Sonntag, 25. November 2018

Office 365 Message Encryption (OME) vs. Azure Information Protection

Main difference from a security perspective is, that OME is encrypting the transport and not the attached content over its lifetime.
Details:
All feature like IRM, AIP and OEM are based on the Azure RMS Service. The overall architecture looks like this:

Comparison of OME, IRM, and new OME capabilities


OME vs AIP


  • If you want to protect documents attached to an E-Mail only on the transport layer or if you want to use the “Do not forward” feature OME is the way to do it.
  • If you want to protect the document also after the E-Mail is received and the document is downloaded etc. then you need AIP.

Bothe features are good to protect E-Mails and attachments for internal use and for sharing them with externals. In OME you can send protected E-Mails to external receptions with out configuring anything special. The recipients received an HTML message that they downloaded and opened in a browser or downloaded mobile app:
To make the functionally available with AIP you need to add the external domain to you AIP label:

Protecting an E-Mail with AIP or OME in Outlook


OME:

AIP: