Emails encryption in Office 365 - CloudFronts

Emails encryption in Office 365


Encryption is the process by which information is encoded so that only an authorized recipient can decode and consume the information.


The process to setup and enable Office 365 Message Encryption is easy. There are three main steps that need to be followed:

  1. Activate Azure Rights Management.
  2. Setup Azure Rights Management for Exchange Online.
  3. Setup transport rules to enforce message encryption in Exchange Online.

Step 1: Activate Azure Rights Management for O365 Message Encryption.

  1. Sign in to Office 365.
  2. In O365 Admin Center, go to Settings > Services & Add-ins and select Microsoft Azure Information Protection.
  3. Click on Manage Microsoft Azure Information Protection settings and you will be redirected rights management Activate the Rights Management.

Step 2: Set up Azure Rights Management for O365 Message Encryption.

  1. In this step we will use PowerShell to connect to Exchange Online, Open PowerShell as Administrator and enter the following commands to connect and import the session
    Set-ExecutionPolicy RemoteSigned
    $cred = Get-Credential
    $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri -Credential $cred -Authentication Basic –AllowRedirection
    Import-PSSession $Session
  2. Verify your IRM is not already configured
  3. Configure RMS with the online key-sharing locationfor Exchange Online with PowerShell (locations below).

    Set-IRMConfiguration -RMSOnlineKeySharingLocation 

    Location RMS key sharing location
    North America
    European Union
    South America
    Office 365 for Government

  4. Import the Trusted Publishing Domain(TPD) from RMS Online

    Import-RMSTrustedPublishingDomain -RMSOnline -name “RMS Online”

  5. Verify successful setup of IRM in Exchange Online.

    Test-IRMConfiguration –sender [email protected]

  6. Disable IRM templates in OWA and Outlook.

     Set-IRMConfiguration -ClientAccessServerEnabled $false

  7. Enable IRM for Office 365 Message Encryption.

    Set-IRMConfiguration -InternalLicensingEnabled $true

  8. Viewthe IRM Configuration.


Step 3: Create transport rule to encrypt message.

  1. In Office 365 Admin Center, go to Exchange Online Admin Center.
  2. Go to Mail Flow > Rules.
  3. Click the + and create your transport rule.
  4. This rule will encrypt anything that is sent external.
  5. Make sure the rules are active.
  6. Testing that the transport rule applies Office 365 Message Encryption.


Its easy to encrypt your mail and secure it in Office 365.

Share Story :