Email Encryption

The UM email encryption service is a selective message-based encryption solution that is available to all users with an email address. It encrypts the entire message and all attachments and then sends them securely to another email account.


To encrypt an email, simply include the phrase *encrypt* anywhere in the subject line and send the message as normal. Note: This trigger phrase is not case-sensitive; otherwise, it must be entered exactly as shown, with both asterisks and no spaces between.

When to Use, and When not to Use, Email Encryption

Email, even when encrypted, is not an appropriate medium for transmitting many types of data. Any data protected by FERPA (student identification, grades, etc.), HIPAA (protected health information), GLBA (credit and banking information), or US government classification (confidential, secret, etc.) should NEVER be emailed to or by anyone regardless of encryption. This kind of information is very valuable, and should be treated as though very smart and sophisticated attackers are attempting to steal it from our organization at all times. If you have any doubts as to whether a particular type of information falls under one of these regulatory regimes, contact us for clarification.

That said, there are other kinds of information that University faculty and staff members may wish to transmit with a little extra protection. Email encryption in Office 365 adds a layer of protection for this kind of information while also preserving most of the convenience of email communication. Examples may include: sharing research ideas or results with collaborators; submitting reviews for a professional journal; transmitting one's own protected IP to an authorized party; and more. These data types fall outside of regulatory frameworks, and the balance between security and convenience in handling them is left to the individual user. Encrypted email is one tool available to University employees as they attempt to find the security/convenience balance that works for their specific purposes.

Encryption Process

The following steps are provided to illustrate the entire encryption process. They demonstrate how an email is created and decrypted by the recipient. In this example a UM user is sending email to an external address, but it is possible to send encrypted email to internal addresses as well. Select the steps and example images below to reveal more information.

Additional Information

The encryption service is based on Office 365 Message Encryption (OME) technology. OME provides flexibility and it can be applied as-needed to any email that is sent from an account. It encrypts the email body, all attachments, and gives recipients the ability to easily send encrypted replies through a built-in portal.

External email ( to is the most common use case for email encryption. This layer of protection is particularly useful when confidential information needs to be sent to an outside email account, whereby the security of the receiving system is unknown. For example, it can be useful for sending messages to external email services such as Gmail and to other universities or government agencies. The email encryption service may also be appropriate if there is a need to send confidential information to UM students who use external accounts (including

Internal email ( to is automatically encrypted in-transit between users and at-rest on the Office 365 servers. This assurance of security is upheld as long as the data remains on the Office 365 infrastructure. However, we must consider our email can be forwarded to an external account without our knowledge and/or accessed on improperly secured devices. The encryption service is available to provide an extra layer of protection for highly confidential internal messages.

Select the questions below for additional details about our Office 365 Message Encryption (OME) services: