Implementing Office 365 Advanced Message Encryption- Microsoft SC-400 Certification

Given that we have ticked all the boxes when it comes to verifying the technical requirements listed at the beginning of the chapter, the business requirements in the previous section, we are all set to begin implementing these features in our Microsoft 365 tenant.

OME gives us the option to use several templates for email messages and, for example, define an expiration time for protected messages. The templates created can be used to fulfill multiple business use cases, for example:

  • Templates for geographical regions or countries
  • If you want to have the option to revoke email messages
  • If you want email messages sent to external mail addresses to expire after a given number of days
  • Separate templates for individual departments in your organization, such as HR, IT, PR, and the Executive Office

Note

Prior to creating templates, you will need to make sure that you have sufficient permissions in Exchange Online to run the commands.

To list the permission roles required for running the OME cmdlets, open PowerShell and run these commands in order:

  1. Connect-ExchangeOnline
  2. $Permissions = Get-ManagementRole -Cmdlet New-OMEConfiguration
  3. $Permissions | ForEach {Get-ManagementRoleAssignment -Role $_.Name -Delegating $false | Format-Table -Auto Role,RoleAssigneeType,RoleAssigneeName

This will give us an output similar to the following screenshot:

Figure 6.5 – Output of the Get-ManagementRoleAssignmet cmdlet to show the required permissions needed to run New-OMEConfiguration

Here, the listed RoleAssigneeName lists the roles/permissions needed to run the cmdlet.

Creating an OME template

To create a new template, we once again turn to PowerShell. The cmdlet used for creating a template is New-OMEConfiguration, which has the following parameters available:

  • -Identity
  • -BackgroundColor <String Value>
  • -DisclaimerText <String Value>
  • -EmailText <String Value>
  • -Image <Byte[ ]>
  • -ExternalMailExpiryInDays <Integer Value between 1-730>
  • -OTPEnabled <Boolean Value>
  • -PortalText <String Value>
  • -PrivacyStatementURL <String Value>
  • -ReadButtonText <String Value>
  • -SocialIdSignIn <Boolean Value>
  • -Confirm
  • -WhatIf

Here is an example of how you can create an OME template:

New-OMEConfiguration -Identity “Expire in 14 days” -ExternalMailExpiryInDays 14

This will create a branding template with an expiration date of 14 days.

Once we have created an OME template, we need to create a mail flow rule in Exchange Online to apply the template to certain senders or, as in the template we created in the example, to be sent to external addresses as the expiration value only applies to external emails.

Leave a Reply

Your email address will not be published. Required fields are marked *