Skip to content
English - United Kingdom
Sign in
Submit a Ticket
  • There are no suggestions because the search field is empty.

Using Signature 365 with Microsoft Purview encryption

Scenario

Your organization uses Microsoft Purview to encrypt emails containing sensitive information. You want to ensure that Server-Side signatures are applied to the emails before they are encrypted and sent to the recipient.

Resolution

In order to ensure that a Server-Side signature can still be applied, it is necessary to ensure that the email is routed to Signature 365 before the encryption occurs.

The solution presented below requires users to add a trigger word to the subject line of the email so is suitable in scenarios where only certain emails require encryption.

Once the email is processed and returned from Signature 365, a mail flow rule will apply encryption to any email that contains the trigger word in the subject line.

Warning

You must have Azure information protection configured on your Microsoft 365 tenant to apply message encryption.

To apply encryption using a subject line trigger and mail flow rule:

  • Sign in to the Exchange Online admin portal (https://admin.exchange.microsoft.com) as an Administrator.
  • From the left-hand navigation menu, select Mail flow, then select Rules.

  • In Rules, select the "Send to Signature 365 for signature injection" transport Rule which was created when setting up Signature 365 server-side injection - this will open the settings fly-out.
  • Click Edit rule settings.

  • Ensure that the Stop processing more rules option is selected before you click Save.

  • Click the Add a rule option, then select the Apply Office 365 Message Encryption option.

Info

You must set the rule priority order to apply server-side signatures before message encryption

  • The Set rule conditions page is opened.

    Enter an appropriate name for the rule.
  • From the Apply this rule if... drop-down, select The sender and is external/internal
  • From the select sender location fly-out, select Inside the organization.
  • Click Save to save the changes.

    The updated condition is added to the selected rule:

  • Click + to add a condition.

  • From the And drop-down list, select The subject or body. From the adjacent drop-down list, select subject includes any of these words.

  • In the Specify words or phrases fly-out, enter Encrypted:

  • Click Add then click Save.

    The new rule condition is added to the rule:

  • From the Do the following section, select Apply Office 365 Message Encryption and rights protection. From  Rights protect message with, click Select One.


    The select RMS template pane is displayed.
  • From the drop-down list, select Encrypt.

  • Click Save and click Next on the rule conditions page.
  • Select Activate this rule on and specify a suitable time to enable the rule.
  • Select the Defer the message if rule processing doesn't complete option.
  • Click Next.
  • Review the settings and click Finish to save the new rule.

Once the rule is created and enabled, users can add the subject line trigger word 'Encrypted:' to the emails that require encryption.

Information

The new mailflow rule can take up to 1 hour to activate in Microsoft 365,

The subject line trigger can be updated to use other text instead of 'Encrypted:'