Encrypt Only as an outcome of a sensitivity label
The new version of OME that is now more integrated into AIP needs to have an encrypt only option such as you can configure using the message classification configuration.
The DNF use case is too restrictive for our organisation.
Thank you for consideration.

7 comments
-
Daniel Attwill commented
MS have told me to vote on this: https://office365.uservoice.com/forums/289138-office-365-security-compliance/suggestions/34631242-allow-replies-from-encrypted-email-with-ome-v2-to
I suggest we all vote on it.
-
Ronnie commented
It would be great when there is an "Encrypt mail only" template in Exchange online where Office docs DON'T inherit the IRM rights. So that only the mail is encrypted and the Office document is not touched.
Just like in the previous version OMEv1
Because lot's of customers can not use IRM or even don't know what that is.
-
Chris Champlin commented
Custom Templates/Labels in AIP, that would allow external recipients to enjoy the built-in "Do Not Forward" and "Encrypt" experience we see in OME v2 Encrypted Message Portal, would be golden!
Right now, AIP Templates/Labels that we build don't have that "Anyone" scope (for internal and external recipients) that the two default OME options have. The best we seem to have is to allow All Tenant users, and then try to add and manage a list of external recipients... a manual process.
-
Gayr Howard commented
Based upon the information provided in https://techcommunity.microsoft.com/t5/Security-Privacy-and-Compliance/Encrypt-only-rolling-out-starting-today-in-Office-365-Message/ba-p/162718, I assumed that I could create transport rules with conditions whose action would be to encrypt the message using the Encrypt Only RMS template and external users would be able to read the message after authenticating. I tested from a customer's O365 by sending encrypted messages using the Encrypt Only option to external email addresses using a Comcast,net, Outlook.com, and Gmail.com email address and was able to read the message but could not read the message when sending to my company email address. My company has Azure AD and O365 also. Not sure if this is expected results or not but documentation suggested an external user could consume the protected message regardless of email provider.
-
Geoffrey Kneale commented
The OMEv2 Encrypt Only template does not work for external recipients and requires the Outlook Desktop client. Some recipients are limited to OWA, in which case they cannot read the message.
-
Suresh Subrmanian commented
It would be great to have the custom labels in custom scope available for transport rules and OWA. Hope it will soon be available for Exchange Online , fingers crossed :)
-
Bilbo commented
We need this too! thanks! possiblity to clone DNF and make own template without print / copy restrictions etc...