SOLVED
Home

Can Exchange Online Protection check for TLS before forcing encryption

%3CLINGO-SUB%20id%3D%22lingo-sub-283749%22%20slang%3D%22en-US%22%3ECan%20Exchange%20Online%20Protection%20check%20for%20TLS%20before%20forcing%20encryption%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-283749%22%20slang%3D%22en-US%22%3E%3CP%3EI%20know%20this%20is%20possible%20in%20Iron%20Port%20but%20not%20sure%20if%20EOP%20can%20handle%20this%20scenario%2C%20so%20asking%20for%20others%20opinions.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIn%20Iron%20Port%2C%20you%20can%20setup%20rules%20to%20say%20%22If%20this%20email%20contains%20DLP%20data%2C%20check%20for%20TLS%20delivery.%20If%20email%20is%20being%20sent%20with%20TLS%20-%26gt%3B%20do%20not%20force%20message%20encryption.%20If%20email%20is%20not%20being%20sent%20with%20TLS%20-%26gt%3B%20Force%20message%20encryption.%22%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECan%20EOP%20execute%20similar%20functionality.%20Essentially%20what%20I%20am%20looking%20for%20is%20whether%20not%20EOP%20is%20smart%20enough%20to%20only%20use%20OME%20when%20TLS%20is%20not%20available.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-283749%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EEncryption%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EExchange%20Online%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EForced%20TLS%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EIron%20Port%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMessage%20Encryption%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOffice%20365%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOME%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Etls%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-283847%22%20slang%3D%22en-US%22%3ERe%3A%20Can%20Exchange%20Online%20Protection%20check%20for%20TLS%20before%20forcing%20encryption%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-283847%22%20slang%3D%22en-US%22%3E%3CP%3EAfaik%20no.%20You%20can%20certainly%20put%20an%20action%20to%20force%20TLS%20(the%20%22require%20TLS%22%20action%20or%20by%20routing%20through%20a%20connector)%2C%20but%20there%20is%20no%20such%20%22fallback%22%20option.%20In%20any%20case%2C%20TLS%20and%20OME%20are%20quite%20different%2C%20if%20you%20need%20the%20message%20to%20be%20viewable%20by%20specific%20recipients%20only%20you%20should%20always%20force%20OME.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Tom Gould
Contributor

I know this is possible in Iron Port but not sure if EOP can handle this scenario, so asking for others opinions. 

 

In Iron Port, you can setup rules to say "If this email contains DLP data, check for TLS delivery. If email is being sent with TLS -> do not force message encryption. If email is not being sent with TLS -> Force message encryption." 

 

Can EOP execute similar functionality. Essentially what I am looking for is whether not EOP is smart enough to only use OME when TLS is not available. 

1 Reply
Solution

Afaik no. You can certainly put an action to force TLS (the "require TLS" action or by routing through a connector), but there is no such "fallback" option. In any case, TLS and OME are quite different, if you need the message to be viewable by specific recipients only you should always force OME.

Related Conversations
Outlook (365) Need Password - Issue
Muhammad Ali Khan in Office 365 on
21 Replies
Reporting on Project Online (PWA) Timesheets
Andy Dennis in Project on
3 Replies
Accessing a shared mailbox from a mobile device
Hexsysadmins in Office 365 on
14 Replies