Product Feedback for Advanced Message Encryption

mikedoneghan Hello, just gonna add my two cents.

Office Message Encryption is a great built-in encryption tool for emails with the options Encrypt-only and Do Not Forward. That's kind of what you can do with, and only use the default OME template.

Now I haven't worked with Advanced OME but here you have more possibilities with branding/templates. You can use multiple and specify more granular options, and not all email have to be encrypted. I assume you've looked in the EXO admin center and played around with possible scenarios as which custom branding template to use and apply O365 Message Encryption or not? And as you mention, you can revoke access in some scenarios. But when you use custom branding you're using the wrapper all the time, hence more secure as the recipient needs to access to OME portal and then you have the possibility to revoke access and set expiration date. Bear in mind that revoke and recall are different things.

The docs have several articles about OME and Advanced OME, perhaps you've already browsed through them but I recommend you go there and have look.

If you want to use a more secure and governance approach you shouldn't look at OME really. But instead DLP and sensitivity labels. You can revoke with the latter if using the unified client. As an admin you always have the possibility. For these two tools you also have the audit log where you can find things like SensitivityLabeledFileOpened