the recipient in Outlook will show the encrypted header? ( i tested it from 1 tenant to another tanant, it shows nothing about email encryption, why? )
That process is seamless, just like sending an internal email. You’ll still see the padlock next to the email and a header saying “This email is encrypted”
About the encrypted email send to external email (Gmail), i saw that to read the message that external must re-authenticate after click on "Read the message" button. I wonder if the receiver forward that email to other people, can he/she be able to read that message? if yes, then what is the point of encrypting the email?
No, they wouldn’t be able to do that. To read the message, the gmail user has to sign into gmail with their credentials. In the demo, my account was already signed in. Hope that clarifies!
If i click on "encrypt" a message box pops up saying that an encrypted message couldnt be created. If i do it in the web outlook online i get the error that the S/MIME extension isn't installed. How to solve this?
In attempting to do the branding portion, I get an error when trying to use the New-OME command. My PS states I only have access to Get-OMEConfiguration and Set-OMEConfiguration, not New-OMEConfiguration. Am I missing something?
For anyone else running into this - just using the Set command lets me do everything but I just have to modify the default OME Confiugration, which is fine since I don't currently understand a reason to have two. Please correct me if I'm missing something
@@bearded365guy I am. I also didn't have any of the azure information protection options available to me until I activated it through azure. I was able to completely modify the default ome to customize for my org, I just can't make a new one, and I'm using my GA account. I couldn't even make the email label until enabling it
Didn't work for me either. I did run PowerShell as administrator. Gives me this error: New-OMEConfiguration : The term 'New-OMEConfiguration' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again. At line:1 char:1 + New-OMEConfiguration -Identity "B365 branding templete" + ~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : ObjectNotFound: (New-OMEConfiguration:String) [], CommandNotFoundException + FullyQualifiedErrorId : CommandNotFoundException
@bearded365guy A supplier got compromised their M365 user account, that account sent out Sharepoint Shared documents to several companies. People did not suspect the threat because they used to be in communication with the affected person. All of them ended up given away their session cookies to the attacker. Imagine how easy will he using a "fake" encrypted email. Hey! That is a good topic to cover in your channel "cookie sessions" to bypass MFA.
@@bearded365guyTo be honest, I had the same thought as @tuxmc. I think it would be crucial to ensure the branding is top-notch but also communicate beforehand with likely recipients that future emails may/will be encrypted and show what they will look like, what the recipients can and should do to validate authenticity and who they can contact if they have any concerns.
@@bearded365guy I agree with @tuxmc We learn ours customers to not click on links in emails, and especially not login with your credentials if you did click on it. Now, in Gmail or in de classic outlook you get this message. Since we have used this we received a callback from everyone that received this encrypted message to verify if it was actually us or people telling us that we are being spoofed on! Now with the new outlook, that is perfect but 80% of our customers do not use that version so this would be a disaster.
Cheers Jonathan, been working in IT for just under a year, and your videos are so helpful for understanding what's possible and even potentially some troubleshooting steps inside the various policies that have been created.
thanks again
@@HandZ_gaming Great to hear!
Thank you for your thorough explanation of encryption. If an email is initially encrypted does the threaded back and fourth communication remain encrypted?
Your explanations are clear and easy to understand. Thanks to your videos, I've learned a lot and successfully applied that knowledge to my work. Wishing you continued health and success!
Love to hear that!
Thank you as always. Always appreciate how you take things Microsoft makes more complex than necessary and break it down.
Great video! They are all so helpful. I do have a Business Premium license, but the encryption lock does not show up in my New/Old Outlook or OWA. Any ideas?
Ah, you will need to run a powershell script to enable it…. I will try and make a short video.
@@bearded365guy this would be super helpful! Exactly what I also need!
Hi Jonathan, thank you a lot for such useful video. Would you mind to explain why we can't just use the predefined RMS Template 'Encrypt' (10:48 on your video) instead of creating the personal label?
Fantastic guide as always! I share your videos with my team regularly, straight to the point & easy to follow.
Thank you.
Hello Jonathan, thank you for the great and helpful video! I'm bit confused when you created a label policy. There are two features for sensitivity label: "Label Policies" and "Auto - Labeling", could you please let me know the difference between these two policy features and how should we decide which to use?
Based on my understanding, "Label Policies" allows you to apply labels manually, while "Auto - Labeling" will just apply labels to files and emails automatically. Please correct me if I was wrong and thank you!
Nice Video - just a couple of questions - by default your emails in MS 365 is NOT encrypted right? - that means by default your exchange online admin could see what you sent right? But if you have the license and you were to encrypt the data and you were to go to mail trace the exchange admin wont be able to see the email right? Also with outlook signatures could you by using your script grab the job title attribute in entraid and use that in the outlook signature? cause most people have their job titles in their signature. thank for your god level knowledge !
really nice video. can you make one on the double key encryption feature for encryption in transport rules. would be nice to see an extra level of encyption deployment video. thanks!
I’ll add it to the list
@@bearded365guy thanks! 🥳
I am hooked to your videos, I mean I learn more from your videos rather than attending hours-long meetings with vendors telling us how much they need to be paid to implement best practices. Waiting for your full M365 course, is it still on track for this summer?
Hi mate, thanks….. yes, it’s on track……. I just need to bury myself in the studio and film the videos instead of watching Euros 24 ⚽️
@@bearded365guy i know you will be recording pretty soon then. Not like England have a chance. :D
@@adventuresofa9jaguy322 You’re right about that!!!
@@bearded365guy 😂 😂
@@bearded365guy great, yeah indeed It is a hard decision to make here.
@Jonathan Edwards how does it work in Outlook, you showed how it works in OWA. Also I guess attachments appear in the outlook portal when the external user logs into it to view the encrypted email?
What a great video, thank you I really enjoyed it. But..... please mind your attachments when using Encryption this way, especially when you automate the encryption. If you need more info, let me know. Kind regards.
HI Jonathan, thank you for you great videos. i am currently a personal user, but after watching some of your videos, i was thinking having a business premium licence would be a good idea to increase security, is that something you would recommend?
Yes, I would. For £18.10 per license/per month for Business Premium (in your own currency), you get so many features and apps.
@Jonathan Edwards. Thanks for the knowledge. On which M365 service do we test/validate the 'Disable persistent browser session' after setting up the Conditional Access Policy?
Thank you Jonathan for this good explanatory video.
Encryption is one thing.
But how to sign (digitally) also via Microsoft 365 ?
Stay tuned…
Hey Jonathan, love the video! I am running into a bit of a snag. I created the Sensitivity label, but when I go to setting the rule conditions "Rights protect message with" to select the RMS template the label isn't populating. It just says "No data Available." Any and all help is appreciated!
@@JustinThomopalos How long since you created the label? Can take a number of hours…..
@@bearded365guy Thanks for such a quick response! Latest update is that it has now been 24 hours and the changes I made have come through! Love all the videos you post, they have been such a huge help for me and our company. Seriously, can't thank you enough!
Great video, but get the following error "Rights Management is not active for the tenant". at the end any suggestions?
It would be nice if M365 would offer signing of email. Or even BIMI.
I wanted to know if the attachments can also be encrypted with this option and a way for the recipient to decrypt it?
You have to have Microsoft 365 E3 license for this to work right?
@@obee-one No, Business Premium
Your videos are just amazing. Short, precise, at point and funny too. Really helpful 😊
Would this avoid the need for client portal when sending documents securely?
Hi Peter, yes it would.
With the encryption and do not forward option activated, the recipient can still click reply and add someone in to the message, or delete to whom he is replying and input someone else, to whom he would like to forward this?
Is there a way to incorporate this with DLP in Purview? I'm in the states and have a DLP policy for GLBA. From what I can tell in Purview, my options are limited. I can notify the user and an admin they've sent sensitive data, but then the only other option I really have is to block the content. Basically, I don't want to encrypt ALL emails, but I would like to automatically encrypt emails that trigger the DLP policy.
Think I found it, it's in the auto-label section, I can auto-label based on GLBA data classifications. They're not bundled up nicely into a single "GLBA" grouping, but I can add them individually to mimic what's available in DLP.
@@robertneal1973 Yes you can….. but you know that now!
Awesome
Thank you, another amazing video, one question i am using Business Premium license but i do not see padlock sign in option, do i have to enable anything else on my admin portal ?
It seems something missing, is there any prerequisite for this?
how about an encrypted email sending from one company using M365 outlook to another company using M365 outlook as well? the recipient in Outlook will show the encrypted header? ( i tested it from 1 tenant to another tanant, it shows nothing about email encryption, why? )
That process is seamless, just like sending an internal email. You’ll still see the padlock next to the email and a header saying “This email is encrypted”
Why you just create encrypt under do the following in the exchange rule instead the sensitivity policy
The label dictates the behaviour and settings.
About the encrypted email send to external email (Gmail), i saw that to read the message that external must re-authenticate after click on "Read the message" button. I wonder if the receiver forward that email to other people, can he/she be able to read that message? if yes, then what is the point of encrypting the email?
No, they wouldn’t be able to do that. To read the message, the gmail user has to sign into gmail with their credentials. In the demo, my account was already signed in. Hope that clarifies!
For some reason I don't have the "lock"/encryption option.
If i click on "encrypt" a message box pops up saying that an encrypted message couldnt be created. If i do it in the web outlook online i get the error that the S/MIME extension isn't installed. How to solve this?
In attempting to do the branding portion, I get an error when trying to use the New-OME command. My PS states I only have access to Get-OMEConfiguration and Set-OMEConfiguration, not New-OMEConfiguration. Am I missing something?
For anyone else running into this - just using the Set command lets me do everything but I just have to modify the default OME Confiugration, which is fine since I don't currently understand a reason to have two. Please correct me if I'm missing something
Are you running PowerShell as admin?
@@bearded365guy I am. I also didn't have any of the azure information protection options available to me until I activated it through azure. I was able to completely modify the default ome to customize for my org, I just can't make a new one, and I'm using my GA account. I couldn't even make the email label until enabling it
Didn't work for me either. I did run PowerShell as administrator. Gives me this error:
New-OMEConfiguration : The term 'New-OMEConfiguration' is not recognized as the name of a cmdlet, function, script
file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct
and try again.
At line:1 char:1
+ New-OMEConfiguration -Identity "B365 branding templete"
+ ~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (New-OMEConfiguration:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException
@@davidmatveyev4210 you should be able to use the Set command instead of the new command and just change the default ome config
You are the bearded man!
did it like in the video but still didnt work. maybe ill have to leave it till tomorrow for it to kick in or something
The label can take 24 hours…
@@bearded365guy yeah figured. Thanks!
It works when I use the browser, but when I use the app it lets me print and forward
Thanks for this video. Your gmail address is visible so I do not know if you want to block that.
Yes, realised that afterwards. Nevermind.
Help for microsoft
i sent this to my boss because i dont want to get fired.
Unfortunately, that encrypted email looks like a phishing email. Tech companies should come out with a solution together
Do you think? I think if more time is spent on the customisation and text, then it wouldn’t look like a phishing email.
@bearded365guy A supplier got compromised their M365 user account, that account sent out Sharepoint Shared documents to several companies. People did not suspect the threat because they used to be in communication with the affected person. All of them ended up given away their session cookies to the attacker. Imagine how easy will he using a "fake" encrypted email. Hey! That is a good topic to cover in your channel "cookie sessions" to bypass MFA.
@@bearded365guyTo be honest, I had the same thought as @tuxmc. I think it would be crucial to ensure the branding is top-notch but also communicate beforehand with likely recipients that future emails may/will be encrypted and show what they will look like, what the recipients can and should do to validate authenticity and who they can contact if they have any concerns.
I agree. Unless I had been explicitly told to expect such an email, alarm bells would be going off in my head.
@@bearded365guy I agree with @tuxmc We learn ours customers to not click on links in emails, and especially not login with your credentials if you did click on it. Now, in Gmail or in de classic outlook you get this message. Since we have used this we received a callback from everyone that received this encrypted message to verify if it was actually us or people telling us that we are being spoofed on!
Now with the new outlook, that is perfect but 80% of our customers do not use that version so this would be a disaster.
Yer gmail address is still shown in the browser tab. 😳 Don’t worry. I won’t tell.
Yeah, I know!