Hi All
I have setup a sensitivity label called Forwarding in Office365 information protection and I published the label to one user (i.e. smith@xx.com, the one user has a Office365 E3 license attached). Additionally, I have enabled the protection service using PowerShell by running this command: enable-AipService (reference: https://learn.microsoft.com/en-us/azure/information-protection/activate-service).
Additionally, I have run this command: in PowerShell: Set-AipServiceOnboardingControlPolicy -UseRmsUserLicense $False -SecurityGroupObjectId "7900b022-c487-4cf1-8359-a001d600b422" - this is so that the users within the group called Security Group (object id 7900b022-c487-4cf1-8359-a001d600b4220) can protect documents and emails with the sensitivity label Forwarding.
The issue I face is, after waiting for 24 hours for our Office365 tenant to propagate, I try to send an email from the one user who has access to the sensitive label Forwarding. When it is applied and when I hit send (the recipient is the sender, tried using other recipients) I get an error immediacy after sending - the errors say (blanked out the email addresses)
Delivery has failed to these recipients or groups:
xx xx (xx@xx.com)
Your message couldn't be delivered because it couldn't be encrypted.
Diagnostic information for administrators:
Generating server: ME3PR01MB5912.ausprd01.prod.outlook.com
xx@xx.com
Remote Server returned '550 5.3.101 RmsSvcAgent; Cannot RMS protect the message because Encryption is disabled in Microsoft Exchange Transport.'
Original message headers:
Authentication-Results: xx.com; dkim=none (message not signed)
header.d=none;operatorsimulation.com; dmarc=none action=none
header.from=operatorsimulation.com;
Received: from ME2PR01MB2500.ausprd01.prod.outlook.com (2603:10c6:201:1b::15)
by ME3PR01MB5912.ausprd01.prod.outlook.com (2603:10c6:220:db::10) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4587.18; Fri, 8 Oct
2021 11:19:42 +0000
Received: from ME2PR01MB2500.ausprd01.prod.outlook.com
([fe80::9c9f:e080:6072:6196]) by ME2PR01MB2500.ausprd01.prod.outlook.com
([fe80::9c9f:e080:6072:6196%7]) with mapi id 15.20.4587.020; Fri, 8 Oct 2021
11:19:42 +0000
Content-Type: application/ms-tnef; name="winmail.dat"
Content-Transfer-Encoding: binary
I tried correcting this issue by updating the label to no avail. Below is the encryption settings applied to the senstity label Forwarding
Any help is greatly appreciated.