Our agency currently uses MS Exchange Server 2007 on-site and we recently migrated over to Office 365 Pro Plus. Our current encryption is TLS for internal e-mails, and for external, we use Sophos with 'encrypt' in '[]" . With the intent to migrate our exchange server to be at version 2013 on-site, we were hoping to have the following: 

internal and external email containing Protected Health Information (PHI) be encrypted to a FIPS 140-2 standard, minimum 128 bit, possibly 256 bit. Also, other counties and government agencies have solutions that will automatically encrypt emails with any string of over 5 digits, formatted like an SSN (xxx-xx-xxxx), or with trigger words ePHI, PHI, Secure, or confidential.

Is this possible with 2013 or are we in the realm of exploring 3rd party solutions to obtain this level of security/encryption ?

• Edited by domerdel 16 hours 8 minutes ago specify we are on-site with server

Hi domerdel,

Thank you for your question.

To help protect sensitive information, organizations create messaging policies that provide guidelines about how to handle this information. In Microsoft Exchange Server 2013, we could use transport protection rules to implement these messaging policies by inspecting message content, encrypting sensitive email content, and using rights management to control access to the content.

We could refer to the following link:

https://technet.microsoft.com/en-us/library/dd298166(v=exchg.150).aspx

If there are any questions regarding this issue, please be free to let me know. 

Best Regard,