Virtru: Added Security for Your U-M GMail

U-M faculty, staff, and students can add an extra layer of security to their already secure U-M Gmail email messages by using Virtru. Virtru includes a number of security features and options to encrypt your email and help you control access to the email that you send when using the tool.

Virtru allows you to send end-to-end encrypted email. You choose whether to turn encryption on for each email that you send. With Virtru you can see whether the recipient has opened the email, prevent a forwarded email from being read, set an expiry date beyond which the email cannot be read, revoke the ability to read an email after it has been sent, and more.

Michigan Medicine Outlook/Exchange users can instead use Michigan Medicine's Outlook - Email Encryption (U-M login required) to encrypt email attachments.

How to Use Virtru

For best results, use the Chrome browser extension. Other options are also available.

U-M Documentation

When to Use Virtru

You do not need to encrypt all your email. ITS Information Assurance recommends that you encrypt emails for which you want to control access or that contain sensitive information. Here are some examples of information you might send in email with Virtru encryption:

  • Personally identifiable information (PII) such as name, birth date, and address
  • An Excel spreadsheet with names and uniqnames or UMID numbers of members of the U-M community
  • Grades and other student education records

Virtru and sensitive university data. For more about which types of sensitive data you may and may not send using Virtru-encypted email, see Sensitive Data Guide: Virtru.

Virtru is intended for emails sent to people using their individual email address. It verifies the recipient's identity using their email address before decrypting a message. It does not work with email sent to MCommunity groups because it cannot verify the recipient using the group address.

Some sensitive information should never be sent through email, even with encryption. Here are some examples of information that should never be sent in email:

  • Payment Card Industry (PCI) data (credit card numbers)
  • Certain types of regulated data

For details, see Sensitive Data Guide: Virtru at U-M.