Microsoft is working on expanding the capability to revoke encrypted email messages sent using the Office 365 Message Encryption (OME) service to regular users as part of a larger effort to prevent data leaks and enterprise data theft.
OME is built on Microsoft Azure Rights Management (Azure RMS) and it combines rights management with email encryption capabilities.
It allows Office 365 customers to send and receive encrypted emails using Outlook.com, Yahoo!, Gmail, and several other email services with support for encryption, authorization, and identity policies.
Encrypted email revocation for end-users
“As part of Office 365 Advance Message Encryption, we are extending the email revocation capabilities to the end user,” Microsoft explains on the new feature’s entry on the Microsoft 365 roadmap.
“Previously, you had to be an admin to revoke an already sent message; with this update, end users will have this capability as well.”
This new capability will only be available to users whose organization’s Office 365 subscription with Advanced Message Encryption support such as Microsoft 365 Enterprise E5, Office 365 E5, Microsoft 365 E5 (Nonprofit Staff Pricing), Office 365 Enterprise E5 (Nonprofit Staff Pricing), and Office 365 Education A5.
While Microsoft doesn’t explain what will happen with the revoked encrypted messages, according to its support site, when admins revoke such emails, the recipients receive ‘The message has been revoked by the sender’ errors on trying to access the encrypted emails through the Office 365 Message Encryption portal.
The Microsoft Exchange team is planning to roll out this new OME capability expansion during Q4 2020 and it will be generally available on a worldwide basis for standard multi-tenant environments.
As part of its larger effort to put a stop to enterprise data theft, Microsoft is also planning to disable Office 365’s email forwarding to external recipients by default starting with the fourth quarter of 2020.
The company is also in the process of adding improved external email forwarding controls which will allow Office 365 admins to enable the feature only to select employees in their organizations.
More OME enhancements
Redmond has also recently added several other new capabilities to the Office 365 Message Encryption service in December 2019, including support for Shared Mailboxes and PDF attachments, and Mac pre-licensing.
Microsoft is also working on improving the way emails sent using the OME service are recognized by mail servers so that they are less likely to be sent to the Trash folder after being marked as spam
They are also expected to roll out support for sending one-time passcode (OTP) emails from an organization’s Office 365 domain later this year.
A quick overview of the Office Message Encryption capability in Office 365 with instructions on sending protected emails to almost anyone inside and outside your organization is available here.