The new Microsoft Office Message Encryption for Office 365 and Exchange Online is a fantastic upgrade that allows external recipients to open encrypted messages using either their Microsoft, Yahoo or Google accounts. You can still use a one time code as well which is very convenient.
However, those of you who have enabled (via PowerShell) the new Office Message Encryption may have encountered an issue where recipients are getting a ‘You don’t have rights to view this message’ error. This is simply because the old Transport Rule you were using still uses the old message encryption method and now needs to use the Rights Management Service.
To fix this simple do the following:
To update an existing mail flow rule to use the new OME capabilities by using the Exchange Admin Center.
- In a web browser, using a work or school account that has been granted global administrator permissions, sign in to Office 365.
- Choose the Admin tile.
- In the Office 365 admin center, choose Admin centers > Exchange.
- In the EAC, go to mail flow > rules.
- In the list of mail flow rules, select the rule you want to modify to use the new OME capabilities and then choose (Edit).
- To enable encryption using the new OME capabilities, from Do the following, choose Modify the message security and then choose Apply rights protection. Select an RMS template (YOU MUST CHOOSE DO NOT FORWARD) from the list, choose Save and then choose OK.
The list of templates includes all default templates and options as well as any custom templates you’ve created for use by Office 365. If the list is empty, ensure that you have set up Office 365 Message Encryption with the new capabilities as described in Set up new Office 365 Message Encryption capabilities built on top of Azure Information Protection. For information about the default templates, see Configuring and managing templates for Azure Information Protection. For information about the Do Not Forward option, see Do Not Forward option for emails.
You can choose add action if you want to specify another action.
- From the Do the following list, remove any actions that are assigned to Modify the message security > Apply Office 365 Message Encryption.
- Choose Save.
It is CRITICAL that you select the DO NOT FORWARD template and not any of the other templates as they are designed for internal use only.
More information can be found at the links below:
- Set up new Office 365 Message Encryption capabilities built on top of Azure Information Protection
- Define mail flow rules to encrypt email messages in Office 365
Please comment below if you are using the new OME in your environment.