Microsoft 365 Data Loss Prevention (DLP) policies have wide-ranging capabilities when it comes to rules and exceptions. One exception covers the various types of encrypted email that can pass through the Exchange Online transport pipeline. As it happens, three message types are supported, but who could have guessed that permission controlled means rights management?
Outlook for iOS and Android now support marking and encryption of email with Office 365 Sensitivity Labels. Sensitivity labels can now be applied through Office ProPlus, OWA, and Outlook mobile. All that really remains to achieve full coverage for sensitivity labels across Office 365 are the Office Online and SharePoint/OneDrive browser interfaces. In other news, Outlook Mobile also supports S/MIME.
The latest version of the Azure Information Protection (AIP) client supports the ability to associate S/MIME protection with an AIP label. Although interesting, it’s a feature unlikely to be of much practical use to the majority of Office 365 tenants.