I'm looking at implementing Office365 Message Encryption for our organization. My question is this: is it actually more secure than regular (unencrypted) email for messages sent to users outside the organization?
According to this page, external users can receive a one-time passcode in order to view encrypted messages. However, this one-time passcode is also sent via email, so assuming a MITM attack, couldn't the attacker simply intercept the one-time passcode and decrypt the message?
Let me know if I'm missing something or if this is just more marketing hype from MS...
Your concern does have some merit. However...
The one time passcode email doesn't specifically identify the message it goes with. So just having the OTP message does not tell you much. That being said if the person only has one encrypted message in their mailbox, plus the matching OTP email, an attacker can put 2 and 2 together.
Furthermore, the code is only valid for 15 minutes. So the window of vulnerability is quite limited. An attacker would have to be actively intercepting your email AND responding to it, not just passively dumping packets for analysis later.
If you are still not satisfied with the security, you can disable the one time passcode via PowerShell:
Set-OMEConfiguration -OTPEnabled $False
That will require the recipient to use a Microsft account, which is setup independently, but more complex to use.
It is certainly more secure than sending a plain text message. Once a message leaves your servers you can not be sure that the transmission is secured with TLS thru the entire journey (Unless you set up a direct trust and force TLS between two endpoints). You have to assume your message is in the clear once it leaves.
With the encryption service - Microsoft allows you to encrypt the message and send to a recipient. The recipient can read the message by accessing it thru a web portal or mobile application. They have an option to sign in with a matching Microsoft ID (it must match the recipient address) or use a one time pass code that is generated and sent to the recipient address.
Because you do not own and can not dictate the terms from which the recipient will receive and open the message you must TRUST that they are the person you are sending it to. If the recipient account is compromised than they may be able to open the message. This includes some man in the middle scenarios where the means to access the message (the portal link and encrypted message), as well as snagging the key.
You can try to layer in additional features like TLS (but you can't guarantee it) for transport. You can also be sure proper SPF, DKIM, and DMARC records configured (but these still rely on recipient honoring them) to help.
If you want end to end encryption you need to rely on S/MIME or something like PGP. But even with these tools you can never be 100% sure of who has the private key or if the recipient was compromised.
TLDR; If you can't or don't trust the person you are giving access to data, than no technical controls can give you what you are looking for. Users will forever be the biggest security hole.