Product Feedback for Advanced Message Encryption
Hi there, I've just evaluated Advanced Message Encryption for Exchange Online so thought I would feedback my thoughts. It's a good product if your only goal is to guarantee that emails are encrypted. However if your goal is to limit data breaches, there are two minor features missing which significantly limit its usefulness:- It's not possible to revoke encrypted emails* sent to Microsoft tenanted email accounts (basically almost everyone), since they are displayed inline in Outlook clients, rather than using a link-based experience (where the recipient is required to sign in to the OME portal to view the message). *This applies to emails encrypted In Outlook by selecting the Encrypt drop down menu, or by applying a Sensitivity Label. It's not possible for the user (or an admin) to query whether a sent link-based encrypted email has been read or not by the recipient, and if so at what date and time. These two features are likely easy to implement, and would make this product much more useful. End users would be able to rectify their own accidental email data breaches, for example forgetting to use the BCC field, or fat-fingering the Outlook To field autocomplete and selecting the wrong recipient. I understand that products such as Mimecast and Egress Protect already have these features. Being able to reliably revoke an email, and know for sure whether it was accessed or not by the recipient (and prove so), is the difference between being legally required to report a breach to your region's data regulator or not. I understand that some organisations may have the priority of an easy user experience, so would want to keep the encrypted message inline in Outlook, but for those whose priority is data breach minimisation, being able to switch this off and use the link-based experience for all recipients would be very useful. I understand that it's possible to setup a transport rule to force recipients to use the OME portal, but this only works if you encrypt *all* of your organisation's messages, rather than those the user has selected to encrypt. If this feature became available I would have no hesitation to roll it out organisation-wide.