Office 365 Message Encryption (OME)

Emory is now using Office 365 Message Encryption (OME) to encrypt outgoing email messages. OME allows Emory users to send emails to external users, ensure the message is transmitted securely, and visible only by the intended recipient.

How to send an encrypted message if you are an Emory email user

  1. Create a new e-mail message in your e-mail client of choice (i.e., Outlook). In the subject line, addeither(encrypt) or (secure), including the parenthesis, along with the rest of your subject. Adding one of these two tags to your e-mail subject is what tells the e-mail system to encrypt your message. 


  1. Add the recipient(s) e-mail address(es), compose the message as you normally would, and hit Send when you’re finished. If you send an e-mail to a mix of Emory and non-Emory recipients, the non-Emory recipients will receive an encrypted copy, and the Emory recipients will receive the message as normal. Always double-check the addresses to ensure that you’re sending the message to the intended recipient(s).
  2. The recipient of your message will receive an e-mail informing them that they have an encrypted message waiting for them, and will be instructed on how to access it.

For more information about OME, see the following link:

How to view an encrypted message that you have received from Emory

1. You will find an attachment in the email called message.html. The email should also have the following image at the bottom of the message. Save and open the message.html file, and follow the instructions contained in the attachment.

OME Pic 1

2. You will have the option to either use a Microsoft account to login and view the message (you will need to create one the first time if you don't have an account already), or use a one-time passcode that will be emailed to you. If you expect to receive encrypted e-mails regularly we suggest that you create a Microsoft account. See the links below for additional instructions.

Using a Microsoft account to view an encrypted message

Use a one-time passcode to view an encrypted message


Q. Can I send an encrypted message using a mobile device?

Yes, just be sure to include (encrypt) or (secure) in the subject line when sending an e-mail from your Emory account.

Q. Can I read an encrypted messages using a mobile device?

Yes, you can view messages on Android and iOS by downloading the OME Viewer apps from the Google Play store and the Apple App store. Instructions for opening messages using the mobile app can be found here:

View encrypted messages on your iPhone or iPad

View encrypted messages on your Android device

Q. Are replies and forwarded messages encrypted?

Yes. Responses continue to be encrypted throughout the duration of the thread.

Q. Is it possible to revoke a message sent to a particular recipient?

No. You can’t revoke a message to a particular person after it’s sent.

Q. Are Office 365 encrypted messages stored in the cloud or on Microsoft servers?

No, the encrypted messages are kept on the recipient’s email system, and when the recipient opens the message, it is temporarily posted for viewing on Office 365 servers. The messages are not stored there.

Q. Do external recipients require subscriptions?

No, external recipients do not require a subscription to read or reply to encrypted messages.

Q. How is Office 365 Message Encryption different from S/MIME?

S/MIME is essentially a client-side encryption technology, and requires complicated certificate management and publishing infrastructure. Office 365 Message Encryption uses transport rules and does not depend on certificate publishing.

Q. How does Office 365 Message Encryption work?

Visit Encryption in Office 365.

Q. Does Office 365 Message Encryption provide localization (language support)?

Incoming email and HTML content is localized based on sender email settings. The viewing portal is localized based on recipient's browser settings. However, the actual body (content) of encrypted message isn't localized.

Q. Why do some encrypted messages say they come from

When an encrypted reply is sent from the encryption portal or through the OME Viewer app, the sending email address is set to because the encrypted message is sent through a Microsoft endpoint. This helps to prevent encrypted messages from being marked as spam. The displayed name on the email and the address within the encryption portal aren't changed because of this labeling. Also, this labeling only applies to messages sent through the portal, not through any other email client.

Q. How many recipients can I send an Office 365 encrypted message to?

The recipient limit for an encrypted message is based on the number of characters in the message’s To field. When combined (after distribution list expansion), recipient addresses in the To field should not exceed 11,980 characters. Because email addresses can vary in character length, there isn’t a standard recipient limit for a single encrypted message.