Microsoft has released details of an Exchange Online transport rule to encrypt outbound email containing sensitive data types like credit card numbers. The rule works (after fixing the PowerShell), but needs to be reviewed and possibly adjusted to meet the needs of Office 365 tenants.
I was hoping MSFT would provide a way of creating a scoped connector which tested if the recipient could do TLS1.2 and if not automatically apply OME.
We have a lot of sensitive outgoing email that needs to be encrypted in transit. Using a TR to put it out on a scoped connector with mandatory TLS when the default behaviour is to try TLS then go into a 24 hour retry cycle is no use.
We wanted a connector that tried TLS then would sense the failure and instead wrap the message in OME and send that. We don't have the time to maintain lists of recipients that can't to TLS and test for the domain in the TR.