Back in February 2014, Microsoft has implemented a new security feature on Exchange Online called Message Encryption (see http://blogs.office.com/2013/11/21/introducing-office-365-message-encryption-send-encrypted-emails-to-anyone/).

But this feature required to use a Microsoft account to decrypt the message. With the service upgrade; this now possible to bypass this requirement and use a One Time Password (OTP) to decrypt the received message.

For the purpose of this post, I send an email which has been encrypted by the Message Encryption to a Gmail address.

Here is how the encrypted message now looks like when viewed by the recipient

image 

So you have to open the HTML attachment (message.html) and you will see at the bottom a link to request on One Time Password to open the message

image 

You may get a warning pop-up to notify you that you are going to be redirected

Then you are redirected to an Office 365 page which is waiting for the One Time Password which has been sent to the recipient address

image 

Here is the message received with the One Time Password, valid for 15 min

image 

After filling the OTP form with the One Time Password generated, the recipient is able to read the message. please note the banner and the footer which remind that the message has been encrypted

imageimage