Read an OME-encrypted message
On this page:
Overview
UITS has enabled Office Message Encryption (OME) as a replacement for CSESS (Cisco Secure Email Encryption Service) formerly CRES (Cisco Registered Envelope Service). The method for reading an OME message depends on the recipient email system; for the highest compatibility, the sender and recipient should both use the "click to run" version of Outlook (often referred to as the "Microsoft 365 version of Office"), or use Outlook on the web (OWA). However, other versions of Outlook 2016 or higher should perform similarly.
To check your version of Outlook, select
, then choose , and look under "About Outlook".To learn how to force the encryption of a message, see Ensure that mail sent from your Exchange account to an outside address is encrypted.
Even if the sender does not force encryption, all outbound messages from IU mail servers to external recipients are scanned for certain potentially sensitive information; if the scan determines that the message is likely to contain sensitive data, it is encrypted.
Scenarios
In any of the scenarios below, if you select user@external.com
from identity provider "mail" does not exist in tenant "Indiana University" and cannot access the application...", copy the link and open it in a browser that is not already authenticated to your credentials.
IU Exchange to IU Exchange - same tenant
In this scenario, there should be no difference from any other standard send/receive scenario. You may see some text saying that the email is encrypted, but the encryption will be seamless and should not impact message operations.
IU Exchange to non-IU Exchange - different tenant
If the external tenant's settings are configured in the same way as IU's tenant (usually they are not), there should be no difference from any other standard send/receive scenario. The .rpmsg
attachment is not intended to be opened, and should be ignored.
If the external tenant's settings are not configured in the same way as IU's tenant:
- Open the notification email, and select .
- A dialog box may prompt you for the intended recipient's email address (this might not be you), if it isn't automatically applied from the link.
- Request a temporary code that will be sent to the intended recipient's email address, and then use it to access the message.
IU Exchange to non-Exchange - self-validating provider (Gmail or Yahoo)
The .rpmsg
attachment is not intended to be opened, and should be ignored.
- Open the notification email, and select .
- A web page will open with the option to either access the message with the intended recipient's Gmail login, or to receive an access code.
- If you choose to use the intended recipient's Gmail login, enter the intended recipient's Gmail credentials to access the message.
- If you choose to receive an access code, it will be sent to the intended recipient's Gmail account; use it to access the message.
IU Exchange to non-Exchange - other providers
The .rpmsg
attachment is not intended to be opened, and should be ignored.
- Open the notification email, and select .
- A dialog box may prompt you for the intended recipient's email address (this might not be you), if it isn't automatically applied from the link.
- A web page will open with the option to receive an access code.
- The code will be sent to the intended recipient's email address; use it to access the message.
Open an attachment
If the attachment is a file that was sent with the email, then you can open it like a standard attachment. If the attachment is a OneDrive link, when you attempt to open it you may be prompted to receive and then enter a temporary code that is specific to OneDrive. The code will be sent to the intended recipient's email address; use it to access the attachment.
As a Data Loss Prevention function, automatic encryption cannot be disabled. If you believe your message was incorrectly encrypted, contact it-incident@iu.edu
; if possible send the message as an attachment, or include the text of the message in your email. Make sure to include the following:
- Sender email address
- Recipient email address
- Date and time of the message
- Subject of the message
Mailing lists
As a best practice sensitive data should not be sent via listserv. If you send data that could be considered sensitive, you may need to use a different service, or send the message from the IU List interface.
Forwarding
Since encrypted messages are intended for a specific recipient, forwarding an encrypted message is not considered best practice.
This is document bilj in the Knowledge Base.
Last modified on 2023-08-14 12:03:23.