1

I have a customer that needs to have their email recipients verify their identity before opening an email with sensitive material in it. For example if I send an email to jsmith@domain.com I need something to pop up and ask "what are the last four digits of your SSN", or something like that, before allowing them to open the email. In other words I need to verify that jsmith is John Smith and not Joe Smith. Can this be done with Exchange or Office 365? I know there are 3rd party services out there, but I would like to keep it to either Exchange or Office365.

Thanks in advance!

msindle
  • 605
  • 8
  • 26
  • `I know there are 3rd party services out there, but I would like to keep it to either Exchange or Office365.` You really don't. Let that minefield be someone else's problem. Why on earth would you want to be responsible for the hassle, the user complaints and the liability when some moron circumvents the system? – HopelessN00b May 09 '16 at 19:36
  • I guess what I meant by that statement was I would like to use some sort of plugin or add-on feature to exchange and keep everything in house. – msindle May 09 '16 at 20:27
  • 1
    Just have your users share sensitive documents using a cloud service like SharePoint Online or OneDrive for Business, password protect the documents, and communicate the passwords via phone call or some non-e-mail mechanism. Anything else is going to be more difficult to secure, but more to the point, it will be harder to assess the security of any purely e-mail based solution. – Todd Wilcox May 09 '16 at 20:30
  • 1
    No, I understand that. It's still a terrible idea. Think about what this entails, for a second. This necessarily requires a PKI infrastructure for encrypting emails and authenticating users, which must integrate into your Exchange infrastructure. When it doesn't integrate seamlessly and completely transparently (which it won't, because it can't), your users will blame you. When it breaks, your users will blame you. When someone copies encrypted data and sends out in plaintext, you will get blamed for the security breach. This is a lose-lose situation. Give it to someone else. – HopelessN00b May 09 '16 at 20:31
  • Very good points thank you @HopelessN00b – msindle May 09 '16 at 20:39

2 Answers2

2

I haven't personally used the Microsoft Azure Rights Management service, but it should fit into your requirements to protect the data just nicely.

IT won't ask for a PIN or code, but it I believe that it's a better solution for ease of use.

https://channel9.msdn.com/Series/Information-Protection/Azure-RMS-user-experience

https://docs.microsoft.com/en-us/rights-management/understand-explore/compare-azure-rms-ad-rms

Noor Khaldi
  • 3,829
  • 3
  • 18
  • 28
0

You can use Office 365 Message Encryption. Users have to login with either a Microsoft account or a one-time PIN code to view the message. You can disable the PIN code option to enhance the security.

It won't know any recipient details like SSN though.

myron-semack
  • 2,573
  • 18
  • 16