Forum Discussion

VasilMichev's avatar
VasilMichev
MVP
Feb 20, 2017

Mail is not stored in the service, but in your (and the recipient's) mailbox. O365 servers are only used to decrypt/display the message. As long as the message is not deleted and you are still using the service, it can be accessed. If you mean message expiration, I dont think this is officially supported, though we do have a parameter for PowerShell that hints it's possible.

 

The service does store the encryption keys however, and as OME is using Azure RMS on the backend, decommissioning of the service will be similar to what's detailed here: https://docs.microsoft.com/en-us/information-protection/deploy-use/decommission-deactivate

 

Not sure what you mean about control? Did you check the FAQ here: https://technet.microsoft.com/en-us/library/dn569285.aspx

Manuel Lange's avatar
Manuel Lange
Copper Contributor
Feb 20, 2017
Thanks, thats what dawned on me somehow.

"As long as the message is not deleted and you are still using the service"

With "you" do you mean the sender implementing ome or the non-ome receiver?
  • VasilMichev's avatar
    VasilMichev
    MVP
    Feb 21, 2017

    You as the one using/paying for the serice, and he as the one keeping the message.

     

    Looking at the product pages however, it seems that OME is now only offered as part of AIP, and the latter offers you a bit more flexibility compared to OME in terms of revoking access, tracking protected documents, etc.

    • timkoehler's avatar
      timkoehler
      Copper Contributor
      Jan 27, 2021

      VasilMichev 

      Thanks for your insight, as Microsoft is currently pushing the hole topic under the name MIP, let me warm up this old thread.

       

      Scenario:

      I don't use Microsoft 365 or Microsoft outlook.

       

      I receive an OME encrypted E-Mail, which I open via "the link", which redirects to an Outlook Webaccess light. I sign in with one time password. --> The mail is basically stored in the Microsoft cloud.

       

      How long, or which are the conditions under which I can access this E-Mail?

       

      1. Am I understanding you right, that when the sender deletes the mail from his "Sent Items" and "Trash Bin", I would loose access to that mail?
      2. When the sender terminates the M365 contract (e.g. going out of business), then I would not have access to that mail anymore?
      3. Would I still have access via Microsoft Outlook (aka is the MS MIP/AIP/RMS Service still handing out keys in a decomissend state, or would even this service be "switched off"
      4. Are there any "grace periods" involved?

       

      As a background:

      In Germany it is mandatory to archive business communication in readable format (including E-Mail for 10 years).

      When I can't guarantee access to that mails for this time frame, I would need to refuse OME Mails?

      Or is there a known legal backup?

      Is there any Information from Microsoft side? Unfortunatly I haven't found any.

       

      • Jan_Kahl's avatar
        Jan_Kahl
        Copper Contributor
        Oct 20, 2021

        timkoehler 

         

        Interesting questions. Do you have discovered answers to these points meanwhile? It seems to be quiet complicated to find valuable information about the details of the message encryption.

         

         

        Regards,

         

        Jan

Resources