Allow replies from encrypted email with ome v2 to automatically decrypt
Adding encryption ome v2 (encrypt-only) to outbound emails with sensitive data detection is easy enough. However when that email is opened by the recipient and replied to, the email comes in encrypted to the sender, who has to go thru the process to decrypt. There is an option in the EOP rule to "Remove Office 365 Message Encryption and right protection" however fails since the predicate must match "The sender is located?" "Inside the organization". This is no problem with ome v1 but is not working with ome v2. Need to add the capability to decrypt those messages automatically.
This is a feature which would be very useful as there are issues with shared mailboxes accessing encrypted replies with OMEv2. Decryption of replies is a feature of competing products such as Egress so Microsoft should catch up and provide this facility. Meantime our workaround is having the recipient use Outlook client to decrypt replies arriving in mailbox which creates a readable copy for all shared users. Cumbersome. Please fix this Microsoft, thank you.
MS: Please fix this. We do not want our internal users to have to launch the OME portal in order to read replies. I know this is low priority because you prefer that everyone use a cloud-connected account, but we are not there yet. We are not asking that the non cloud-connected clients be allowed to render the OME message reply. We just want the ability to remove the encryption on the inbound reply. The rule option exists, but this feature (to strip OME on inbound) does not work. Thank You.
Steve Prentice commented
This is stopping us archiving email chains into case management systems, which is making AIP/OME unusable for many parts of our business. :-(
Michael Rasor commented
Have the same issue.
This seems to be a pretty basic functionality that was dropped from OME v1 to v2 without a clear reason given. My most pressing concern was from a user convenience and workflow perspective, but as Daniel Attwill pointed out this is also a concern for archiving processes.
I'm seeing the same pattern after migration my AIP mail encryption to unified labeling.
Before migration e-mail from external domains got decrypted, but after migration only none MS systems (google, yahoo...) gets decrypted. Mails received from client using MS, fails decryption.
Byron Wright commented
I also have a client using on-premises Exchange with this concern. It would be much preferred to have the responses come back unencrypted to the internal users.
Daniel Attwill commented
Have the same issue. I need this working at once for our business otherwise we will go else ware for our encryption which I really do not want to have to do. We send out emails that are encrypted via the Mail flow as we back them up before this stage, and when we receive them, we need them to decrypt so that we can then archive them. Note: As we are the creators of said encrypted email and have full rights still on the email even on a reply, we should have the opportunity to remove this via our mail flow as we do manually.