You give Encrypt button back NOW, Microsoft!!!!

Back to Blog

You give Encrypt button back NOW, Microsoft!!!!

Recently Sensitivity labels were brought to Outlook, across all the various apps now, including mobile, desktop and web access.

This drama has certainly been worth watching. I think Sensitivity labels should gain a lot of traction in general over the next year or two. It’s so much more powerful than most people yet realize: Security that travels with the message or document wherever it roams, and is enforced not through some kind of “container” or perimeter-based protection, but rather a label–which corresponds to an abstract object in the cloud that contains the permissions list for documents bearing said label.

Therefore even with a single message or file that ends up traveling or spreading across multiple locations: Exchange, OneDrive, Teams, SharePoint, etc. or multiple clouds even (Google, DropBox, whatever), I would still only need to manage permissions and access to the original document as well as any other copies of that document in one single place: on the label via the 365 Security &/or Compliance admin centers.

Really cool stuff, and glad to see they continue to make forward progress bringing this functionality to all the various apps and services.

But, I have only one complaint for today… that area where you see the Sensitivity button in Outlook now? Yeah, that used to be the Encrypt button. And even though I love Sensitivity labels… I love the Encrypt button even more.

We miss you, Encrypt button.

The reason is that 90-95% of the time, today at least, the only thing my customers really want to do with Information Protection in Outlook is ENCRYPT an email. Some of them like the Do Not Forward option too (really the only Outlook specific permission I can currently apply with a custom Sensitivity label anyway), but that’s a much smaller subset of people than those that just want pure and simple encryption.

So Microsoft, let me remind you that we went through all of this before:

First there was NO BUTTON, and you had to manually trigger encryption using like a subject line or body tag and a transport rule. YUK!

Then, thank Goodness, a button arrived, but it was buried and not super obvious what it was for. It also applied more protection by default with the Do Not Forward template, which also prevented printing any attachments.

FINALLY the button became more prominent and clear (in OWA at least–but it was called Protect instead of Encrypt), and then eventually the default permission was set to the Encrypt only template, which only encrypts the message and attachments (doesn’t apply any other restrictions like printing, forwarding, etc.).

It took sooooo long to win that button battle… I was soooo happy when they finally got it (mostly) right. Aaaaannnd now I’m soooooo bummed, because it’s buried again.

Eff you ellipses. Just Eff you.

Look Microsoft, I really don’t think it’s too much to ask that you bring the Encrypt button back. And while you’re at it, can we have the Encrypt button also prominently displayed on the Home ribbon in Outlook for the desktop? It’s still hiding under the Options tab. Blah.

We were almost there on Outlook desktop too…

Just. Put. The. Button. Where. It. Belongs.

I don’t care what you do with the Sensitivity button. I mean, we’re proud of you–good work. And you can leave it on the home ribbon too if you want to, or maybe put it under an ellipses or back on the Options tab since it is second choice / less frequent an ask in my experience (will probably be used more to mark confidential internal emails, etc.).

My last choice would be if you placed the Encrypt button under the Sensitivity labels, and that was like a default label applied globally to everyone. But… no don’t do that. Seriously, what about just going back to the good old fashioned Encrypt button? That seems easiest.

Comments (11)

  • Bhavesh Shah Reply

    I am not sure but many organizations must have trouble with encryption button if they are using third party solution to monitor data leakage. We had to disable this button as our third party solution can not inspect attachment if sent as encryption.

    Look at wider audience

    November 2, 2019 at 11:00 am
    • Alex Reply

      Or maybe look at what is available first party before going to third…

      November 2, 2019 at 6:05 pm
  • Aaron Jacobs Reply

    Our ever better, let us choose!

    November 3, 2019 at 12:07 am
  • Edward Mendoza Reply

    I believe the Encrypt button is replaced with Sensitivity if you enable Unified Labeling. At least that seems to be the case with the tenant where we have it enabled. I do not see a way to turn it off once it is enabled.

    February 21, 2020 at 2:10 pm
  • Kevin Nguyen Reply

    I just migrated to M365 and trying to implement encryption for email and files. Also working on Azure Information Protection and things get confusion with the classic label and the new unifying label. I’m starting to understand it a bit, but still not sure I need both the Sensitivity button and the Encrypt button.

    Doesn’t the Sensitivity button does the same thing as the Encrypt button if you configure it like so?

    November 17, 2020 at 3:31 pm
    • Alex Reply

      There are two encryption templates: Encrypt only and Do Not Forward. The Sensitivity labels (unified labels) do not at present have the ability to apply the Encrypt only template, only the Do Not Forward. So I can create a label that applies Do Not Forward, but not Encrypt. Encrypt is more flexible, in that you do not have to apply restrictions such as preventing copy/paste, forwarding and so on. The message can be encrypted but not restricted. If that makes sense. If they do open the ability to apply Encrypt only using a Sensitivity label, then I would just create an Encrypt only label, and then yes the other button would be moot.

      November 18, 2020 at 12:01 pm
  • Kevin Nguyen Reply

    I understand it now. I didn’t start configuring Sensitivity Label, so didn’t realize that it’s not possible. Very inconvenient for users. Would you please let me know if I got this right regarding the templates under the Encrypt button?

    1) Encrypt and “Do Not Forward” template came from OME and is not configurable.
    2) You can configure the templates in Azure Information Protection under the “Protection templates” in Labels. These two templates, Company Confidential and Highly Confidential< also show up under the Encrypt button. Are the part of OME or AIP?

    November 19, 2020 at 1:37 pm
    • Alex Reply

      Yeah those harken back to the olden days of AIP and OMEv1. I believe new tenants just have the two in OMEv2. The Confidential/Highly Confidential stuff belongs in Sensitivity labels rather than using those protection templates. Eventually I would like to see the option to add “encrypt” to a Sensitivity label, and be done with the distinction. Time will tell.

      November 20, 2020 at 1:50 pm
  • John Reply

    How in the hell does someone even get the Encrypt button to appear in Outlook desktop? Appears and functions fine in OWA, but cannot get it to appear in Outlook (“MS 365 Apps for business”)?

    March 15, 2021 at 4:00 pm
    • Alex Reply

      It is not as prominent as it is in Outlook but it should be there. New message (separate window not within the preview pane) > Options (on the ribbon) > Encrypt, or go to File > Encrypt

      March 16, 2021 at 4:21 pm
    • Alex Reply

      And your subscription must support it (e.g. Microsoft 365 Business Premium)

      March 16, 2021 at 4:22 pm

Leave a Reply

Back to Blog

Helping IT Consultants Succeed in the Microsoft Cloud

Have a Question? Contact me today.