Enabling Email Encryption

Ensure Azure Rights Management is activated

If this is a new tenant, ARM is enabled by default. We can verify that it is enabled via the following link https://account.activedirectory.windowsazure.com/RmsOnline/Manage.aspx . Ensure hat you login to the aforementioned link with a Global Administrator account.

Per Microsoft:

  • If your subscription that includes Azure Rights Management or Azure Information Protection was obtained towards the end of February 2018 or later: The service is automatically activated for you. You do not have to activate the service unless you or another global administrator for your organization deactivated Azure Rights Management.

  • If your subscription that includes Azure Rights Management or Azure Information Protection was obtained before or during February 2018: Microsoft activates the Azure Rights Management service for these subscriptions if your tenant is using Exchange Online. For these subscriptions, the service will be activated for you unless you see that AutomaticServiceUpdateEnabled is set to false when you run Get-IRMConfiguration.

Validate tenant is setup to leverage Message Encrpytion

  1. Run PowerShell as an administrator

  2. Run the following commands

$UserCredential = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic –AllowRedirection
Import-PSSession $Session -DisableNameChecking
  1. After connecting to Exchange Online using PowerShell, run the following to confirm the tenant is setup to use OME.

Test-IRMConfiguration -Sender user@org.onmicrosoft.com

Replace user@org.onmicrosoft.com with an email address from your tenant.

Last updated