I was recently trying to set up email encryption for an Office 365 Client with a new O365 tenancy. They wanted email encryption so along with buying Business Premium licenses for their Users, they also bought Azure Information Protection Plan 1 licenses.
I was expecting it to be as easy to set up email encryption for them as it was when I configured it on my own tenancy which has been operational for several years and in which the Users all have E3 licenses. All I had to do for my own tenancy was to activate Microsoft Azure Information Protection via Settings -> Service & Add-Ins, then create a mail flow rule in the Exchange Admin Centre. Email encryption then worked with having to do nothing else.
This was not the case when trying to set it up for my new Client. So, it seems to me that for new tenancies with BP and AOPplan1 licenses, more hoops have to be jumped through to get it working
Here is the process I had to go through to get email encryption working for my new Client. If you are hiiting problems, follow this process and you should be ok:
- Log into Office 365 with a Global Admin account.
- Open up O365 Admin Centre.
- Open up Settings.
- Select Services and Add-Ins.
- Scroll down to Microsoft Azure Information Protection and select it. (this will only appear as an option if the correct licenses are activated, in the case of my Client, Azure Information Protection Plan 1).
- Activate Rights Management.
- Open Windows Powershell in elevated mode (Run as administrator).
- Enter the following commands to open up a session:
- Set-ExecutionPolicy RemoteSigned
- $cred = Get-Credential (login with O365 admin account details)
- $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $cred -Authentication Basic –AllowRedirection
- Import-PSSession $Session
9. Now, to verify that the isn’t already configured, enter this command Get-IRMConfiguration
10. For email encryption to work, the settings that are returned should look like this:
If the settings returned for you look the same as in the screenshot then great! Go to item 12 to see how to set up the mail flow rule in Exchange.
13. You should now be good to go. Open up the OWA or Outlook for any of the mailboxes for O365 users that have the appropriate licensing and create an email with the word “Encrypt” specified in the Subject box. Send the email. If it sends ok without bouncing back the world is looking good. The recipient should receive the encrypted email with instructions on how to decrypt it.
Sean Warde
Pennine IT Services