What message protection options are available for Office 365?

As of October 2018, IT Services has rolled out message protection for Office 365 users.

There are four message protection options:

  • Encrypt
  • Do Not Forward
  • Confidential (Office 365 users only)
  • Confidential - View Only (Office 365 users only)

Encrypt allows you to send encrypted messages to any recipient, whether they are inside the organization or not.  If the recipient is another Office 365 user and using Outlook, Outlook on the Web, or Outlook for mobile, they will be able to open the encrypted e-mail without any additonal steps.  If the recipient is outside of Office 365, they will receive an e-mail with a link to the message, which is securely stored on the Office 365 servers.  The recipient will need to sign-in with their Google account credentials, if the recipient is a @gmail.com address. If sent to another e-mail service, the recipient will need to sign in with a Microsoft account or one-time access code.  For more information on how to open a protected message, see https://support.office.com/en-us/article/How-do-I-open-a-protected-message-1157a286-8ecc-4b1e-ac43-2a608fbf3098?ui=en-US&rs=en-US&ad=US

Do Not Forward allows to you send an encrypted message, and also restricts the content and email from being forwarded, printed or copied.  Be aware that with this option, a user could still take a picture of the message using a camera.

University of Windsor - Confidential grants read and modify permissions for the protected content - for recipients using UWindsor Office 365 only


University of Windsor - Confidential View Only grants read-only permission for the protected content (cannot reply, forward, save, export) - for recipients using UWindsor Office 365 only.


How do I send protected messages?


Outlook on the Web:  Go to https://portal.office.com and sign in.  Click on the Outlook icon, compose a new message, and click "Protect", and then "Change Permissions" to select one of the other options:

Outlook for Windows:  To send encrypted mail using Outlook for Windows, you must be using Outlook 2016 version 1804 or later.  To check your version, click on File > Office Account.  Under about Outlook, the version number must be at least 1804.  If not, contact the Service Desk.  When composing a message, click on the Options tab in the ribbon, and click the Permission button.



Outlook for Mac:  When composing a message, click on the options tab in the ribbon, and click the Permissions button.  Currently, the only options are "Do not Forward, University of Windsor - Confidential and University of Windsor - Confidential View only."  "Encrypt" is coming soon.


Outlook for Mobile:  Currently protections are not available when composing e-mail.  However, you can read protected messages using Outlook for Mobile.


How do I know a message I receive is protected?


When you receive a protected message, the message in your inbox will have either a padlock icon (Outlook on the Web) or a "do not enter" icon (Outlook for Windows & Mac).  On Outlook, there will be no icon indicator on the message in your inbox.  For all three clients, when you open the message, there will be a header at the top of the message that indicates the message is protected, and with the policy it has been protected with.


How does an external user open a protected message?

If you send a protected message to an external user, (that is, someone outside of UWindsor's Office 365) they will receive a message from you like normal. The message however will have all the content removed and will only have a link with instructions on how to open the message.  They will need to authenticate with a Microsoft account or request a one-time access code. The access code will be e-mailed to the address you sent the original e-mail to.  If you sent the message to a @gmail.com or @yahoo.com account, the user can use their Gmail or Yahoo credentials.


As a phisher or spammer could send a similar looking e-mail in an attempt to harvest your username and password, check the "Read the message" link (blue box) by hovering over it and verifying that the URL that is displayed (usually where your pointer is, or down in the bottom bar of your browser) is pointing to https://outlook.office.com and not any other website.  The recipient address will be the e-mail address of the recipient, and the sender e-mail address will be the address of the sender (blocked out below):




100% helpful - 1 review


Article ID: 65083
Thu 10/11/18 11:38 AM
Mon 10/4/21 1:15 PM