On February 23rd, 2022 I was lucky enough to present at CollabDays UK. The venue for this event was the National Museum for Computing on Bletchley Park. This is a great museum if you’re into all types of computers. From the “Witch”, the “Bombe” and the “Colossus”, all the way to the more modern-day type devices.
As a history buff, I was truly in my element. And I chose a specific subject for my session: Encryption in Microsoft 365, Microsoft Information Protection, and Office 365 Message Encryption. The slides I used for this are available at the end of this blog. But I do want to pick out some tips I talked about.
Tip 1: remember that when you use Office 365 Message Encryption (for instance: do not forward) and you attach an unprotected Office document – then this document will be encrypted and rights protected as well. The document can only be opened using the secure portal or by the relevant Microsoft 365 App (such as Word), but only if the recipient has an Azure AD account.
Tip 2: to solve this issue (if needed), you can use the “Set-IRMConfiguration -DecryptAttachmentForEncryptOnly $true” cmdlet. This will decrypt the attachment so that it can be opened by the Microsoft 365 App.
Tip 3: When sharing a labeled and protected document from OneDrive for Business, SharePoint Online (and Teams) using the One-Time-Passcode method (which is by default), then opening the document by the recipient will very likely fail. Because of the requirement for an Azure AD account. Set Azure AD to use guest accounts for this (see here).
Tip 4: Protected and/or signed PDFs cannot be encrypted using Microsoft Information Protection. You can open MIP-encrypted PDFs using Adobe (using the plugin) or Microsoft Edge.
Tip 5: Enabling co-authoring and auto-save changed the MIP metadata for a document. If you use the current metadata (MSIP_<labeled>) for things like DLP or Exchange mail rules, then take note of this.