Office 365 Message encryption

If you weren’t aware, Office 365 supports sending encrypted messages to anyone. Basically, they get an email telling them to login to a web portal to view the message. Here’s how to make all that work.

You’ll firstly need to enable Rights Management for your tenant. To do that login to the Office 365 portal as an administrator.


On the left hand side select Service Settings.


This will expand a menu as shown above. From this menu select Rights Management.


On the right now select the Manage hyperlink.


Select the Activate button to enable Right Management.


Confirm that you wish to enable by selecting the Activate button.


After a few moments the screen should update.


You are now going to need to run some PowerShell commands. if you haven’t done this check out this previous blog post to get your environment setup:

Configuring PowerShell Access in Office 365

Once you have connected using PowerShell you’ll need to run the following commands depending on your location:

USA: Set-IRMConfiguration -RMSOnlineKeySharingLocation

Set-IRMConfiguration -RMSOnlineKeySharingLocation

Asia-Pacific: Set-IRMConfiguration -RMSOnlineKeySharingLocation


In my case I used the Asia Pacific URL as shown above.


You then need to run the command:

Import-RMSTrustedPublishingDomain -RMSOnline -name “RMS Online”

which produces the above result.


Then this command:

Set-IRMConfiguration -InternalLicensingEnabled $True


Finally run the command:

Test-IRMConfiguration -RMSOnline

and ensure the result come back OVERALL RESULT: PASS


With that done you can now return to the Office 365 management portal as an administrator to set up a message encryption transport rule.


In the top right of the Office 365 portal select Admin and then Exchange from the menu that appears.


From the menu on the left select mail flow.


Select the Plus icon on the right and the option Create a new rule from the menu that appears.

Now there are lots of different options when creating an Office 365 Transport Rule but I am not going to cover these. This post is aimed at showing you the basics of enabling Exchange Online Message Encryption. If you want more information about Office 365 Transport Rules in general see:


In this case I am going to set a rule to encrypt messages sent to one person in the organisation (Anne Wallace).

To see the encryption options ensure you select the More options hyperlink at the bottom of this window as shown above.


For the Do the following condition select Modify the message security and then Apply Office 365 Message Encryption as shown above.


Once saved the new rule should appear in the list as shown above.

Now if Anne Wallace is sent an email by another Office 365 she will see:


Indicating that this is an encrypted message.

To view the message Anne must save the attached HTML file to her local machine and open it.


When she so and opens it she will see the above message.

If she then selects the Sign in and view encrypted message hyperlink she will be see the encrypted message.


Exchange Online Encrypted messages work with people inside and outside Office 365. If you want more information check out the following:

Once you have done the initial Rights Management setup you then have a lot of flexibility using Exchange Online Transport Rules to determine how messages are handled. You could set up a rule that if the word ENCRYPT is in the message subject it will always be encrypted.

Very flexible and most importantly, very secure.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s