Great video! They are all so helpful. I do have a Business Premium license, but the encryption lock does not show up in my New/Old Outlook or OWA. Any ideas?
If i click on "encrypt" a message box pops up saying that an encrypted message couldnt be created. If i do it in the web outlook online i get the error that the S/MIME extension isn't installed. How to solve this?
@Jonathan Edwards how does it work in Outlook, you showed how it works in OWA. Also I guess attachments appear in the outlook portal when the external user logs into it to view the encrypted email?
With the encryption and do not forward option activated, the recipient can still click reply and add someone in to the message, or delete to whom he is replying and input someone else, to whom he would like to forward this?
Thank you for your thorough explanation of encryption. If an email is initially encrypted does the threaded back and fourth communication remain encrypted?
HI Jonathan, thank you for you great videos. i am currently a personal user, but after watching some of your videos, i was thinking having a business premium licence would be a good idea to increase security, is that something you would recommend?
Cheers Jonathan, been working in IT for just under a year, and your videos are so helpful for understanding what's possible and even potentially some troubleshooting steps inside the various policies that have been created. thanks again
Your explanations are clear and easy to understand. Thanks to your videos, I've learned a lot and successfully applied that knowledge to my work. Wishing you continued health and success!
@Jonathan Edwards. Thanks for the knowledge. On which M365 service do we test/validate the 'Disable persistent browser session' after setting up the Conditional Access Policy?
Hello Jonathan, thank you for the great and helpful video! I'm bit confused when you created a label policy. There are two features for sensitivity label: "Label Policies" and "Auto - Labeling", could you please let me know the difference between these two policy features and how should we decide which to use? Based on my understanding, "Label Policies" allows you to apply labels manually, while "Auto - Labeling" will just apply labels to files and emails automatically. Please correct me if I was wrong and thank you!
What a great video, thank you I really enjoyed it. But..... please mind your attachments when using Encryption this way, especially when you automate the encryption. If you need more info, let me know. Kind regards.
really nice video. can you make one on the double key encryption feature for encryption in transport rules. would be nice to see an extra level of encyption deployment video. thanks!
how about an encrypted email sending from one company using M365 outlook to another company using M365 outlook as well? the recipient in Outlook will show the encrypted header? ( i tested it from 1 tenant to another tanant, it shows nothing about email encryption, why? )
That process is seamless, just like sending an internal email. You’ll still see the padlock next to the email and a header saying “This email is encrypted”
@bearded365guy A supplier got compromised their M365 user account, that account sent out Sharepoint Shared documents to several companies. People did not suspect the threat because they used to be in communication with the affected person. All of them ended up given away their session cookies to the attacker. Imagine how easy will he using a "fake" encrypted email. Hey! That is a good topic to cover in your channel "cookie sessions" to bypass MFA.
@@bearded365guyTo be honest, I had the same thought as @tuxmc. I think it would be crucial to ensure the branding is top-notch but also communicate beforehand with likely recipients that future emails may/will be encrypted and show what they will look like, what the recipients can and should do to validate authenticity and who they can contact if they have any concerns.
@@bearded365guy I agree with @tuxmc We learn ours customers to not click on links in emails, and especially not login with your credentials if you did click on it. Now, in Gmail or in de classic outlook you get this message. Since we have used this we received a callback from everyone that received this encrypted message to verify if it was actually us or people telling us that we are being spoofed on! Now with the new outlook, that is perfect but 80% of our customers do not use that version so this would be a disaster.
I am hooked to your videos, I mean I learn more from your videos rather than attending hours-long meetings with vendors telling us how much they need to be paid to implement best practices. Waiting for your full M365 course, is it still on track for this summer?
About the encrypted email send to external email (Gmail), i saw that to read the message that external must re-authenticate after click on "Read the message" button. I wonder if the receiver forward that email to other people, can he/she be able to read that message? if yes, then what is the point of encrypting the email?
No, they wouldn’t be able to do that. To read the message, the gmail user has to sign into gmail with their credentials. In the demo, my account was already signed in. Hope that clarifies!
Is there a way to incorporate this with DLP in Purview? I'm in the states and have a DLP policy for GLBA. From what I can tell in Purview, my options are limited. I can notify the user and an admin they've sent sensitive data, but then the only other option I really have is to block the content. Basically, I don't want to encrypt ALL emails, but I would like to automatically encrypt emails that trigger the DLP policy.
Think I found it, it's in the auto-label section, I can auto-label based on GLBA data classifications. They're not bundled up nicely into a single "GLBA" grouping, but I can add them individually to mimic what's available in DLP.
In attempting to do the branding portion, I get an error when trying to use the New-OME command. My PS states I only have access to Get-OMEConfiguration and Set-OMEConfiguration, not New-OMEConfiguration. Am I missing something?
For anyone else running into this - just using the Set command lets me do everything but I just have to modify the default OME Confiugration, which is fine since I don't currently understand a reason to have two. Please correct me if I'm missing something
@@bearded365guy I am. I also didn't have any of the azure information protection options available to me until I activated it through azure. I was able to completely modify the default ome to customize for my org, I just can't make a new one, and I'm using my GA account. I couldn't even make the email label until enabling it
Didn't work for me either. I did run PowerShell as administrator. Gives me this error: New-OMEConfiguration : The term 'New-OMEConfiguration' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again. At line:1 char:1 + New-OMEConfiguration -Identity "B365 branding templete" + ~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : ObjectNotFound: (New-OMEConfiguration:String) [], CommandNotFoundException + FullyQualifiedErrorId : CommandNotFoundException
Thank you, another amazing video, one question i am using Business Premium license but i do not see padlock sign in option, do i have to enable anything else on my admin portal ?