Friday, 20 April 2018

Branding Azure Information Protection OME with your Company Logo

Microsoft recently release Office 365 Message Encryption v2, overhauled on Azure Information Protection rather than Azure Rights Management.

The solution, like it's predecessor, allows you to encrypt messages and have them encapsulated in the browser when being sent to recipients. The likely scenario for this is external recipients, and you can enforce encryption on specific domains, to specific people, or allow users to specify when to encrypt a message by, as an example, putting the word 'encrypt' into the subject line.

Exchange Online through the browser using Outlook on the Web/Outlook Web App and an updated version of Outlook 2016 allows recipients to decrypt these messages on the fly, as such does the web browser experience. (note Outlook version support requires 2016 as is being rolled out).

However the majority of users on other services will recieve the following.

The user will then have to authenticate with their username and password if they're on a supported platform such as gmail (where Microsoft is using gmail as an authentication provider), or the user will have to opt for a One Time Code (OTP). This is basically the same experience as Office 365 Message Encryption v1 offered. All well and good so far.

I was keen to see if you could still brand the OME experience, and I am pleased to say you can.

First, fire up a session to Exchange Online in PowerShell, then let's view the OME configuration using Get-OMEConfiguration

Next, let's upload a logo and see if OME continues to honour it even through we're utilising AIP.

Set-OMEConfiguration -Identity "OME Configuration" -Image (Get-Content c:\yourimage.png -encoding byte)

Finally let's check the image has been uploaded with Get-OMEConfiguration

You can see the image is uploaded to blob storage in Azure - but specifically mentions OMEv2 branding with the url

So to users that cannot auto decrypt OME encrypted emails, is the OME experience now branded? It is!

On another note, it's nice to point out you can also add disclaimer and additional text using these commands.

Set-OMEConfiguration -Identity "OME Configuration" -DisclaimerText "Your Text Here"

Set-OMEConfiguration -Identity "OME configuration" -PortalText "Your Text Here"

And don't forget, with AIP integrated you can use 'encrypt' via the 'Protect' button to auto encrypt emails rather than creating an OMEv2 Transport Rule for encryption self service or recipient or domain enforcement processes

Have fun!


No comments: