23 Jun’17

Dynamics 365, EnterpriseEmail Encryption in Office 365


O365 Message Encryption is a service based on Microsoft Azure Rights Management (Azure RMS). Once an RMS is setup, Email messages can be encrypted under certain rules set and provide the recipients with 2 options to read the encrypted email –

  1. By an OPT
  2. By signing into organization account.


  1. Activate Azure RMS in Office 365.
  2. Setup Azure Rights Management for Exchange Online
  3. Setup transport rule to enforce message encryption in Exchange Online.

Activate Azure Rights Management in Office 365:

Following are the steps to enable Email Encryption. I’m going to enable encryption on one of my trial environments-

  1. Log in to Office 365 Admin Center as a Global Administrator
  2. Navigate to Settings section and then select Services and add-ins
  3. Then, look for Microsoft Azure Information Protection
  4. Open the same by clicking on the highlighted link as shown below
  5. On the rights management page, you’ll see the rights management is not activated and you’ll get an option to activate the same.
  6. Once you activate the same, it will be activated and you’ll see a page like this
    Here, Rights Management has been activated!

Setup Azure Rights Management for Office 365 Email Encryption:

Following steps are carried to setup Azure RMS for Email Message Encryption.

  1. Enter the following steps to authenticate and connect to the session.
    As shown above, enter the commandsSet-ExecutionPolicy RemoteSignedEnter Y/y when asked about changing the Execution Policy.Then, enter $cred = Get-CredentialThen, enter the admin credentials to your O365.
    2. You’ll be authenticated, then enter the following commands$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $cred -Authentication Basic -AllowRedirection

    3. Then, Import-PSSession $Session as shown below

    4. Next step is to verify that IRM is not configured yet.

    5. Now, configure with key-sharing location. For my North America environment, I’ll use the following –Set-IRMConfiguration -RMSOnlineKeySharingLocation https://sp-rms.na.aadrm.com/TenantManagement/ServicePartner.svc

    Here’s the list of key sharing locations depending where your tenant resides

    Location RMS key sharing location
    North America https://sp-rms.na.aadrm.com/TenantManagement/ServicePartner.svc
    European Union https://sp-rms.eu.aadrm.com/TenantManagement/ServicePartner.svc
    Asia https://sp-rms.ap.aadrm.com/TenantManagement/ServicePartner.svc
    South America https://sp-rms.sa.aadrm.com/TenantManagement/ServicePartner.svc
    Office 365 for Government https://sp-rms.govus.aadrm.com/TenantManagement/ServicePartner.svc1

    6.  Import TPD i.e. Trusted Publishing Domain from RMS Online

    Import-RMSTrustedPublishingDomain -RMSOnline -name “RMS Online”

    7. Now, test the successful setup of IRM in Exchange Online
    Test-IRMConfiguration -sender crmadmin@cft77.onmicrosoft.com (Enter your Admin username)

    8. Enable InternalLicensing and test again
    Set-IRMConfiguration -InternalLicensingEnabled: $true

    And you’ll get the passed result.

    9. Few more steps – Disable IRM templates in OWA and Outlook

    Set-IRMConfiguration -ClientAccessServerEnabled $false

    and Enable IRM for O365 Message Encryption

    Set-IRMConfiguration -InternalLicensingEnabled $true

    10. Now, check the IRM Configuration

    IRM is now setup!

Configure Rules in Exchange Admin Center:

Now, we will setup a very simple rule which where the Exchange will send out an encrypted email

  1. Navigate to Exchange Admin Center in O365

  2. Under Mail Flow section, create the below rule
  3. And set the conditions as – If the sender is CRM Admin, encrypt the email. And then save.
  4. And try sending a sample email –
  5. The email will be received like this
    Download the HTML file and open the same.
  6. The HTML file will have the following options –
  7. Let’s say, I select OPT, I’ll get another email as this
  8. And I enter that OTP, I can then see the message
    And you have the encrypted message feature as shown above! Hope this was helpful!


Written by

Priyesh Wagh

Sr. Software Developer

Leave a Reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload the CAPTCHA.

Want to streamline your business processes?

  • This field is for validation purposes and should be left unchanged.

Recent Articles

  • Reading more then 10K records in D3FOE OData API

    11 July’ 2018

    Introduction: We all know Dynamics 365 Finance and Operations has limitation of 10K records to be fetched at a time usi...

    Read more
  • Paging in D365 Customer Engagement v9.0

    10 July’ 2018

    Introduction: The Xrm.retrieveMultipleRecords method is used to retrieve a collection of records in Dynamics 365 Custom...

    Read more
  • Set up Dynamics 365 connection in Microsoft Social Engagement

    10 July’ 2018

    Introduction: This blog explains how to Set up Dynamics 365 connection in Microsoft Social Engagement. Steps to be follo...

    Read more
  • Voice of the Customer failed to install

    10 July’ 2018

    Introduction: Many people face issues in installing Voice of Customer solution on v9 environment and trying repeatedly ...

    Read more
  • Scribe Insight AX as a Web Service Find Block issue

    10 July’ 2018

    Introduction: If we need to look up for any value from AX then we do it by using a Find Block in Scribe Insight Eg: Basi...

    Read more