Forum Discussion

EASchmitt's avatar
EASchmitt
Copper Contributor
Mar 21, 2019
Solved

Encrypt-Only and Do Not Forward Managment

I was recently tasked with achieving a better understanding of our Office 365 setup after our Information Security Officer left for another position. This includes the way we are encrypting our email...
security
  • Rafael Dominguez's avatar
    Rafael Dominguez
    Mar 22, 2019

    Thanks Ryan Heffernan.

     

    DNF is a built in function within the Outlook client and must be disabled via GPO/Registry keys as follows:

    Open the following registry location using Registry Editor:

    HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\DRM

    1. On the Edit menu, point to New, and then click DWORD (32-bit) Value
    2. Type DisableDNF, and then press ENTER. 
    3. In the Details pane, right-click DisableDNF, and then click Modify
    4. In the Value data box, type 1, and then click OK
    5. Exit Registry Editor. 
    6. If you previously disabled the Do Not Forward command by using a Group Policy setting, remove that policy setting.

    (Note the registry location will be different based on the Office version.)

    • 14.0 = 2010
    • 15.0 = 2013
    • 16.0 = 2016 

    Once the policy is applied, this is what the UI shows. (Note the DNF options is greyed out.)

    More information about DNF is found here: https://docs.microsoft.com/en-us/azure/information-protection/configure-usage-rights#do-not-forward-option-for-emails

     

    We plan to allow admins to disable/hide Encrypt Only within Office later this year.

Rafael Dominguez's avatar
Rafael Dominguez
Iron Contributor
Mar 22, 2019

Thanks Ryan Heffernan.

 

DNF is a built in function within the Outlook client and must be disabled via GPO/Registry keys as follows:

Open the following registry location using Registry Editor:

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\DRM

  1. On the Edit menu, point to New, and then click DWORD (32-bit) Value
  2. Type DisableDNF, and then press ENTER. 
  3. In the Details pane, right-click DisableDNF, and then click Modify
  4. In the Value data box, type 1, and then click OK
  5. Exit Registry Editor. 
  6. If you previously disabled the Do Not Forward command by using a Group Policy setting, remove that policy setting.

(Note the registry location will be different based on the Office version.)

  • 14.0 = 2010
  • 15.0 = 2013
  • 16.0 = 2016 

Once the policy is applied, this is what the UI shows. (Note the DNF options is greyed out.)

More information about DNF is found here: https://docs.microsoft.com/en-us/azure/information-protection/configure-usage-rights#do-not-forward-option-for-emails

 

We plan to allow admins to disable/hide Encrypt Only within Office later this year.

vinc100's avatar
vinc100
Copper Contributor
Jul 13, 2021

Rafael Dominguez- was there any progress in adding the option to hide / disable the "Encrypt Only" and "Do Not Forward" option?

 

Resources