The new Microsoft Office Message Encryption for Office 365 and Exchange Online is a fantastic upgrade that allows external recipients to open encrypted messages using either their Microsoft, Yahoo or Google accounts. You can still use a one time code as well which is very convenient.

However, those of you who have enabled (via PowerShell) the new Office Message Encryption may have encountered an issue where recipients are getting a ‘You don’t have rights to view this message’ error. This is simply because the old Transport Rule you were using still uses the old message encryption method and now needs to use the Rights Management Service.

To fix this simple do the following:

To update an existing mail flow rule to use the new OME capabilities by using the Exchange Admin Center.

  1. In a web browser, using a work or school account that has been granted global administrator permissions, sign in to Office 365.
  2. Choose the Admin tile.
  3. In the Office 365 admin center, choose Admin centers > Exchange.
  4. In the EAC, go to mail flow > rules.
  5. In the list of mail flow rules, select the rule you want to modify to use the new OME capabilities and then choose Edit icon (Edit).
  6. To enable encryption using the new OME capabilities, from Do the following, choose Modify the message security and then choose Apply rights protection. Select an RMS template (YOU MUST CHOOSE DO NOT FORWARD) from the list, choose Save and then choose OK.

    The list of templates includes all default templates and options as well as any custom templates you’ve created for use by Office 365. If the list is empty, ensure that you have set up Office 365 Message Encryption with the new capabilities as described in Set up new Office 365 Message Encryption capabilities built on top of Azure Information Protection. For information about the default templates, see Configuring and managing templates for Azure Information Protection. For information about the Do Not Forward option, see Do Not Forward option for emails.

    You can choose add action if you want to specify another action.

  7. From the Do the following list, remove any actions that are assigned to Modify the message security > Apply Office 365 Message Encryption.
  8. Choose Save.

It is CRITICAL that you select the DO NOT FORWARD template and not any of the other templates as they are designed for internal use only.

More information can be found at the links below:

Please comment below if you are using the new OME in your environment.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s