Office 365 - How to configure Message Encryption
Let us see how to enable the Message encryption on Office 365, you just need to subscribe for Microsoft Azure Rights Management.
1. Enable IRM Licensing:
North America: Set-IRMConfiguration -RMSOnlineKeySharingLocation
https://sp-rms.na.aadrm.com/TenantManagement/ServicePartner.svc
European Union: Set-IRMConfiguration -RMSOnlineKeySharingLocation
https://sp-rms.eu.aadrm.com/TenantManagement/ServicePartner.svc
The Asia-Pacific Area: Set-IRMConfiguration -RMSOnlineKeySharingLocation
https://sp-rms.ap.aadrm.com/TenantManagement/ServicePartner.svc
Let us see how to enable the Message encryption on Office 365, you just need to subscribe for Microsoft Azure Rights Management.
1. Enable IRM Licensing:
- Go to Office365 Admin portal and Service setting to enable Right Management service. Once you activated the right management the RMS should be activated for you.
- Now you need to connect to your office 365 using Azure Power shell, you can follow below article on how to connect to Office 365 portal using Azure power Shell.
http://prakash-nimmala.blogspot.in/2014/09/how-to-connect-to-office-365-using.html
- When connected to Office 365 tenant, we need to set the RMS Online Key sharing location. Based on where your tenant is located run the appropriate command.
North America: Set-IRMConfiguration -RMSOnlineKeySharingLocation
https://sp-rms.na.aadrm.com/TenantManagement/ServicePartner.svc
European Union: Set-IRMConfiguration -RMSOnlineKeySharingLocation
https://sp-rms.eu.aadrm.com/TenantManagement/ServicePartner.svc
The Asia-Pacific Area: Set-IRMConfiguration -RMSOnlineKeySharingLocation
https://sp-rms.ap.aadrm.com/TenantManagement/ServicePartner.svc
- Next step is to import the Trusted publishing domain , for that enter the below command:
import-RMSTrustedPublishingDomain -RMSOnline -name “RMS Online” - You are almost completed, now just activate the internal IRM Licensing by running below command.
Set-IRMConfiguration -InternalLicensingEnabled $True - Test the IRM configuration and see if it is working.
Test-IRMConfiguration -RMSOnline
You Overall test result should say that it is Pass.
You are now 1 step away for configuring a rule for message encryption
2. Create a Transport Rule for Message Encryption
Here i am going to explain you how to create a rule to encrypt the message if sent to outside the organization and subject line on the email contains Encrypted Message Key word.
- Login to Office 365 Admin portal and go to Exchange Admin control panel.
- Go to Mail flow and create a new rule.
- Type a name to the rule you are creating and click more options.
- Now apply a condition for that drop down the "*Apply this rule of " now select The Subject and Body contains , then select The subject includes any of these words.
- Now enter a key word Encrypted Message and hit + symbol and click ok.
- Add new condition and select the recipient is located and is external\internal and then Outside the organisation.
- Now come to the *Do the following select Modify the Message security and Apply Office365 message encryption
- Click save.
Testing :
Open a new email and put the key word "Encrypted Message" which have defined in the rule previously
Type what ever you want in the body and enter an external recipient and hit send. they should receive you message in an encrypted way.
Message Encryption On Office365