- Encrypt email in Outlook with Microsoft 365 - Tue, Dec 6 2022
- Restricting registration to Azure AD MFA from trusted locations with Conditional Access policy - Thu, Nov 24 2022
- Azure AD MFA with number matching and temporary access passes - Tue, Nov 22 2022
Initially, I thought not, as I remembered they were using Microsoft 365 Business Premium. I replied that the option should be available in Outlook if they start a new mail and look under Options.
Encrypt email in Outlook missing
They said they could not see the option and wanted additional help. After logging into their PC, sure enough, the option wasn't there. Shown below is what it would look like if the email encryption feature were available.
When Outlook isn't working, I tend to advise people to test the same functionality in Outlook on the web. It is no longer lagging behind its desktop cousin, and I actually use it myself instead.
I loaded up Outlook on the web, but again, the option was missing. Again, below, we show how it looks if everything is correctly configured.
The only option available was to use S/MIME which requires setting up manual PKI, and I know from having used the encrypt email feature in the past, it should "just be there."
Nothing wrong with using S/MIME, if that is your thing, but the intention here was to use the built-in email encryption functionality instead.
So, after going back to their original query and down a rabbit hole of conflicting documentation, for example, here, here, and some others, I managed to confirm that, yes, the Microsoft 365 Business Premium license does include the email encryption feature, but, likely as not, I needed to enable the feature in their tenant.
I found this article, which explains the procedure, but I found it omits another key setting.
Unfortunately, after following the commands, I was still unable to run the Test-IRMConfiguration command successfully. You may see nothing returned from the command, or you may see a failure.
Enable encrypt email in Microsoft 365
Connect to both services using an administrator account. Then, run the following commands:
Connect-ExchangeOnline Connect-AIPService Enable-AIPService $RMSConfig = Get-AipServiceConfiguration $LicenseUri = $RMSConfig.LicensingIntranetDistributionPointUrl Set-IRMConfiguration -LicensingLocation $LicenseUri Set-IRMConfiguration -InternalLicensingEnabled $true Set-IRMConfiguration -AzureRMSLicensingEnabled $true
Notice that Enable-AIPService is not included in the Microsoft documentation. I found that while I could run the Test-IRMConfiguration and Set-IRMConfiguration cmdlets without error, they had no effect until after I ran Enable-AIPService, which, when you think about it, is probably the first thing you want to check.
Once you have run those commands, you will find that the Test-IRMConfiguration command succeeds.
Subscribe to 4sysops newsletter!
I hope this saves you some head-scratching when your users complain that the encrypt email feature in Outlook is missing.