In order to begin using the EncryptTitan e-mail encryption services for Microsoft 365, you must configure 365 to send outbound e-mail though the EncryptTitan encryption gateway. Once configured, EncryptTitan will inspect each message to determine whether to encrypt the message based on your organizational encryption triggers.

Note; If you are familiar with PowerShell, consider using the PowerShell script attached to your "welcome message" to simply the configuration of Microsoft 365 (Exchange Online). Please review this knowledge based article before attempting to use the PowerShell script: EncryptTitan PowerShell Setup Scripts for Microsoft 365.



There are 4 main steps:


Add an EncryptTitan Connector


  1. Point your browser to https://login.microsoftonline.com/.
  2. Enter your administrator account email address and password. (If you are not an Administrator, you will be redirected to the user hub; since you will need to access the administration features, you will need to contact your Office 365 Administrator)
  3. Click Sign in. The Office 365 console appears.

On the left selection area click on Admin to be directed to the Microsoft 365 Admin Center



        4. Once in the Admin centers, press the  Exchange Tile.




     5. Click on Mail Flow, then click on Connectors.

     6. In the Connectors section, click the + sign to add a new connector. The Mail Flow Scenario dialog box opens.


    7. Select Office 365 for the Connection From: and Partner organization for the Connection to:. Click Next.


    8. In the Name field, enter a descriptive name for the outbound connector, this can be EncryptTitan or any other                      descriptive name 
       

    9. In the Description field, enter additional descriptive information about the outbound connector. To enable the                    connector immediately upon completion check the box Turn it on. Click on Next.

    10.  Select the option “Only when I have a transport rule set up that redirects messages to this connector“. Click Next



  1. On the Route email messages page select “Route email through these smart hosts“.
  1. Please refer to your “Welcome Message” for the outbound gateway name that your domain has been assigned. Enter the gateway name in the text field and click the + symbol to add the smart host. Then click on Next.


  1. Ensure “Always use Transport Layer Security (TLS)” and “Issued by a trusted certificate authority (CA)”  are the options selected. Click on Next.


    14. You will now need to verify the connector.  Add verify@encrypttitan.com as the test e-mail address then click        the + symbol and then press the Validate button.  

   The validation step will attempt a connection from Office 365 to the EncryptTitan Gateway you configured and           then email the designated email address. You should see Success on both results.  Click on Next.

    15. Click on the Create connector button.



Add an EncryptTitan Token Header



1. Under Mail Flow select Rules.


 


2.  Select the plus symbol, and then “modify messages” from the drop-down.
3. Name your rule and choose [Apply to all messages] for the “*Apply this rule if” drop-down.



4. Then, choose “Set the message header to this value” for the “*Do the following…” drop-down.

 

5. Click on the Enter text... link and type X-ETVALTOK as the value, then click on the OK button.

6. Then, click on the remaining Enter text… link and type in the header token provided in your welcome message.

O365 Outbound Orig 17

7. You can uncheck the box to “Audit this rule with severity level”; verify that the Enforce radio button is selected. Then, click on the save button.




Add EncryptTitan Keyword Trigger


1. Under Mail Flow select Rules.


O365 Outbound Orig 12


2.  Select the plus symbol, and then “Create a new rule” from the drop-down.

3.  Name your rule and click on More Options at the bottom to add additional options.

4. Select The subject or body includes then select subject includes any of these words


 


5. Enter the keywords that you selected and click Ok.  Note: that keywords are case-insensitive. The following is an example:


 

6.  Add a 2nd rule and select The recipient then Is external/internal.


7.  Select the recipient location as Outside the organization.


8. Under Do the Following select Redirect the message to then the following connector.  



9. Select the connector name you configured initially.



10. You can uncheck the box to “Audit this rule with severity level”; verify that the Enforce radio button is selected. Then, click on the save button.

O365 Outbound Orig 17






Add the Outlook Plugin Header Policy 
(This is optional if you do not intend to use the Outlook Plugin)



1. Under Mail Flow select Rules.

O365 Outbound Orig 12

 

2.  Select the plus symbol, and then “Create a new rule” from the drop-down.




3. Name your rule and click on More Options at the bottom to add additional options.

4. Select A message header then select includes any of these words



5. Click Enter text Header and enter x-encryptmethod

6.  Click Enter words and enter secureportal and verifyopportunistic

7.  After you click OK the following should be displayed.



 


8.  Add a 2nd rule and select The recipient then Is external/internal.


9.  Select the recipient location as Outside the organization.


10. Under Do the Following select Redirect the message to then the following connector.  



11. Select the connector name you configured initially.

 

12. You can uncheck the box to “Audit this rule with severity level”; verify that the Enforce radio button is selected. Then, click on the save button.


O365 Outbound Orig 17





You have now completed the configuration of the EncryptTitan service on the Office 365 platform. Changes normally take affect in 5 – to 10 minutes. E-mail will continue to use your previous settings until the changes take effect.