Office 365 Message Encryption (OME)


Emory is using Office 365 Message Encryption (OME) to encrypt outgoing email messages. OME allows Emory users to send emails to external users, ensure the individual message is transmitted securely, and visible only by the intended recipient. 

In September 2018, Emory will upgrade OME to a newer version that uses Azure Rights Management Services (Azure RMS).  Recipients of OME encrypted emails using Azure RMS will have a much better experience in opening and replying to emails.


If you received an encrypted email from Emory please select which message format it looked like:



Link - How to send an encrypted message if you are an Emory email user. 



Q.  Can I send an encrypted message using a mobile device?

Yes, just be sure to include (encrypt) or (secure) in the subject line when sending an e-mail from your Emory account.


Q.  Are replies and forwarded messages encrypted?

Yes. Responses continue to be encrypted throughout the duration of the thread.


Q.  Is it possible to revoke a message sent to a particular recipient?

No. You can’t revoke a message to a particular person after it’s sent.


Q.  Are Office 365 encrypted messages stored in the cloud or on Microsoft servers?

No, the encrypted messages are kept on the recipient’s email system, and when the recipient opens the message, it is temporarily posted for viewing on Office 365 servers. The messages are not stored there.


Q.  Do external recipients require subscriptions?

No, external recipients do not require a subscription to read or reply to encrypted messages.


Q.  How is Office 365 Message Encryption different from S/MIME?

S/MIME is essentially a client-side encryption technology and requires complicated client certificate management and publishing infrastructure.

Office 365 Message Encryption utilizes Azure Rights Management to encrypt the messages.  Sending messages can use transport rules or Rights Management classifications and does not depend on certificate publishing. 


Q.  How does Office 365 Message Encryption work?

Microsoft link to OME


Q.  Does Office 365 Message Encryption provide localization (language support)?

Incoming email and HTML content is localized based on sender email settings. The viewing portal is localized based on recipient's browser settings. However, the actual body (content) of encrypted message isn't localized.


Q.  Why do some encrypted messages say they come from

When an encrypted reply is sent from the encryption portal or through the OME Viewer app, the sending email address is set to because the encrypted message is sent through a Microsoft endpoint. This helps to prevent encrypted messages from being marked as spam. The displayed name on the email and the address within the encryption portal aren't changed because of this labeling. Also, this labeling only applies to messages sent through the portal, not through any other email client.


Q.  How many recipients can I send an Office 365 encrypted message to?

The recipient limit for an encrypted message is based on the number of characters in the message’s To field. When combined (after distribution list expansion), recipient addresses in the To field should not exceed 11,980 characters. Because email addresses can vary in character length, there isn’t a standard recipient limit for a single encrypted message.


Q.  What is the difference between the Old OME and New OME?

The original OME service Microsoft used was from a 3rd party provider that requires the recipient to do more work opening a message.  OLD OME 

Emails received contained an HTML attachment that had to be downloaded was suspicious to recipients not expecting this process. 

Messages received using the older OME service will continue to work for now. 

The new OME service leverages Microsoft Azure RMS, and provides a much improved recipient user experience.  NEW OME

Also by leveraging the Microsoft Azure RMS platform, messages and attachments can have better encryption as well as enhanced capabilities for securing access to documents.