Office 365 Message Encryption

Message Encryption

To set up message Encryption:


  • At least one subscription (preferably Admin) with Azure Rights Management Active
  • Only then will you be able to access “Rights Management”
  • Navigate to the O365 Admin Center > Service Settings > Rights Management > Manage > Make sure that its “Activated


  • Run Windows Azure Active Directory Module for Windows PowerShell as Admin
  • Run the initializing commands to connect to Exchange Online (enter the Global Admin Credentials)
  • $LiveCred = Get-Credential
  • $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri -Credential $LiveCred -Authentication Basic –AllowRedirection
  • Net start winrm
  • set-executionpolicy unrestricted –force
  • Import-PSSession $Session
  • Run the following Commands to set up Azure Rights Management for Office 365 Message Encryption
  • The URL that is highlighted will change based on your geographic location (Reference:
  • Set-IRMConfiguration -RMSOnlineKeySharingLocation “”
  • Import-RMSTrustedPublishingDomain -RMSOnline -name “RMS Online”
  • Test-IRMConfiguration -RMSOnline
  • Set-IRMConfiguration -InternalLicensingEnabled $true

UI (Office 365):

  • Now let’s create a Transport rule to encrypt emails
  • Navigate to the Exchange Admin Center: O365 Admin Center > Exchange (bottom left)
  • Select “Mail Flow” > “Rules”
  • Create a new transport rule
  • Name the rule (Don’t select anything as yet)
  • Click on more options… (towards the bottom)
  • Apply the rule if the recipient is select internal/external from the dropdown select outside the organization
  • Add condition (only if you want to add additional conditions) for example: from the dropdown select message subject includes sensitive information and from the list selected the SSN
  • Under do the following: from the drop down select modify the message security then select apply Office 365 Message encryption and save the rule

  • I left everything else to default > Save

What is the end user experience!

  • When the end user gets the email this is what will display

  • Double click on the message.html to open the file

  • If you click on “Sign in” you would need to sign in with your account to authenticate
  • If you click on one-time passcode this is what you get

  • So then I sign into my outlook account and enter the passcode > Continue

  • Lo and behold here is my email.

Reference article:

Reference article for Encryption in Office 365:

Reference article for Set up Microsoft Azure Rights Management for Office 365 Message Encryption: