Skip to content

Email Encryption

The user can check the Enable Email Encryption option if they want to send mail in an encrypted form. Further, they are provided with two methods of encrypting the mail, i.e.,Encrypt-Only and Do Not Forward. Note that it is mandatory to fill either of the two fields.

Email Encryption with Hire2Retire's server

The user can select Hire2retire's mail server and may opt for encrypting the email sent from the server. To proceed with this select the Enable Email Encryption option which would further require you to choose the methods of encryption, which are Encrypt-Only and Do Not Forward, the user can choose one of these at a time.

Email Encryption with Outlook

The “Enable Email Encryption” feature will be supported using “Microsoft Purview Message Encryption”. With “Microsoft Purview Message Encryption”, users can send encrypted email. Additionally, admins can setup mail flow rules in Microsoft Exchange Admin Center. This feature will be optional. Encrypted email could only be sent if the user has enabled the feature “Enable Email Encryption" in Hire2Retire as well as set up mail flow rules.

  • Encrypt-Only - In this method, the message is encrypted in transit and at rest in the recipient’s mailbox, including any attachments. Recipients cannot remove the encryption, so forwards and replies to the message remain encrypted.

  • Do Not Forward - This option allows the recipients to read the message, but the recipients cannot forward, print or copy content. Recipients cannot remove the encryption, so forwards and replies to the message remain encrypted.

Steps to implement Microsoft Purview Message Encryption

To send encyrpted emails user needs to configure mail flow rule, follow these steps to create a mail flow rule.

Note: The only prerequisite for using Microsoft Purview message encryption is  Entra ID Rights Management must be activated in the your organisation's tenant.

  1. Go to Exchange Admin Center

  2. In the navigation blade click on Mail Flow > Rules and then click on Add a rule

    Mail Flow Rule

    Fig.1 Add a Rule

  3. Two separate mail flow rules will be configured for the “Encrypt-Only” and “Do Not Forward” options.

    Configure Mail Flow Rule

    Fig.2 Configure Rule

    To create a rule for Do Not Forward, follow the same process but replace encrypt-only with do-not-forward in message headers and in the RMS template select Do Not Forward.


  4. Next, select the RMS Template.

    RMS Template

    Fig.3 RMS Template

The rule will be configured in such a way that emails will be sent with encryption when following two conditions are met:

  • Sender is provided, e.g. hire2retire@robomq.io.
  • Email message headers contain an Encryption Key and whose values are Encrypt-Only/Do Not Forward as chosen by the customer.

Note: It will take a new mail flow rule 30 minutes to apply to the existing emails. And new emails can be immediately encrypted and sent after the rule has been activated.