Mar 21 2019
- last edited on
Feb 19 2021
I was recently tasked with achieving a better understanding of our Office 365 setup after our Information Security Officer left for another position. This includes the way we are encrypting our email. Initially, the only option available within Outlook & OWA was Do Not Forward. Within the last week or so the Encrypt-Only option has shown up under the same Permissions button in Outlook and I'm trying to better understand how/where these options are managed. All Microsoft documents I have been able to find are a higher level explanation of what these options do and not how to manage them or turn them off, if this is even possible.
Is the Encrypt-Only function managed through the Encryption mail transport rule in the Exchange Admin Center? If I turned this rule off, would that eliminate the Encrypt-Only option within Outlook?
The Do Not Forward option, is this managed in Azure Information Protection (AIP)? In our environment within the Global Policy (On the Azure Information Protection - Policies blade, select the Global Policy) , it looks like the Do Not Forward button is toggled to not show in the Outlook Ribbon. Why is it still showing up? Or is the attached screenshot not where these settings are actually managed?
Mar 21 2019 07:21 PMSolution
Thanks @Ryan Heffernan.
DNF is a built in function within the Outlook client and must be disabled via GPO/Registry keys as follows:
Open the following registry location using Registry Editor:
(Note the registry location will be different based on the Office version.)
Once the policy is applied, this is what the UI shows. (Note the DNF options is greyed out.)
More information about DNF is found here: https://docs.microsoft.com/en-us/azure/information-protection/configure-usage-rights#do-not-forward-...
We plan to allow admins to disable/hide Encrypt Only within Office later this year.