Consumers Gain from Enterprise-Class Office 365 Features
The Benefit of a Common Office 365 Platform
As reported some time ago, Exchange Online and Outlook.com share a common infrastructure. The same is true for OneDrive for Business and OneDrive. The consumer versions are less functional than their business counterparts found in Office 365, but because they use the same technology, it is relatively easy for Microsoft to transfer functionality from one side to the other.
In the past, Microsoft has trialed technology like Inbox Sweep rules in Outlook.com before making it available in OWA. More recently, the flow of functionality seems to be from enterprise to consumer, with recent examples being the (much maligned by some) Focused Inbox and OneDrive restore.
The newly-redesigned Outlook.com boasts a more modern user interface than the several-years-old skin worn by the enterprise version of OWA, and the addition of industrial-strength email encryption built on top of Azure Information Protection means that you don’t need to install any extra software to protect messages sent to any email address.
Say Goodbye to Traditional PC Lifecycle Management
Traditional IT tools, including Microsoft SCCM, Ghost Solution Suite, and KACE, often require considerable custom configurations by T3 technicians (an expensive and often elusive IT resource) to enable management of a hybrid onsite + remote workforce. In many cases, even with the best resources, organizations are finding that these on-premise tools simply cannot support remote endpoints consistently and reliably due to infrastructure limitations.
Encrypt or Do Not Forward
Before Outlook exposes the encryption feature, your account needs to have an Office 365 Home or Office 365 Personal subscription. In other words, free Outlook.com accounts don’t have this functionality.
In addition, encryption only appears in the new Outlook.com interface. When the requirements are satisfied, you have two options to protect email (Figure 1):
- The message is encrypted, but the user can do anything they like after they decrypt the content.
- Encrypt and Prevent Forwarding (equivalent to the Do Not Forward option in Office 365). The message is encrypted en route, and the recipient has the right to perform common actions such as reply and print the message, but they cannot forward the message to anyone else.
Any Office attachments for a message receive the same protection as applied to the original message, even when downloaded. Non-Office attachments are decrypted when downloaded.
Office 365 Message Encryption Portal
Under normal circumstances, when you send email, Outlook.com sends a copy to the recipient’s email server, which then delivers the message to the recipient’s mailbox. Encrypted messages stay within Office 365. Recipients with email accounts outside Office 365 receive a notification to go to the Office 365 Message Encryption portal. The recipient can use the link to receive a one-time code or sign in with a federated directory (like Gmail) to prove their right to access the protected content.
Integration with Office 365 Business
As you’d expect, interaction with Office 365 recipients (business and consumer) is seamless. A Outlook.com user, messages are decrypted and display without the user needing to do anything special.
Custom Azure Information Protection Templates
The seamless integration extends to other Azure Information Protection (AIP) templates as well, including those custom-built to meet the specific needs of an organization. Part of the definition of a template is the granting of permissions (rights) to specific users or groups of users. You can grant permissions to users of any email domain in a template, which means that those users can open and interact with messages and documents protected by that template.
If the Outlook.com user has permission to view a message protected by an AIP template, Outlook.com fetches the necessary keys to decrypt the content and displays it inline, just like the way templates are processed by Office 365 clients. In Figure 2, we see that the message is protected with a template called “Intellectual Property” and see the policy tip for the template.
This functionality only works for the browser interface (so far). If you use Outlook desktop (Windows or Mac), you’ll have to go to the Office 365 Encryption Portal to access a protected message.
Same Licensing for OneDrive Restore
Microsoft takes the same approach to licensing the OneDrive restore feature, which is also confined to Office 365 Home subscribers. Helpfully, when a “free user” clicks Restore my OneDrive, Microsoft directs them to a web page about the feature, and offers the user the chance to “subscribe to Office 365 now.”
Some won’t like having to pay for extra functionality, but it is reasonable for Microsoft to monetize its technology by offering people the choice to pay for features that some will want, and some won’t. Email encryption and the ability to restore OneDrive files in case you suffer a malware attack both seem to be features in the useful category.
More to Come
It makes sense for Microsoft to continue to pursue opportunities to transfer technology between its consumer and enterprise cloud services. Maybe the next thing Microsoft will do is extend coverage to the on-premises parts of Exchange hybrid organizations. Perhaps in Exchange 2019?
Follow Tony on Twitter @12Knocksinna.
Want to know more about how to manage Office 365? Find what you need to know in “Office 365 for IT Pros”, the most comprehensive eBook covering all aspects of Office 365. Available in PDF and EPUB formats (suitable for iBooks) or for Amazon Kindle.