SOLVED

Office 365 message encryption logic

%3CLINGO-SUB%20id%3D%22lingo-sub-2580304%22%20slang%3D%22en-US%22%3EOffice%20365%20message%20encryption%20logic%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2580304%22%20slang%3D%22en-US%22%3E%3CDIV%3E%3CP%3EHi%20Community%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EOne%20of%20the%20customer%20would%20like%20to%20understand%20the%20Office%20365%20message%20encryption%20logic%20while%20the%20senders%20domain%2Flicense%20is%20unavailable%20after%20the%20message%20is%20sent.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EScenario%3A%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3ESender%20%3A%20User%20A%3C%2FSPAN%3E%20from%20Office%20365%20-%20Message%20encryption%20is%20enabled.%3C%2FP%3E%3CP%3E%3CSPAN%3ERecipient%20%3A%20User%20B%20%3C%2FSPAN%3Efrom%20Gmail%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EUser%20A%20%3C%2FSPAN%3Esends%20the%20email%20message%20to%20User%20B%3C%2FP%3E%3CP%3E%3CSPAN%3EUser%20B%20%3C%2FSPAN%3Eencrypt%20the%20message%20by%20entering%20onetime%20passcode.%3C%2FP%3E%3CP%3EThings%20working%20fine%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ENow%2C%20Office%20365%20tenant%20is%20decommissioned%2C%20licenses%20are%20removed.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EQuestions%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E1.%20Will%20User%20B%20still%20be%20able%20to%20decrypt%20the%20previous%20message%20sent%20by%20User%20A%20who%20was%20from%20decommissioned%20Office%20365%20tenant%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E2.%20Will%20User%20B%20require%20onetime%20decryption%20or%20have%20to%20decrypt%20every%20time%20while%20they%20open%20the%20message%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAny%20guidance%20about%20the%20logic%20would%20be%20of%20great%20help.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMany%20thanks%20in%20advance!%3C%2FP%3E%3C%2FDIV%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2580304%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EOffice%20365%20message%20encryption%20logic%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2584008%22%20slang%3D%22en-US%22%3ERe%3A%20Office%20365%20message%20encryption%20logic%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2584008%22%20slang%3D%22en-US%22%3EIf%20the%20tenant%20has%20been%20deprovisioned%20(this%20can%20take%20a%20little%20time%20after%20licenses%20have%20expired)%2C%20any%20previously%20encrypted%20messages%20will%20be%20rendered%20unopenable.%3C%2FLINGO-BODY%3E
Contributor

Hi Community,

 

One of the customer would like to understand the Office 365 message encryption logic while the senders domain/license is unavailable after the message is sent.

 

Scenario:

 

Sender : User A from Office 365 - Message encryption is enabled.

Recipient : User B from Gmail

 

User A sends the email message to User B

User B encrypt the message by entering onetime passcode.

Things working fine

 

Now, Office 365 tenant is decommissioned, licenses are removed.

 

Questions:

 

1. Will User B still be able to decrypt the previous message sent by User A who was from decommissioned Office 365 tenant?

 

2. Will User B require onetime decryption or have to decrypt every time while they open the message?

 

Any guidance about the logic would be of great help.

 

Many thanks in advance!

3 Replies
best response confirmed by SB V (Contributor)
Solution
If the tenant has been deprovisioned (this can take a little time after licenses have expired), any previously encrypted messages will be rendered unopenable.
Hi Vasil, Thank you very much for your inputs.

One another question is that

User B in this case needs to save the received emails for a period of 10 years as an example, Again, User A the sender, decommissioned their O365 tenant a while back.

How they can save or decrypt the emails to apply the retention rules for 10 years for legal reasons?
They cannot, that's kind of the point for having them encrypted in the first place.