Help with Encrypting Emails in Outlook

Question

Help with Encrypting Emails in Outlook

LM-5132 250

Hello,

I need some assistance with encrypting emails in Outlook, please. I've read numerous posts and articles from Microsoft Learn, but I'm still unsure about the best way to send confidential information via email.

I have a Microsoft account through my college and have downloaded the applications, so I am using the Outlook desktop version. When I compose an email and click "Options", I see a lock icon that allows me to encrypt emails, and this feature works correctly.

User's image

However, I'm facing issues with my work Outlook account. When I attempt to encrypt an email via OWA (Outlook Web App), there is no option for encryption. To address this, I downloaded the Microsoft apps from my work account onto a separate laptop from the one I use for my school account because I didn't want to have both versions (school and work) on the same laptop.

Here’s the problem: It seems that the encryption option is available on the desktop version of Outlook but not in OWA, forcing me to use the desktop Outlook. When I try to encrypt emails on my work account using the desktop version, I receive the error message: "Microsoft Outlook was not able to create a message with restricted permission."

User's image

Additionally, I asked a coworker to send an encrypted email, and she encountered two different error messages: "Connect to Right Management Servers and get templates," and "No logged-on Office users are configured for Information Rights Management (IRM)."

User's image

All our applications are Software as a Service (SaaS) and hosted in Microsoft 365. I believe all users should be able to encrypt emails or password-protect them.

I have three questions:

Why is there no option to encrypt in OWA? Is it because emails are already encrypted in transit by default via SSL/TLS? This is not End-to-end, just in transit.
Why can't I send encrypted emails from my work Outlook desktop while I can from my school Outlook desktop?
What is the best and most user-friendly way to email confidential information? Should I use the encrypt option, S/MIME, or do I need to set up public/private keys?

Thank you very much! As a temporary workaround, We have been using password-protected documents, but we need to start using end-to-end encryption when necessary.

Thank you,

Lee Manning

Joan Hua-MSFT 5,300 Reputation points Microsoft External Staff

2024-12-02T08:45:54.9233333+00:00

Hi @LM-5132

Is there any update on this post?

If the answer is helpful, please mark the useful reply as answer, which will make it easier to search for answers in the forum and will also be beneficial to other community members.

Thank you for your support and understanding!

Accepted answer

1 additional answer

Your answer

Joan Hua-MSFT 5,300 Reputation points Microsoft External Staff

2024-12-02T08:45:54.9233333+00:00

Hi @LM-5132

Is there any update on this post?

If the answer is helpful, please mark the useful reply as answer, which will make it easier to search for answers in the forum and will also be beneficial to other community members.

Thank you for your support and understanding!

Answer 1

Anonymous

Hi, @LM-5132

Thank you for posting your question in the Microsoft Q&A forum.

According to your description, you have encountered the problem that the encryption option in Outlook is not available.

First of all, regarding the problem of no encryption option in OWA. You can first use Exchange Online PowerShell to verify whether the tenant is correctly configured for Microsoft Purview Message Encryption. Use the command to check whether the Information Rights Management (IRM) feature is enabled in Outlook Web Edition.

Get-OwaMailboxPolicy | FL *IRMEnabled*

Regarding your second question, it is not possible to send encrypted emails from the work Outlook desktop. I agree with @Andy David - MVP's answer that your organization needs to obtain permission and enable the feature. The only prerequisite for using Microsoft Purview Message Encryption is that Azure Rights Management must be activated in the organization's tenant.

Regarding the question of whether you should use the encryption option S/MIME or set up public/private keys, S/MIME is a widely accepted method for sending digitally signed and encrypted messages. You can also choose to use various encryption technologies together.

Refer to: Resolve Microsoft Purview Message Encryption issues - Microsoft 365 | Microsoft Learn

Set up Microsoft Purview Message Encryption | Microsoft Learn

Best,

Jeanne

LM-5132 250 Reputation points

2024-11-19T19:07:02.44+00:00

Thank you for your assistance and for providing the resource links. I am currently reviewing the information to fully understand it before making any changes. If I enable Information Rights Management (IRM), will this allow users to manually encrypt emails or documents without the need to set up any mail flow rules or policies?

Is this correct, or are there additional settings I need to configure after enabling IRM?

Additionally, what would the rollback options be if I encounter any issues?

Thank you, I appreciate the help.
Anonymous

2024-11-20T09:46:55.7133333+00:00
Hi, @LM-5132

Thanks for your reply, IRM uses Active Directory Rights Management Services, and when Information Rights Management (IRM) is enabled, you can manually encrypt emails or documents. Regarding the rollback option, you can try to disable IRM on the Client Access Server of the Exchange organization through the command.

Set-IRMConfiguration -ClientAccessServerEnabled $false

Refer to: https://learn.microsoft.com/en-us/exchange/enable-or-disable-information-rights-management-on-client-access-servers-exchange-2013-help#use-the-shell-to-disable-irm-on-client-access-servers

If you have any questions, please feel free to contact me. If the answer is helpful, please click "Accept Answer" because it can help other members of the Microsoft Q&A community who have encountered similar problems and are looking for solutions. Thank you.

Best,

Jeanne
Anonymous

2024-11-26T09:51:48.12+00:00

Hi, @LM-5132

I just checked the status of this post and am not sure if your issue has been resolved. If you have additional questions, please comment here, I look forward to hearing from you and will be happy to provide additional support. If the above information helps answer this question, you can click "Accept Answer" to help other members of the Microsoft Q&A community who are experiencing similar issues and are looking for solutions. Thank you very much.
Anonymous

2024-11-28T08:47:44.65+00:00

Hi, @LM-5132

I just checked the status of this post and found that you haven't responded for a long time. I would like to know if your problem has been solved. If it has been solved, I hope you can click the "Accept Answer" button on the answer to receive a helpful reply. This will help other users in the forum with similar problems to find solutions to their problems under this answer. Thank you very much for your understanding and improvement of the forum environment!

Answer 2

Andy David - MVP 157.4K MVP Volunteer Moderator

Your org has to be licensed and the feature has to be enabled:

https://learn.microsoft.com/en-us/purview/set-up-new-message-encryption-capabilities

LM-5132 250 Reputation points

2024-11-18T19:54:35.0733333+00:00

We have F3, E3, and E5 licenses. Is Microsoft Purview Message Encryption in addition to our current licenses?

Why is email encryption in Purview compliance and not Exchange?

Thank you for the link.
Andy David - MVP 157.4K Reputation points MVP Volunteer Moderator

2024-11-18T19:58:50.6166667+00:00

Alot of Exch functionality is moving to Purview (Retention, DLP etc...)

If you have the licenses, I would ask your IT admin to enable or investigate why its not working.
LM-5132 250 Reputation points

2024-11-18T20:13:08.22+00:00

Could you please help me locate the settings to confirm if our email encryption is enabled? I searched in purview.microsoft.com/InformationProtection, but I couldn't find anything related to Azure Information Protection or Rights Management.

Thank you
Andy David - MVP 157.4K Reputation points MVP Volunteer Moderator

2024-11-18T20:16:44.73+00:00

You can use powershell:

https://learn.microsoft.com/en-us/purview/set-up-new-message-encryption-capabilities#verify-microsoft-purview-message-encryption-configuration-in-exchange-online-powershell

at its simplest:

Get-IRMConfiguration

and that will show true if its enabled.

InternalLicensingEnabled : True

ExternalLicensingEnabled : True

AzureRMSLicensingEnabled : True
LM-5132 250 Reputation points

2024-11-19T17:00:10.04+00:00

Based on my understanding, if I activate Azure Rights Management (Azure RMS) without configuring any additional settings, policies, or mail flow rules, the service will be enabled but won't automatically protect any content. Users will still have the ability to manually encrypt emails and documents.

I plan to copy all the current settings and create a rollback SOP in case any issues arise. It appears that Azure RMS is not enabled for our tenant at this time. I'm not fully aware of all the other settings yet, but I will continue to research what those settings should be.

Thank you.
LM-5132 250 Reputation points

2024-11-19T18:53:54.7733333+00:00

I may need to open a support ticket for assistance in configuring everything correctly. Any additional guidance is appreciated.

Thank you very much.

Share via

Help with Encrypting Emails in Outlook

1 additional answer

Your answer