cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Encrypt-Only and Do Not Forward Managment

EASchmitt
Copper Contributor

‎Mar 21 2019 06:48 AM - last edited on ‎Feb 19 2021 04:58 AM by

‎Mar 21 2019 06:48 AM - last edited on ‎Feb 19 2021 04:58 AM by

Encrypt-Only and Do Not Forward Managment

I was recently tasked with achieving a better understanding of our Office 365 setup after our Information Security Officer left for another position. This includes the way we are encrypting our email. Initially, the only option available within Outlook & OWA was Do Not Forward. Within the last week or so the Encrypt-Only option has shown up under the same Permissions button in Outlook and I'm trying to better understand how/where these options are managed. All Microsoft documents I have been able to find are a higher level explanation of what these options do and not how to manage them or turn them off, if this is even possible.

 

Is the Encrypt-Only function managed through the Encryption mail transport rule in the Exchange Admin Center? If I turned this rule off, would that eliminate the Encrypt-Only option within Outlook?

 

The Do Not Forward option, is this managed in Azure Information Protection (AIP)? In our environment within the Global Policy (On the Azure Information Protection - Policies blade, select the Global Policy) , it looks like the Do Not Forward button is toggled to not show in the Outlook Ribbon. Why is it still showing up? Or is the attached screenshot not where these settings are actually managed?

Labels:
Preview file
94 KB
21.8K Views
0 Likes
3 Replies
Reply
3 Replies
Ryan Heffernan

‎Mar 21 2019 02:21 PM

‎Mar 21 2019 02:21 PM

Re: Encrypt-Only and Do Not Forward Managment

@EASchmitt

 

CC: @Rafael Dominguez to see if he can speak to the AIP aspect of this question. 

0 Likes
Reply
best response confirmed by EASchmitt (Copper Contributor)
Rafael Dominguez

‎Mar 21 2019 07:21 PM

‎Mar 21 2019 07:21 PM

Solution

Re: Encrypt-Only and Do Not Forward Managment

Thanks @Ryan Heffernan.

 

DNF is a built in function within the Outlook client and must be disabled via GPO/Registry keys as follows:

Open the following registry location using Registry Editor:

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\DRM

  1. On the Edit menu, point to New, and then click DWORD (32-bit) Value
  2. Type DisableDNF, and then press ENTER. 
  3. In the Details pane, right-click DisableDNF, and then click Modify
  4. In the Value data box, type 1, and then click OK
  5. Exit Registry Editor. 
  6. If you previously disabled the Do Not Forward command by using a Group Policy setting, remove that policy setting.

(Note the registry location will be different based on the Office version.)

  • 14.0 = 2010
  • 15.0 = 2013
  • 16.0 = 2016 

Once the policy is applied, this is what the UI shows. (Note the DNF options is greyed out.)

More information about DNF is found here: https://docs.microsoft.com/en-us/azure/information-protection/configure-usage-rights#do-not-forward-...

 

We plan to allow admins to disable/hide Encrypt Only within Office later this year.

1 Like
Reply
vinc100

‎Jul 13 2021 05:49 AM

‎Jul 13 2021 05:49 AM

Re: Encrypt-Only and Do Not Forward Managment

@Rafael Dominguez- was there any progress in adding the option to hide / disable the "Encrypt Only" and "Do Not Forward" option?

 

0 Likes
Reply
1 best response

Accepted Solutions
best response confirmed by EASchmitt (Copper Contributor)
Rafael Dominguez

‎Mar 21 2019 07:21 PM

‎Mar 21 2019 07:21 PM

Solution

Re: Encrypt-Only and Do Not Forward Managment

Thanks @Ryan Heffernan.

 

DNF is a built in function within the Outlook client and must be disabled via GPO/Registry keys as follows:

Open the following registry location using Registry Editor:

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\DRM

  1. On the Edit menu, point to New, and then click DWORD (32-bit) Value
  2. Type DisableDNF, and then press ENTER. 
  3. In the Details pane, right-click DisableDNF, and then click Modify
  4. In the Value data box, type 1, and then click OK
  5. Exit Registry Editor. 
  6. If you previously disabled the Do Not Forward command by using a Group Policy setting, remove that policy setting.

(Note the registry location will be different based on the Office version.)

  • 14.0 = 2010
  • 15.0 = 2013
  • 16.0 = 2016 

Once the policy is applied, this is what the UI shows. (Note the DNF options is greyed out.)

More information about DNF is found here: https://docs.microsoft.com/en-us/azure/information-protection/configure-usage-rights#do-not-forward-...

 

We plan to allow admins to disable/hide Encrypt Only within Office later this year.

View solution in original post

1 Like
Reply