Office 365 / Exchange Online – One Time Password is now available for encrypted message

Back in February 2014, Microsoft has implemented a new security feature on Exchange Online called Message Encryption (see

But this feature required to use a Microsoft account to decrypt the message. With the service upgrade; this now possible to bypass this requirement and use a One Time Password (OTP) to decrypt the received message.

For the purpose of this post, I send an email which has been encrypted by the Message Encryption to a Gmail address.

Here is how the encrypted message now looks like when viewed by the recipient


So you have to open the HTML attachment (message.html) and you will see at the bottom a link to request on One Time Password to open the message


You may get a warning pop-up to notify you that you are going to be redirected

Then you are redirected to an Office 365 page which is waiting for the One Time Password which has been sent to the recipient address


Here is the message received with the One Time Password, valid for 15 min


After filling the OTP form with the One Time Password generated, the recipient is able to read the message. please note the banner and the footer which remind that the message has been encrypted


Leave a Comment

Your email address will not be published. Required fields are marked *

The reCAPTCHA verification period has expired. Please reload the page.