OME – Office 365 Message Encryption (Safeguarding Email Communication, Next Game Changer by AIP)

OME – Office 365 Message Encryption (Safeguarding Email Communication, Next Game Changer by AIP)

Safeguarding Email Communication – Next Game Changer by AIP (Azure information Protection)

Safeguarding the email in Office 365 – eliminate the secure email!!! This is advanced solution from AIP team. Before we start exploring how security of email is structured, we will try to understand what is AIP?

Microsoft announced Azure Information Protection (AIP) last year, a new service that builds on both Microsoft Azure Rights Management (RMS) and their recent acquisition of Secure Islands.

Now AIP is Generally Available (GA)! and AIP will deliver the following:

– Classify, label, and protect data at the time of creation or modification.

– Persistent protection that travels with your data.

– Enable safe sharing with customers and partners.

– Simple, intuitive controls help users make the right decisions and stay productive.

– Visibility and control over shared data.

– Deployment and management flexibility. Protect data whether it is stored in the cloud or on-premises, and choose how your encryption keys are managed with Bring Your Own Key (BYOK) and Hold Your Own Key (HYOK) options.

Many changes have been made since AIP introduced, mainly on labeling and standardizing labels in global organization in data protection using Microsoft Cloud App Security (MCAS) tool and labels!

AIP team has new set of default labels within Azure.

  • Personal
  • Public
  • General
  • Confidential
  • Highly Confidential

You can have SUB labels too within the above listed labels.

Scope policies: This will help people to control specialized access policy which will have the default labels in it. There will be Global policy which is default and will have default labels.

Every policy which will be created, will also have default labels available and they are allowed to create their own labels likewise they create scope policy. These are all done under admin console in Azure.

Right User Behavior: Is large concern to organizations to allow users to manually classify something or automatically classify the data. Hence it is recommended to use R&R type!

  • Automatic: Automatically classified
  • User Set: User manually classified
  • Recommended & Reclassification: these two will use little bit of automation and user will be getting choice to choose the labeling automatically to classify the data properly if it is wrong.

Security of Email:

Be it a webmail, outlook or Gmail, yahoo etc. No need to buy an MS Office to read the secure email and reduce investment on the e-mail gateway!  This new feature is currently included under Azure Information Protection Premium P2 and some office 365 subscription might include this with Azure RMS.

Assume you sent a secure email to Gmail mailbox from your outlook/webmail using the exchange or office365,  the message say that buy/use a office product to decrypt the email, which was not having great customer experience and this had requirement of mail gateways.

All will be gone soon!

Moving forward AIP will give an option to read the encrypted mail by giving choice to prove who you are.


When a person sends a encrypted email to any end-user, who does not have outlook/webmail to decrypt the message, will be sent email with link, which allows user to access email in HTML format.

The link will have message similarly like below:

 ABC ( has sent you a message that was protected with Microsoft Office 365.

——-> Click Here to read your message <——-

  (This link will have 3 months validity)

We will Assume that the user is using google mail for now, when he/she hits the link above, it takes request to another tab of browser hitting source of encrypted message. It will allow user to use google account to view the encrypted message by similar process to SSO.

User will receive the code in email and user has to paste the same code in the link to read email online.

There you go! happy reading your secure emails!



Simple and the simplest, two words create new things in life. The technology isn’t stopping itself and it is not making us to stop and relax. It’s just growing, natural clouds reducing in size but technology clouds are just increasing in size, scalability, performance etc. This is all happening because we humans are adopting it.

So, I welcome all of you who would like to create the technology/platform and who would like to adopt it.

Thank you for reading above sentences, which are simple at its best.

Comment, ask questions and contact me. Your suggestions are most valued at set-techie.

Say Bye to MS Exchange Server 2007

Exchange 2007 - End of life Visio.vsdx

On April 11, 2017, Exchange Server 2007 will be End of Life.

If you haven’t already started your migration from Exchange 2007 to Office 365 or Exchange 2016, I would recommend to start it now!

What is end of life ?

Microsoft will not provide the following for Exchange 2007:

  • Free or paid assisted support (including custom support agreements)
  • Bug fixes for issues that are discovered and that may impact the stability and usability of the server
  • Security fixes for vulnerabilities that are discovered and that may make the server vulnerable to security breaches
  • Time zone updates

Above mentioned topics are really important to have updated exchange system within most mid sized and global organizations. It is always good to have global benchmarking of IT security in all applications within a company and best practice to have healthy systems in place with latest ones. Exchange 2016 and Office 365 platforms provide advanced capabilities to empower your users.

Hence, I would strongly recommend and suggest to move your email application!

To learn about your options for migrating from Exchange 2007 to Office 365 or a newer version of Exchange Server, check out Exchange 2007 End of Life Roadmap.