I would like to implement OME within my organization. At initial glance, it seems to work great with the one time passcode approach. However I have noticed that if the recipient doesn't check the box to remember the passcode for 12 hours any subsequent response received result in a "Authentication did not complete message". I have scoured the internet and there doesn't seem to be a setting to force the check box to be checked. The only way I see around this is to clear out the cookies for outlook.office.com. Does anyone have any suggestions on how to make this work correctly or can recommend a different approach? Thanks.

Chris_Mancini Hi, would you mind elaborate on the post? You mean that if just using the default setting (15 min limit on the OTP) and not checking the "this is a private computer" the users receive the message? Even though the OTP is used within the 15 minutes?

ChristianBergstrom Yes, default setting. I send an email from Outlook to a test gmail account and choose Encrypt-Only. In the Gmail account I receive the email that says "Read Secure Message". I am taken to a page that says "Sign in with one time passcode". I click to receive the passcode and it is sent to the test gmail account. I am taken to a screen to input the passcode. There is the "This is a private computer..." checkbox. If I don't check it, then subsequent encrypted responses or new messages to the gmail account are sent to the account. However, when I click "Read Secure Message" I receive a page with "Authentication did not complete". If I check the "This is a private computer..." then everything works fine. Thanks for your help.

Chris_Mancini Hi, I had to verify this so created a Gmail account and sent an OME "encrypt only" to the address. OTP was selected and a new code is always being used when replying or sending new emails to the Gmail address. I did not check the box to "remember this device for 12 hours" and am able to enter a new OTP code several times, that is for every new message and new replies as well. In other words I cannot reproduce your issue. I suppose it's browser related and the check box "workaround" you are using also suggests this. Have you tried using different browsers or maybe verify what differentiates your browser settings from default settings for example? Perhaps check with your own org. if you have several units managing applications (the browser).

ChristianBergstrom Good advice...I have been using Chrome on my company laptop and I tried MS Edge on the same device and experienced the same behavior. However, when I test with my personal Macbook with Chrome it functions flawlessly so it appears it may be an internal browser setting. I have no idea what setting may be causing this but it helps point me in the right direction. Do you use OME consistently and, if so, have you had any issues with encryption outside of your org?

Chris_Mancini Hello, even though it has been around for years there has been a stalemate in our org. due to legal technicalities (such as the key). This has progressed lately and now I'm involved in a pre-study as how OME actually behaves when using the "encrypt-only" template with and without attachments that are being replied to, as well as forwarded to internal/external individuals as second, third and forth recipient. One might think this should be pretty straightforward (and it is when only the sender and the initial recipients is involved to answer your question) but it's getting a bit complex when adding the others. This is not a common scenario and the unit in need of the encryption has a flow that is difficult to explain. So we'll see if they can use OME or if we need to look at another solution. In short. OME is great and easy to use for all users in an org. but if you're looking at it from a "encryption point of view" you could say it's not "asymmetric" but rather a "symmetric" solution which is much easier to manage and use.

Office 365 Email Encryption OME | Microsoft Community Hub

18 Replies

akeinath
Copper Contributor
Nov 03, 2020
I'd like to hop on this thread and say that my organization is also seeing these issues. I have tested this myself by sending to a Gmail and I receive the same error. I do have an attached file. This is making things hard for our users because they're having to resend their emails when the recipient doesn't save the attachment.
- Chris_Mancini
  Brass Contributor
  Nov 03, 2020
  akeinath I knew this wasn't an isolated issue as I have seen this from other organizations. This company has even written up a troubleshooting section on their site for their clients.
  
  https://www.atgf.com/tools-publications/receiving-or-sending-encrypted-email
  - ChristianBergstrom
    Silver Contributor
    Nov 03, 2020
    Do the proposed workaround solve the issue for you as well then? (using InPrivate / Incognito windows).
    
    I am not able to reproduce the authentication message.
ChristianBergstrom
Silver Contributor
Oct 28, 2020
Chris_Mancini Hi, would you mind elaborate on the post? You mean that if just using the default setting (15 min limit on the OTP) and not checking the "this is a private computer" the users receive the message? Even though the OTP is used within the 15 minutes?
- Chris_Mancini
  Brass Contributor
  Oct 28, 2020
  ChristianBergstrom Yes, default setting. I send an email from Outlook to a test gmail account and choose Encrypt-Only. In the Gmail account I receive the email that says "Read Secure Message". I am taken to a page that says "Sign in with one time passcode". I click to receive the passcode and it is sent to the test gmail account. I am taken to a screen to input the passcode. There is the "This is a private computer..." checkbox. If I don't check it, then subsequent encrypted responses or new messages to the gmail account are sent to the account. However, when I click "Read Secure Message" I receive a page with "Authentication did not complete". If I check the "This is a private computer..." then everything works fine. Thanks for your help.
  - ChristianBergstrom
    Silver Contributor
    Oct 28, 2020
    Chris_Mancini Hi, I had to verify this so created a Gmail account and sent an OME "encrypt only" to the address. OTP was selected and a new code is always being used when replying or sending new emails to the Gmail address. I did not check the box to "remember this device for 12 hours" and am able to enter a new OTP code several times, that is for every new message and new replies as well. In other words I cannot reproduce your issue. I suppose it's browser related and the check box "workaround" you are using also suggests this. Have you tried using different browsers or maybe verify what differentiates your browser settings from default settings for example? Perhaps check with your own org. if you have several units managing applications (the browser).

Forum Discussion

Office 365 Email Encryption OME