Managing encryption rules for SharePoint Online

Managing encryption rules for SharePoint Online

SmartEncrypt's SharePoint Online "virtual client" enables you to create encryption rules for files stored in SharePoint from directly within the SharePoint Online interface.  This means that there is no need to sync files to set encryption rules and force encryption on existing files located in SharePoint (or MS Teams), it can be actioned in the cloud.  Files can then be added via the SharePoint online interface, or to equivalent synced locations in OneDrive and they will be automatically encrypted in accordance with the encryption rule.

Before you begin, ensure you have installed the SmartEncrypt for SharePoint Online app into your SharePoint tenant.

Creating an encryption rule in SharePoint

  1. In SharePoint Online, navigate to the location where you wish to create the encryption rule
  2. Select the folder on which you wish to apply the rule and click the Encrypt button on the SharePoint command bar (the button may appear in a slightly different location to that shown, depending on your view)

  3. In the Add a new rule screen:
    1. Select the encryption key you wish to use (you can only choose from keys that have been assigned to you)
    2. Make any changes to groups to whom the rule should be applied if not the default (optional)
    3. Click SAVE

  4. Click OK at the prompt if you wish to create the rule, or Cancel to go back to the Add a new rule page and make any adjustments
  5. Once you ckick OK, you will be returned to SharePoint and the files will begin encrypting, starting with the parent folder
  6. The rule you created will also appear in the Management Console

Deleting SharePoint encryption rules

Deleting a rule via the SharePoint Online interface

Deleting an encryption rule via the SharePoint interface will also decrypt any encrypted files on the fly.  If you wish to remove the encryption rule but leave encrypted files as they are, delete the rule via the Management Console instead.

To delete an encryption rule via the SharePoint interface:
  1. Navigate to the location from where you wish to delete the encryption rule
  2. Select the folder which has the rule applied and click the Decrypt button on the SharePoint command bar (the button may appear in a slightly different location to that shown, depending on your view)
  3. Click the DECRYPT button 
  4.  Type DELETE into the field at the prompt to begin decrypting the files and remove the rule from the Management Console


Deleting a rule via the Management Console

Removing a SharePoint encryption rule from the Mangement Console will remove the rule from the folder in SharePoint, but files will not decrypt any files. Files remain encrypted until they are decrypted manually.

To remove a SharePoint rule via the Management Console:
  1. Navigate to the Manage Rules page in the Management Console
  2. Locate the rule you wish to delete and click the delete button next to the rule

  3. At the prompt, type the word DELETE and click OK

  4. The rule will be removed from the console and from the folder in SharePoint but any encrypted files will remain so. Files can be added to the location without being automatically encrypted. 

Good to know...
  1. Only SmartEncrypt Administrators may create or delete SharePoint encryption rules. Other user types do not have permission to encrypt or decrypt files in SharePoint locations due to them being a shared location.
  2. The user creating or deleting rules in SharePoint must also have an active SmartEncrypt user account with matching email address
  3. SharePoint encryption rules can only be created from the SharePoint interface, they cannot be created from within the Management Console

Creating an encryption rule in MS Teams

While it is not possible to create encryption rules from directly within the Microsoft Teams interface, they can be created by navigating to the associated Teams site location within SharePoint Online and creating a rule following the steps as per creating rules for SharePoint locations.

Once created, users will see an additional column in the Files tab of the relevant Teams. indicating whether or not a file is encrypted and with which key (It is recommended that users re-launch teams to see these updates.)

    • Related Articles

    • Installing and configuring SmartEncrypt for SharePoint Online

      SmartEncrypt for SharePoint Online is a SharePoint app that acts as a "virtul client", enabling administrators to navigate to a SharePoint Online document document library and encrypt the contents, which in turn creates and uploads a corresponding ...
    • Why are there different keys for the same location in SharePoint Online?

      In SharePoint Online, encrypted files are depicted by the key name in additional column.  In some cases, you may notice that the same location has files encrypted with different keys.  There are reason why this may occur. 1. The encryption key was ...
    • Encryption Rules

      Encryption Rules Overview The Encryption Rule Overview provides a summary of all the active Encryption Rules in use by your organisation, grouped by Encryption Key. Features Encryption Location Path - path to which the Encryption Rule applies.  This ...
    • Encryption Keys

      Encryption Keys Overview The Encryption Keys Overview provides a summary of your organisation's Encryption Keys and Encryption Rules with which they are associated. Features Add a new key button  - create new Encryption Keys up to the allowed limit ...
    • Known Issues & Limitations

      Known Issues Windows Desktop Client General Zip files cause "double encryption"  When extracting a zip archive containing encrypted files to a location governed by an encryption rule, the extracted files will be encrypted a second time in accordance ...