Forum Discussion
Solved
External users cannot open encrypted email
Hi all, I searched the communities but couldn't find the answers I need in regards to Office 365 Message Encryption. We have a customer that wants to send encrypted emails from Outlook. When ...
Hi, I received your test message and whilst I was unable to access it via the Gmail web interface, I was able to open it via Outlook using the AIP viewer. This is going to be the only way that the Gmail users will be able to do this.
As ChristianBergstrom pointed out, the options you are using for encryption are the built-in OME / and older default AIP templates. I would recommend taking a look at updating your labels and policies. Could be a good time to start looking to migrate to Sensitivity Labels from the Security and Compliance Center, as Microsoft are planning to "sunset" the older AIP method in 2021 as per https://techcommunity.microsoft.com/t5/azure-information-protection/announcing-timelines-for-sunsetting-label-management-in-the/ba-p/1226179
But, for the meantime, if you want Gmail accounts to access the encrypted emails, then Outlook and the. AIP viewer is going to be the way.
ChristianBergstrom Thanks for your help. I'm beginning to understand the process now.
I'm currently working through https://docs.microsoft.com/en-us/microsoft-365/compliance/set-up-new-message-encryption-capabilities?view=o365-worldwide and have run into the following PowerShell warning & failure:
Test-IRMConfiguration -sender user@domain.com
Results : Checking Exchange Server ...
- PASS: Exchange Server is running in Datacenter.
Loading IRM configuration ...
- PASS: IRM configuration loaded successfully.
Retrieving RMS Certification Uri ...
- WARNING: Failed to retrieve RMS Certification Uri.
OVERALL RESULT: PASS with warnings on disabled features
Test-IRMConfiguration -RMSOnline
Results : Checking organization context ...
- PASS: Organization context checked; running as tenant administrator.
Loading IRM configuration ...
- PASS: IRM configuration loaded successfully.
Checking RMS Online tenant prerequisites ...
- PASS: RMS Online tenant prerequisites passed.
Checking RMS Online authentication certificate ...
- PASS: The RMS Online authentication certificate is valid.
Checking that a Trusted Publishing Domain can be obtained from RMS Online ...
- FAIL: Failed to obtain a Trusted Publishing Domain from RMS Online.
----------------------------------------
RMS Online error code: TenantIdNotFound
Microsoft.Exchange.Management.RightsManagement.RmsOnlineImportTpdException: RMS Online returned an error for
tenant with external directory organization ID 123456-789-abcd-b882-fdfef4302be3
at Microsoft.Exchange.Management.RightsManagement.RmsUtil.ThrowIfErrorInfoObjectReturned(TenantInfo
tenantInfo, Guid externalDirectoryOrgId)
at Microsoft.Exchange.Management.RightsManagement.RmsOnlineTpdImporter.Import(Guid externalDirectoryOrgId)
at Microsoft.Exchange.Management.RightsManagement.RMSOnlineValidator.ValidateTPDCanBeObtainedFromRMSOnline
(RmsOnlineTpdImporter tpdImporter, TrustedDocDomain& tpd)
----------------------------------------
OVERALL RESULT: FAIL
There are no default RMS templates to select under Exchange mail flow rules:
Can you please assist further?
ashmelburnian Hello! See if this can help you out (I'm having a busy day!)
https://davidatkin.com/blog/no-rms-templates-are-available-in-your-organization/
Look at the last reply here as well https://techcommunity.microsoft.com/t5/azure/email-encryption-in-office-365-with-azure/m-p/142164
- That is great news! Well done!
- Thanks for all the help! Those 2 articles got me across the line.