cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Transport rule for encrypted messages

Dan Snape
Steel Contributor

‎Aug 04 2019 06:41 PM

‎Aug 04 2019 06:41 PM

Transport rule for encrypted messages

I'm trying to configure a mail flow/transport rule in Exchange Online to add a banner to incoming messages that are encrypted. During testing, the rule does not get triggered, even though the received message has an Outlook notification that the message is encrypted. My rule is using the "if message type is encrypted" condition to add a disclaimer (prepend). Does anyone know how this can successfully be achieved?

Labels:
5,295 Views
0 Likes
7 Replies
Reply
7 Replies
ankit shukla

‎Aug 05 2019 12:17 AM

‎Aug 05 2019 12:17 AM

Re: Transport rule for encrypted messages

@Dan Snape Hi Dan,

 

Can you Run Get-TransportRule -Identity "name of transport rule" | FL and share here (pls hide sensitive or confidential information including domain name. 

Also , have you enforced the Transport Rule at the end of Transport rule.

 

Cheers !

Ankit Shukla

 

0 Likes
Reply
best response confirmed by Dan Snape (Steel Contributor)
Vasil Michev

‎Aug 05 2019 10:07 AM

‎Aug 05 2019 10:07 AM

Solution

Re: Transport rule for encrypted messages

Modifying the content on an encrypted message is not supported, as detailed for example here: https://docs.microsoft.com/en-us/previous-versions/office/exchange-server-2010/bb124703(v=exchg.141)...

0 Likes
Reply
Dan Snape

‎Aug 05 2019 10:53 PM

‎Aug 05 2019 10:53 PM

Re: Transport rule for encrypted messages

Thanks@Vasil Michev 

0 Likes
Reply
Dan Snape

‎Aug 08 2019 09:27 PM

‎Aug 08 2019 09:27 PM

Re: Transport rule for encrypted messages

We currently have a rule that is prepending "EXT:" to the subject line of all messages from outside the organisation via an Exchange Online transport rule. This is also occurring on encrypted messages (coming from an external recipient also in Exchange Online). Is there any way I can create a condition to detect these encrypted messages and use this as an exclusion for this transport rule? I've tried using "if message type is encrypted" and if "X-MS-Exchange-CrossTenant-TransportEncryption-OmeV2LinkUrl' header contains "."" but with no success.

Even better I could create a separate rule to tag these messages with "Encrypted:" and bypass the above rule.

0 Likes
Reply
Vasil Michev

‎Aug 08 2019 11:10 PM

‎Aug 08 2019 11:10 PM

Re: Transport rule for encrypted messages

Depends on the type of encryption, how exactly are the messages being generated? RMS? OME? S/MIME? 

0 Likes
Reply
Dan Snape

‎Aug 09 2019 02:18 AM - edited ‎Aug 09 2019 02:25 AM

‎Aug 09 2019 02:18 AM - edited ‎Aug 09 2019 02:25 AM

Re: Transport rule for encrypted messages

@Vasil MichevDoing some more digging into this, transport decryption is enabled by default in Exchange Online and set to "Optional" so transport rules can in fact read messages protected using AAD RMS. I've tested and this works fine (a disclaimer is added successfully to these messages). So my mistake was thinking that the "encrypted" message type also referred to these types of messages, when in fact it only refers to S/MIME protected messages.

I now need to find a condition I can use in a transport rule that can detect messages that have AAD RMS protection applied to it. We are using the "Encrypt" option in Outlook to do the protection which I understand uses the new OME, which uses AAD RMS (but I may be wrong)

0 Likes
Reply
Dan Snape

‎Aug 09 2019 02:43 AM

‎Aug 09 2019 02:43 AM

Re: Transport rule for encrypted messages

I think I've figured it out. Looks like the message type 'Permission controlled' deals with these type of messages, and I'm able to do exactly what I need using this as a condition in the transport rule.

2 Likes
Reply
1 best response

Accepted Solutions
best response confirmed by Dan Snape (Steel Contributor)
Vasil Michev

‎Aug 05 2019 10:07 AM

‎Aug 05 2019 10:07 AM

Solution

Re: Transport rule for encrypted messages

Modifying the content on an encrypted message is not supported, as detailed for example here: https://docs.microsoft.com/en-us/previous-versions/office/exchange-server-2010/bb124703(v=exchg.141)...

View solution in original post

0 Likes
Reply