Forum Discussion

Scz's avatar
Scz
Copper Contributor
Jan 27, 2025

AIP padlock icon missing in encrypted message

Hi, I have enabled AIP in my tenant along with sensitivity labels and encryption. I can send encrypted messages succesfully however the secure message - which contains a padlock icon referring to a...
Azure Information Protection
Security & Compliance
aasimtek's avatar
aasimtek
Copper Contributor
Feb 03, 2025

You're absolutely right—if the padlock icon is missing from an AIP (Azure Information Protection) encrypted message, it could raise phishing concerns. This usually happens when:

✅ The image URL used by Microsoft is broken or blocked
✅ Your email security filters are stripping external content
✅ AIP policy settings are misconfigured

🔹 Quick Fixes to Restore the Padlock Icon
1️⃣ Test the Image URL Directly
Open the email in Outlook Web (OWA)
Right-click on the broken image → Copy image address
Paste the URL into your browser and check if it loads
🚀 If the image doesn’t load, then the issue is likely on Microsoft’s side, and you should report it via Microsoft 365 support.

2️⃣ Disable External Image Blocking in Outlook
Some security settings prevent Outlook from loading images.
Try:
✅ Outlook Desktop → File > Options > Trust Center > Automatic Download
✅ Uncheck "Don't download pictures automatically"

If this works, your company’s security policy is likely blocking Microsoft-hosted images.

3️⃣ Check Exchange Transport Rules & Security Policies
If the image URL is valid, but it’s still not loading, your Exchange or Defender settings might be blocking it.

📌 Check for Exchange Transport Rules that strip external images:

Go to Microsoft 365 Admin Center > Exchange Admin Center > Mail Flow > Rules
Look for rules related to external content removal
📌 Check Defender for Office 365 Policies:

Security & Compliance Center → Threat Management > Safe Attachments & Safe Links
Look for settings blocking Microsoft-hosted images
4️⃣ Verify Sensitivity Label & AIP Configurations
If encryption is working, but formatting is breaking:
✅ Go to Microsoft Purview Compliance Center (🔗 Link)
✅ Navigate to Information Protection > Labels
✅ Open the encrypted label → Check if it’s set to use Microsoft’s default message format

🚀 If your org is using a custom template, it may be missing the default Microsoft branding elements, including the padlock icon.

🔹 Long-Term Fix: Report to Microsoft
If you confirm the image URL is broken on Microsoft's end, open a ticket with Microsoft 365 Support:

Admin Center > Support > New Service Request
Provide the broken image URL and a screenshot of the affected email
This will ensure that Microsoft updates the secure message format.

💡 TL;DR - Fix Missing Padlock in AIP Emails
Fix    Steps
Test the image URL    Copy & paste into browser to see if it loads
Disable Outlook security settings    Uncheck "Don't download pictures automatically"
Check Exchange/Defender policies    Ensure images aren’t being stripped
Review AIP Sensitivity Labels    Confirm correct branding settings in Microsoft Purview
Report to Microsoft    If URL is broken, open a support ticket
👉 Final Recommendation: If this is an org-wide issue, Microsoft might have changed the image URL—reporting it ASAP ensures a fix! 

Resources