23 Jun’17

Dynamics 365, EnterpriseEmail Encryption in Office 365


O365 Message Encryption is a service based on Microsoft Azure Rights Management (Azure RMS). Once an RMS is setup, Email messages can be encrypted under certain rules set and provide the recipients with 2 options to read the encrypted email –

  1. By an OPT
  2. By signing into organization account.


  1. Activate Azure RMS in Office 365.
  2. Setup Azure Rights Management for Exchange Online
  3. Setup transport rule to enforce message encryption in Exchange Online.

Activate Azure Rights Management in Office 365:

Following are the steps to enable Email Encryption. I’m going to enable encryption on one of my trial environments-

  1. Log in to Office 365 Admin Center as a Global Administrator
  2. Navigate to Settings section and then select Services and add-ins
  3. Then, look for Microsoft Azure Information Protection
  4. Open the same by clicking on the highlighted link as shown below
  5. On the rights management page, you’ll see the rights management is not activated and you’ll get an option to activate the same.
  6. Once you activate the same, it will be activated and you’ll see a page like this
    Here, Rights Management has been activated!

Setup Azure Rights Management for Office 365 Email Encryption:

Following steps are carried to setup Azure RMS for Email Message Encryption.

  1. Enter the following steps to authenticate and connect to the session.
    As shown above, enter the commandsSet-ExecutionPolicy RemoteSignedEnter Y/y when asked about changing the Execution Policy.Then, enter $cred = Get-CredentialThen, enter the admin credentials to your O365.
    2. You’ll be authenticated, then enter the following commands$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $cred -Authentication Basic -AllowRedirection

    3. Then, Import-PSSession $Session as shown below

    4. Next step is to verify that IRM is not configured yet.

    5. Now, configure with key-sharing location. For my North America environment, I’ll use the following –Set-IRMConfiguration -RMSOnlineKeySharingLocation https://sp-rms.na.aadrm.com/TenantManagement/ServicePartner.svc

    Here’s the list of key sharing locations depending where your tenant resides

    Location RMS key sharing location
    North America https://sp-rms.na.aadrm.com/TenantManagement/ServicePartner.svc
    European Union https://sp-rms.eu.aadrm.com/TenantManagement/ServicePartner.svc
    Asia https://sp-rms.ap.aadrm.com/TenantManagement/ServicePartner.svc
    South America https://sp-rms.sa.aadrm.com/TenantManagement/ServicePartner.svc
    Office 365 for Government https://sp-rms.govus.aadrm.com/TenantManagement/ServicePartner.svc1

    6.  Import TPD i.e. Trusted Publishing Domain from RMS Online

    Import-RMSTrustedPublishingDomain -RMSOnline -name “RMS Online”

    7. Now, test the successful setup of IRM in Exchange Online
    Test-IRMConfiguration -sender crmadmin@cft77.onmicrosoft.com (Enter your Admin username)

    8. Enable InternalLicensing and test again
    Set-IRMConfiguration -InternalLicensingEnabled: $true

    And you’ll get the passed result.

    9. Few more steps – Disable IRM templates in OWA and Outlook

    Set-IRMConfiguration -ClientAccessServerEnabled $false

    and Enable IRM for O365 Message Encryption

    Set-IRMConfiguration -InternalLicensingEnabled $true

    10. Now, check the IRM Configuration

    IRM is now setup!

Configure Rules in Exchange Admin Center:

Now, we will setup a very simple rule which where the Exchange will send out an encrypted email

  1. Navigate to Exchange Admin Center in O365

  2. Under Mail Flow section, create the below rule
  3. And set the conditions as – If the sender is CRM Admin, encrypt the email. And then save.
  4. And try sending a sample email –
  5. The email will be received like this
    Download the HTML file and open the same.
  6. The HTML file will have the following options –
  7. Let’s say, I select OPT, I’ll get another email as this
  8. And I enter that OTP, I can then see the message
    And you have the encrypted message feature as shown above! Hope this was helpful!


Written by

Priyesh Wagh

Sr. Software Developer

Leave a Reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload the CAPTCHA.

Want to streamline your business processes?

  • This field is for validation purposes and should be left unchanged.

Recent Articles

  • Dynamics 365 Client Diagnostics

    15 March’ 2018

    Main cause of Performance Issues: Bandwidth and latency are the primary characteristics which affects the performance o...

    Read more
  • Closing Blind Shift in MPOS and CPOS in Dynamics 365 for Retail

    15 March’ 2018

    Manual For closing Blind shift in POS: Blind shifts terminate the currently ongoing shift and when logged in a new shif...

    Read more
  • Persistent Filters in the Power BI Service

    13 March’ 2018

    Introduction: The feature is finally release, and it is power BI has announced general availability of persistent filt...

    Read more
  • Cause and Solution for Scribe MSMQ not receiving Message from AX

    10 March’ 2018

    Issue: Microsoft Message Queuing (MSMQ) service running on Server might be unable to receive messages. Therefore, messa...

    Read more
  • User Privileges on SharePoint – D365 Document Integration

    10 March’ 2018

    Overview: Often, we wonder what could be wrong where we see a generic error on Documents in Dynamics 365. Something lik...

    Read more