Today we will learn how to setup message encryption in office 365, this comes with office 365 E3 + plans.
Many organizations use Ironport , proofpoint or thirdparty tools for achieving this function, if they have o365 E3 plan & still using thirdparty tools for this, than they can switch to office 365 message encryption and reduce their cost as they have already paid for o365 licenses.
First we need to activate the Rights management features.
Go to Admin Portal –> Settings –> Services & add-ins
Click on Microsoft Azure information Protection:
Click on Activate to activate Rights management
Now you need to configure IRM on exchange online so launch Exchange online shell.
SET RMS with key sharing location as per your Tenant Location
Set-IRMConfiguration -RMSOnlineKeySharingLocation https://sp-rms.na.aadrm.com/TenantManagement/ServicePartner.svc
Check by running Get-IRMConfiguration to verify the config:
Import the trusted Publishing domain
Import-RMSTrustedPublishingDomain -RMSOnline -name “RMS Online”
Disable the IRM templates in outlook & OWA as we just want to configure message encryption.
Set-IRMConfiguration -ClientAccessServerEnabled $false
Last step is to enable the message encryption.
Set-IRMConfiguration -InternalLicensingEnabled $true
Now you need to create a transport rule for encrypting the message that are sent outside your organization.
Lets test the configuration now as a end user.
Now when the recipient receives the message it will be like below:
I will definitely get our organization third-party encryption feature removed and configure this, there are some features like message revoke, message read are not available but still it is a good replacement.
refer message encryption faq to know more:
Thanks for reading