thThe process to setup and enable Office 365 Message Encryption is really easy. There are three main steps that need to be followed
- Activate Azure Rights Management
- Setup Azure Rights Management for Exchange Online
- Setup transport rules to enforce message encryption in Exchange Online
The following Microsoft TechNet article details the process, I have a step-by-step below.
Office 365 Message Encryption Mail Flow
Activate Azure Rights Management for Office 365 Message Encryption
Login to Microsoft Online Portal with a Global Admin Account
Open the App Launcher (waffle)
Select SERVICE SETTINGS from the left pane
Click Rights Management
From within RIGHTS MANAGEMENT click Manage
You’ll be redirected to the management page
Click Activate again on the popup asking if you are sure you want to activate Rights Management
Set up Azure Rights Management for Office 365 Message Encryption
Connect to Exchange Online with PowerShell
Open PowerShell as Administrator
Enter the following commands to connect and import the session
- Import-PSSession $Session
Verify your IRM isn’t configured already
Configure RMS with the online key-sharing location for Exchange Online with PowerShell (locations below). For my example I am using North America, but the table below shows all the locations
RMS key sharing location
|Office 365 for Government
Import the Trusted Publishing Domain (TPD) from RMS Online
- Import-RMSTrustedPublishingDomain -RMSOnline -name “RMS Online”
Verify successful setup of IRM in Exchange Online
- Test-IRMConfiguration –sender email@example.com
Disable IRM templates in OWA and Outlook
- Set-IRMConfiguration -ClientAccessServerEnabled $false
Enable IRM for Office 365 Message Encryption
- Set-IRMConfiguration -InternalLicensingEnabled $true
*Note – You shouldn’t see that warning, but if you do it’s safe to ignore. I got it because I ran the command and forgot to grab the screen shot before clearing the screen, thus I had to run the command again.
View the IRM Configuration
Create Transport Rules to Encrypt Messages
Open the Office 365 Admin Portal (https://portal.microsoftonline.com)
Open Exchange Admin Center
Click Mail Flow
Click the + and create your transport rule. I have created two simple rules.
This rule will encrypt anything that is sent external with an attachment larger than 1MB
This rule will encrypt the email if the word ‘Encrypt’ is in the subject line of the email. This will give the users (once trained) the flexibility to encrypt emails they deem sensitive.
Make sure the rules are active and test
Testing that the transport rule apply Office 365 Message Encryption
Testing Transport Rule 1
Testing Transport Rule 2
When the user gets the email, this is how its presented to them
One thing to note is that after you go through the setup process, it may take some time to replicate across the Microsoft back end servers. So if you test and it doesn’t work, give it some more time. I have see this process take up to 2 hours to replicate.
Thanks for visiting and reading my posts. I am always looking for more ideas. Please comment or email me with what you would like to see.
Kelsey Epps Office365 MVP