Sunday, October 1, 2017

Setup Message Encryption Office 365

Today we will learn how to setup message encryption in office 365, this comes with office 365 E3 + plans.

Many organizations use Ironport , proofpoint or thirdparty tools for achieving this function, if they have o365 E3 plan & still using thirdparty tools for this, than they can switch to office 365 message encryption and reduce their cost as they have already paid for o365 licenses.

First we need to activate the Rights management features.

Go to Admin Portal --> Settings --> Services & add-ins

Click on Microsoft Azure information Protection:

Click on Activate to activate Rights management

Now you need to configure IRM on exchange online so launch Exchange online shell.

SET RMS with key sharing location as per your Tenant Location

Set-IRMConfiguration -RMSOnlineKeySharingLocation

Check by running Get-IRMConfiguration to verify the config:

Import the trusted Publishing domain

Import-RMSTrustedPublishingDomain -RMSOnline -name "RMS Online"

Disable the IRM templates in outlook & OWA as we just want to configure message encryption.

Set-IRMConfiguration -ClientAccessServerEnabled $false

Last step is to enable the message encryption.

Set-IRMConfiguration -InternalLicensingEnabled $true

Now you need to create a transport rule for  encrypting the message that are sent outside your organization.

Lets test the configuration now as a end user.

Now when the recipient receives the message it will be like below:

I will definitely get our organization third-party encryption feature removed and configure this, there are some features like message revoke, message read are not available but still it is a good replacement.

refer message encryption faq to know more:


Thanks for reading

Sukhija Vikas






  1. The feature has new capabilities available. See
    • Blog announcement -
    • Ignite 2017 session -
    • Ignite 2017 session deck -
    • Configure OME -
    • Configure BYOK –
    • End to end workflow -

  2. Have you considered the updated OME using Azure Rights Management?

  3. Yes, it still has some things to be worked upon.
    For example: send email to some or other o365 user , it is expecting you to have outlook for opening the message(see below message), I am testing other things as well & working with MS to get all our requirements fulfilled.

    The message you tried to open is protected with Information Rights Management and can only be opened using Outlook. Download a free trial of Microsoft Outlook.