Forum Discussion
AIP padlock icon missing in encrypted message
Hi,
I have enabled AIP in my tenant along with sensitivity labels and encryption.
I can send encrypted messages succesfully however the secure message - which contains a padlock icon referring to a microsoft website - is broken and fails to load. I’ve viewed the source of the message and tried to load the image in my browser. The image failed to load and I believe the image location is not valid anymore.
Could you please validate and provide a fix so that the padlock icon loads successfully?
Currently the secure message looks like a phishing email and will probably be treated as such.
4 Replies
Try these steps to fix the missing AIP padlock icon in encrypted emails:
1. Check the Email Source – View the message headers and test the image URL in a browser. If broken, Microsoft may have changed it.
2. Enable Images in Email Client – Some clients block external images by default. Allow them manually.
3. Verify AIP Settings – Run:
Get-AipServiceConfiguration
Ensure "EnableClientAutoUpdate" is True.4. Test with Different Sensitivity Labels – See if the issue persists across all protected emails.
5. Check Microsoft 365 Status – Look for known issues on Microsoft Service Health.
6. Report to Microsoft – If still broken, raise a support ticket: Microsoft Support.
You're absolutely right—if the padlock icon is missing from an AIP (Azure Information Protection) encrypted message, it could raise phishing concerns. This usually happens when:
✅ The image URL used by Microsoft is broken or blocked
✅ Your email security filters are stripping external content
✅ AIP policy settings are misconfigured🔹 Quick Fixes to Restore the Padlock Icon
1️⃣ Test the Image URL Directly
Open the email in Outlook Web (OWA)
Right-click on the broken image → Copy image address
Paste the URL into your browser and check if it loads
🚀 If the image doesn’t load, then the issue is likely on Microsoft’s side, and you should report it via Microsoft 365 support.2️⃣ Disable External Image Blocking in Outlook
Some security settings prevent Outlook from loading images.
Try:
✅ Outlook Desktop → File > Options > Trust Center > Automatic Download
✅ Uncheck "Don't download pictures automatically"If this works, your company’s security policy is likely blocking Microsoft-hosted images.
3️⃣ Check Exchange Transport Rules & Security Policies
If the image URL is valid, but it’s still not loading, your Exchange or Defender settings might be blocking it.📌 Check for Exchange Transport Rules that strip external images:
Go to Microsoft 365 Admin Center > Exchange Admin Center > Mail Flow > Rules
Look for rules related to external content removal
📌 Check Defender for Office 365 Policies:Security & Compliance Center → Threat Management > Safe Attachments & Safe Links
Look for settings blocking Microsoft-hosted images
4️⃣ Verify Sensitivity Label & AIP Configurations
If encryption is working, but formatting is breaking:
✅ Go to Microsoft Purview Compliance Center (🔗 Link)
✅ Navigate to Information Protection > Labels
✅ Open the encrypted label → Check if it’s set to use Microsoft’s default message format🚀 If your org is using a custom template, it may be missing the default Microsoft branding elements, including the padlock icon.
🔹 Long-Term Fix: Report to Microsoft
If you confirm the image URL is broken on Microsoft's end, open a ticket with Microsoft 365 Support:Admin Center > Support > New Service Request
Provide the broken image URL and a screenshot of the affected email
This will ensure that Microsoft updates the secure message format.💡 TL;DR - Fix Missing Padlock in AIP Emails
Fix Steps
Test the image URL Copy & paste into browser to see if it loads
Disable Outlook security settings Uncheck "Don't download pictures automatically"
Check Exchange/Defender policies Ensure images aren’t being stripped
Review AIP Sensitivity Labels Confirm correct branding settings in Microsoft Purview
Report to Microsoft If URL is broken, open a support ticket
👉 Final Recommendation: If this is an org-wide issue, Microsoft might have changed the image URL—reporting it ASAP ensures a fix!Hi Scz ,
The padlock icon in encrypted messages is likely hosted on a Microsoft server, and its location (URL) may have changed, become invalid, or been removed. This could be due to updates in AIP services, a misconfiguration in the tenant settings, or restricted access to the image resource. As a result, the icon fails to load in the recipient's email, making the message appear suspicious or untrustworthy, akin to a phishing attempt.
Verify the Icon's URL:
- Inspect the message source to locate the URL of the missing padlock icon.
- Attempt to access the URL directly in a browser to confirm if the resource is still valid.
- If the URL is broken, Microsoft may need to provide a new link or resolve the issue on their servers.
Update AIP Templates or Policies:
- Log in to the Microsoft Purview compliance portal.
- Navigate to Sensitivity Labels under Information Protection.
- Check if the templates or labels applied to the encrypted messages are up-to-date and correctly configured.
- If an older template is used, update to the latest version to ensure compatibility with current AIP services.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Best Regards,
Ali K
Hi Scz!
The padlock icon in your encrypted messages is not loading because the image URL might have changed or is no longer valid. Try clearing the cache in your browser or checking if any security settings are blocking the image from loading. You could also check if there’s a newer update for AIP or Microsoft 365 apps, as sometimes these issues get fixed in updates.
Hope it helps!
