Permission Levels and Confidential Email Messages


Although you can tag an email as private to let the recipient know that they should treat the information as private, there is nothing that prevents the recipient from forwarding or printing that message. To restrict what recipients can do with a message you send, you need to use Information Rights Management. In our implementation of Outlook 365, you can do this by setting a Permission level.

Note: If you want your emails to be encrypted so only the recipient can view them, view the Office 365 Message Encryption article for instructions. 

Permission levels:

Note that these levels are NOT in order of security.

  • Unrestricted Access
  • Do Not Forward: Recipients can read this message, but they cannot forward, print or copy content. The conversation owner has full permission to their message and all replies. Note that if you set the Do Not Forward permission and a user has automatic forwarding set up for their account, the message will be forwarded but it can only be opened with the account for which it was originally sent.
  • West Virginia University – Confidential: This content is proprietary information intended for internal users only. This content can be modified but cannot be copied and printed.
  • West Virginia UniversityConfidential View Only:This content is propriety information for internal users only. This content cannot be modified.

Setting permissions on a rich client:

Setting permissions can only be done on a "rich client" (i.e., Outlook 2016). Permission has the potential to prevent someone from modifying, copying, printing or forwarding your message to another party. For this to work, you and your recipient must be set up on a compatible email system that supports Information Right Management Service. This is ideal for email communications between WVU parties (including HSC).

  1. When you are creating a new message In Outlook 2016 (Windows or Mac), go to the Options tab and select Encrypt.
    Note: If this is the first time selecting Encrypt, you will be asked to Connect to Rights Management Server and get templates (PC) or Verify Credentials (Mac) first.
  2. Select the permission level for your message.

Reading a confidential email message:

When you receive a confidential email message, you'll see a message about that message's permission level. For example, someone receiving a message with the West Virginia University - Confidential permission level would see:

West Virginia University - Confidential - This content is proprietary information intended for internal users only. This content can be modified but cannot be copied and printed.
Permission granted by:

If you click over this message, you’ll see a View Permission prompt. Clicking on it will show permissions in greater detail and the actual message will display in the body of the email.

If you are not using a supported client, however, the message arrives as an email attachment. Use the steps in the Reading message.rpmsg email attachments section to open the file. 

Reading message.rpmsg email attachments:

If you see message.rpmsg as a file attachment in an email, this file is not a protected document but a protected email message that displays as an attachment. You will need to download the Azure Information Protection app to open the attachment on an iOS or Android device. At this time, a message.rpmsg file attachment cannot be opened with the PC RMS Viewer app, so you will not be able to use Outlook Web App (OWA).

Note: The Azure Information Protection app only allows you to open these attachments within an email application for Windows that supports Rights Management protection. You can't use the Azure Information Protection Viewer for Windows to view this protected email message on your Windows PC. You will need an email application for Windows that supports Rights Management protection, such as Office Outlook.  

  1. Download the app for mobile devices from the Microsoft Azure Information Protection page on the Microsoft website. 
  2. After you have installed and configured the Azure Information Protection app for your device, select the message.rpmsg file attachment from the protected email. Your next steps will depend on your device:
    • iOS devices:
      Tap the message.rpmsg attachment until the iOS Share Sheet appears. On the Share Sheet, locate and select Copy to AIP Viewer.

    • Android devices:
      Tap the message.rpmsg email attachment. On the Attachments screen, select PREVIEW.



Article ID: 41878
Thu 11/2/17 3:16 PM
Wed 11/17/21 11:03 AM