Email encryption: Microsoft Purview Information Protection and NoSpamProxy Encryption compared
Sensitive data such as contract details, invoices, confidential product information or patient, customer and employee data is exchanged by email on a daily basis. Each individual email travels across countless servers (and national borders). To ensure that confidential information remains confidential on these journeys, you need powerful encryption software. NoSpamProxy offers S/MIME- and PGP-based email encryption and thus lays the foundation for secure email communication, data protection and legal security in your company. However, Microsoft also offers its customers the option of exchanging encrypted emails with Microsoft Purview message encryption. In this blog article, we compare both solutions and show you which one is right for you.
What is Microsoft Purview Message Encryption?
Microsoft Purview Message Encryption is a proprietary Microsoft product that combines email encryption and rights management functions. The rights management functions are provided by Purview Information Protection. More specifically, it is an online service based on the cloud-based protection technology Azure Rights Management (Azure RMS), which is used by Purview Information Protection. Azure RMS enables the protection of emails and documents through encryption and access control.
Users have the option of encrypting emails and various attachments, with encryption being applied to individual documents as required. Administrators can, for example, define message flow rules to apply the available protection. For example, it can be specified that all messages sent to a specific recipient must be encrypted or that the recipients may not copy or print the content of the message.
Users of Outlook and Outlook on the Web can send encrypted emails directly from the client or the interface. Administrators can set up email flow rules to automatically encrypt emails based on keywords, matches or other conditions.
Recipients who also use Purview Information Protection can then decrypt the emails seamlessly. All other recipients must use the Azure Portal to gain access to the encrypted emails.
Requirements for using Microsoft Purview message encryption
First of all, you need a tenant in Exchange Online and a corresponding plan that includes message encryption, for example Office 365 Enterprise E3 or E5. Make sure that every user who wants to use Microsoft Purview Message Encryption has a license to use Message Encryption.
Azure Rights Management (Azure RMS) must also be activated in the relevant tenant. This is the case for most eligible license plans by default. In these cases, message encryption is also activated automatically so that no intervention is required on your part.
Users who use Outlook clients to read emails and use Microsoft 365 with Exchange Online can open the encrypted and rights-protected emails as normal, even if they are not within the same organization.
Recipients who use other email services such as Gmail or Yahoo will receive a wrapper email that forwards them to the OME portal. There they must authenticate themselves with a Microsoft account, Gmail or Yahoo credentials. The same applies to recipients who read encrypted or rights-protected emails on clients other than Outlook.
NoSpamProxy, the gateway-based solution
In contrast to Microsoft’s proprietary encryption solution, NoSpamProxy Encryption is a gateway solution that uses the recognized S/MIME standard for encrypting emails. NoSpamProxy also takes over the central management of certificates and keys – and makes the introduction and operation of your encryption solution very simple. In addition to S/MIME, you can also use PGP encryption. With the NoSpamProxy add-in for Microsoft Outlook, you can directly control the encryption of your emails and thus determine whether the gateway should perform encryption.
Optimal protection with S/MIME 4.0
S/MIME 4.0 is the latest version of the recommended and internationally agreed standard for the electronic signing and encryption of emails. NoSpamProxy offers full support for the S/MIME 4.0 standard, making it the only product in its class to fully comply with the recently updated requirements and recommendations of the German Federal Office for Information Security (BSI) for federal projects. This allows you to ensure legal security and confidentiality through reliable email encryption while guaranteeing full GDPR compliance.
Permanently low configuration effort
In addition to administration, NoSpamProxy Encryption also centralizes the acquisition of all required certificates after a one-off setup. IT administrators benefit from a variety of helpful management functions. Our own free Open Keys service allows you to quickly and easily find the certificates of your communication partners and thus communicate immediately in encrypted form without having to exchange signed emails beforehand.
You can publish your public keys and those of your organization on Open Keys and make them discoverable. Open Keys can also be used by users who are not NoSpamProxy customers; they can use the service and automatically search for public keys via LDAP (Lightweight Directory Access Protocol) or Web API.
Furthermore, the use of NoSpamProxy does not change anything for the employees of an organization – the gateway takes over all encryption functions. No special training is required for users.
Communicate securely with NoSpamProxy without certificates
In the event that recipients do not have a personal certificate or PGP key, NoSpamProxy Encryption provides a simple remedy: With the PDF mail function, NoSpamProxy Encryption offers an additional way of sending emails and documents securely without making any demands on the recipient.
When encrypting emails with NoSpamProxy Encryption, our encryption solution automatically converts the email and all attachments into a password-protected PDF document. Alternatively, the recipient can assign their own password by logging into the NoSpamProxy Web Portal. They then only need a PDF reader to open the document.
NoSpamProxy, the ideal complement to Microsoft 365
Many companies are currently introducing Microsoft 365 as a cloud solution and part of their digital transformation. However, the shift to cloud-based and flexible working made possible by the modern workplace must not come at the expense of security or data protection. Emails are still the biggest gateway for cyberattacks. Many experts therefore recommend using additional email security solutions such as NoSpamProxy, as Exchange Online Protection (EOP) and Microsoft Defender for Office 365 do not offer optimal protection and also have some disadvantages in the area of encrypted communication.
A sensible use case would be, for example, to use Purview Information Protection for the internal and external encryption of documents, including the assignment of rights,and at the same time NoSpamProxy for the exchange with external communication partners on the basis of email encryption standards that every company supports.
Not yet using Microsoft Purview Information Protection and NoSpamProxy Encryption?
Request your free trial version now and rely on the ideal combination of Microsoft solutions and NoSpamProxy.