Frequently Asked Questions

 

Emails can be manually encrypted via the "Encrypt" button when you are composing an email. Select "Options" at the top and choose "Encrypt". The email will have a message that will let you know it is being encrypted. "Encrypt-Only - This message is encrypted. Recipients can't remove encryption." Look for this visual cue when encrypting. Examples provided below.

Windows:

the encrypt option highlighed on Windows email

Mac:

Outlook for Mac may have two different versions an older version and a newer version.

Older Version: 

When composing a new email, select "Options" at the top left. Select "Encrypt" to keep your information secure.

the encrypt option highlighed on Mac email

Newer Version: 

The newer version appears to not have the "Encrypt" button by default so it will need to be added. When composing a new email select the ellipsis ("...") and then "Customize Toolbar". Several options will appear. To add the "Encryption" button, you will drag and drop the word "Encryption" to the toolbar at the top. When you go back to the email composition you will see "Encryption" at the top now. Select which encryption you would like. The recommended encryption options are "Encrypt-Only" and "Do Not Forward". 

customize tool bar option in Mac email
Encryption option in Mac customize toolbar settings
Drop down menu of encryption options on Mac

If I send an email with [secure] in the subject line, will it still get sent encrypted?

Yes it will still be sent encrypted but this is not the preferred method. The preferred method is via the encrypt button.

In most cases, yes. When typing an external email that the system identifies as containing sensitive data, you will see a message pop-up in the top of your email window. This warning message reads "Policy Tip: This message contains sensitive information. This will be encrypted.鈥 This tip provides warning that your recipient will receive an encrypted message. Use this visual cue to review your decision to communicate this type of information via email.

alert telling user their message contains sensitive information

If you send an email with protected data in it, the system will notify you via email that your original email message was encrypted. This notification email will state why the message was encrypted and what sensitive information was identified. The notification will also ask you to delete any existing copies of the email that are not encrypted, such as any copies that were sent to internal recipients which would be located in your sent items folder. After deleting it, be sure to delete the email from 鈥淒eleted Items鈥 folder as well.

If you send an email with protected data in it, the system will notify you via email that your original email message was encrypted. This notification email will state why the message was encrypted and what sensitive information was identified. The notification will also ask you to delete any existing copies of the email that are not encrypted, such as any copies that were sent to internal recipients which would be located in your sent items folder. After deleting it, be sure to delete the email from 鈥淒eleted Items鈥 folder as well.

notification alerting user that their message has been encrypted

 

If you receive a notification email, check to see what the system flagged as sensitive information. For example, if the system believes there is a Social Security Number mentioned in the email, it will include: 鈥淢essage contains the following sensitive information: U.S. Social Security Number (SSN)鈥 in the detected issues portion of the email.

If there is no sensitive information contained in the content of your message, please reach out to umsystemsecurity@umsystem.edu.  

Although we are implementing policies and procedures to help us protect university data, it's still your professional responsibility to ensure you interact with sensitive information appropriately. If you do send an email that contains sensitive information and the data loss prevention system does not detect it, please reach out to umsystemsecurity@umsystem.edu and provide information on who received the email and the sensitive information that should have been identified so we can refine our processes.

External users who receive an encrypted email message will be prompted to login to view the message. Once they have logged in successfully, the system will redirect the user to the encrypted message. Below are examples of what encrypted messages might look like for the external user:

message prompting users to log in to view protected email
message prompting users to log in to view protected email

Yes. If sensitive information is included in a Sharepoint or OneDrive file, the owner of the file will receive a notification from Microsoft identifying what type of sensitive information was found in the file and noting that access is blocked. The email will provide a link for the user to fix the issue in the file. A yellow triangle with an exclamation point will appear on the name of the affected file to warn the user of sensitive information. Some commands will not be available if sensitive information is detected in a file.

For example, any file that contains sensitive information cannot be shared with people who are given access to the item using the "anyone with the link" option. That option will be greyed out and unavailable. Users will still be able to use several other options, including, "people in your organization with the link," "people with existing access," and "specific people" settings. If you would like to use the "anyone with the link" feature, you will need to remove the sensitive information before doing so. In short, files with sensitive data in them must be shared with an explicit list of authorized individuals, rather than shared in a public manner.

Notification indicating access to a message has been blocked
pop up window showing viewers of a document
link sharing settings