Read an OME-encrypted message

On this page:

Overview

UITS has enabled Office Message Encryption (OME) as a replacement for CSESS (Cisco Secure Email Encryption Service) formerly CRES (Cisco Registered Envelope Service). The method for reading an OME message depends on the recipient email system; for the highest compatibility, the sender and recipient should both use the "click to run" version of Outlook (often referred to as the "Microsoft 365 version of Office"), or use Outlook on the web (OWA). However, other versions of Outlook 2016 or higher should perform similarly.

To check your version of Outlook, select File, then choose Office Account, and look under "About Outlook".

An example of the About Outlook information in Outlook

Note:

To learn how to force the encryption of a message, see Ensure that mail sent from your Exchange account to an outside address is encrypted.

Even if the sender does not force encryption, all outbound messages from IU mail servers to external recipients are scanned for certain potentially sensitive information; if the scan determines that the message is likely to contain sensitive data, it is encrypted.

Scenarios

In any of the scenarios below, if you select Read the message and get the following error message, "User account user@external.com from identity provider "mail" does not exist in tenant "Indiana University" and cannot access the application...", copy the link and open it in a browser that is not already authenticated to your credentials.

IU Exchange to IU Exchange - same tenant

In this scenario, there should be no difference from any other standard send/receive scenario. You may see some text saying that the email is encrypted, but the encryption will be seamless and should not impact message operations.

IU Exchange to non-IU Exchange - different tenant

If the external tenant's settings are configured in the same way as IU's tenant (usually they are not), there should be no difference from any other standard send/receive scenario. The .rpmsg attachment is not intended to be opened, and should be ignored.

If the external tenant's settings are not configured in the same way as IU's tenant:

  1. Open the notification email, and select Read the message.
  2. A dialog box may prompt you for the intended recipient's email address (this might not be you), if it isn't automatically applied from the link.
  3. Request a temporary code that will be sent to the intended recipient's email address, and then use it to access the message.

IU Exchange to non-Exchange - self-validating provider (Gmail or Yahoo)

The .rpmsg attachment is not intended to be opened, and should be ignored.

Note:
Other high volume email vendors may offer account self-validation, but Gmail and Yahoo are the only ones known currently.
  1. Open the notification email, and select Read the message.
  2. A web page will open with the option to either access the message with the intended recipient's Gmail login, or to receive an access code.
    • If you choose to use the intended recipient's Gmail login, enter the intended recipient's Gmail credentials to access the message.
    • If you choose to receive an access code, it will be sent to the intended recipient's Gmail account; use it to access the message.

IU Exchange to non-Exchange - other providers

The .rpmsg attachment is not intended to be opened, and should be ignored.

  1. Open the notification email, and select Read the message.
  2. A dialog box may prompt you for the intended recipient's email address (this might not be you), if it isn't automatically applied from the link.
  3. A web page will open with the option to receive an access code.
  4. The code will be sent to the intended recipient's email address; use it to access the message.

Open an attachment

If the attachment is a file that was sent with the email, then you can open it like a standard attachment. If the attachment is a OneDrive link, when you attempt to open it you may be prompted to receive and then enter a temporary code that is specific to OneDrive. The code will be sent to the intended recipient's email address; use it to access the attachment.

Note:

As a Data Loss Prevention function, automatic encryption cannot be disabled. If you believe your message was incorrectly encrypted, contact it-incident@iu.edu; if possible send the message as an attachment, or include the text of the message in your email. Make sure to include the following:

  • Sender email address
  • Recipient email address
  • Date and time of the message
  • Subject of the message

Mailing lists

As a best practice sensitive data should not be sent via listserv. If you send data that could be considered sensitive, you may need to use a different service, or send the message from the IU List interface.

Forwarding

Since encrypted messages are intended for a specific recipient, forwarding an encrypted message is not considered best practice.

This is document bilj in the Knowledge Base.
Last modified on 2023-08-14 12:03:23.