Protect Sensitive Email From Your iOS or Android Device
Office 365 notification MC193643 published on October 22 brings the good news that Outlook for iOS and Android has started to roll out native support for Office 365 Sensitivity Labels. The update fulfills Office 365 roadmap items 32648 (iOS) and 32649 (Android). Support for sensitivity labels is available in Outlook for iOS 4.7.1 (which is what I tested) and Outlook for Android 4.0.39.
Native support means that you can protect messages created in Outlook mobile by applying any of the Office 365 Sensitivity Labels published to your account via a label policy. Outlook Mobile clients have long been able to read protected content; this change adds the ability to apply protection (encryption) on the device.
Support For Sensitivity Labels Gradually Spreading
OWA recently got native support as did the Office ProPlus desktop applications. The remaining outliers are the Office Online apps and the SharePoint Online and OneDrive for Business browser interfaces. Sensitivity labels and policies are managed in the Security and Compliance Center.
Protecting Sensitive Email with Outlook for iOS
To apply an Office 365 Sensitivity Label to a new message, click the […] menu when composing the message and select Add Sensitivity (or Edit Sensitivity if you want to change the assigned label).
Next, select the sensitivity label to apply to the message (Figure 2). You can select any of the labels published to your account. Some labels apply markings (like headers) to messages while others encrypt the content using a Rights Management Template. The labels with a padlock icon apply encryption.
After applying a label, you continue to finalize the text and send the message. In Figure 3 we can see that the assigned label will encrypt the message because a padlock icon is present.Labels used for marketing have a stamp-like icon (not a postage stamp).
Where Encryption Happens
Unlike Outlook desktop or OWA, the Outlook mobile clients do not encrypt protected messages on the device. Instead, the message passes to the Exchange Online transport service where the label is detected and encryption, if needed, is applied prior to recipient delivery. Any attachments for labeled messages receive the same level of protection.
Exchange Online uses the same approach to decrypt protected content before delivery to mobile devices.
S/MIME Support Too
Microsoft also announced (MC193642) the general availability of S/MIME support for Outlook Mobile. Although Office 365 Sensitivity Labels can protect email and documents for Office 365 users, including when items are sent outside the tenant, S/MIME is sometimes preferred because it is an Internet protocol or because an organization has invested in the certificate infrastructure for S/MIME. The good thing is that Office 365 users can now choose either approach to protect confidential information. See this link for more information about the two methods for email protection.
Office 365 Sensitivity Labels are covered in detail in the Office 365 for IT Pros eBook. Subscribe now to stay updated with developments across Office 365.