Forum Discussion
Outlook Classic for M365 - File > Encrypt > 'Encrypt-Only' option applies 'Do Not Forward' label?
I recently joined a new company and am helping support their M365 tenant and admin duties. I'm running into a very weird issue where no recipients can actually read/view the message when we encry...
Would suggest taking a look at the following:
- Review Sensitivity Label Configuration in Purview
- Go to Microsoft Purview portal > Information Protection > Labels.
- Check the Encrypt-Only label:
- Ensure it’s not configured with “Do Not Forward” permissions.
- Confirm it’s published to the correct users/groups.
- Verify that Outlook and OWA are selected under “Apps that support this label.”
- Check Outlook Client behavior
- Ensure users are on the latest Outlook Classic build.
- Clear Outlook cache and restart the client.
- Optionally, check registry keys under:
HKEY_CURRENT_USER\Software\Microsoft\Office\<version>\Common\SecurityLook for any overrides related to IRM or encryption.
- Test with a Clean Profile
- Create a new Outlook profile and test the File > Encrypt > Encrypt-Only path.
- If it works correctly, the issue may be profile-specific or cached label metadata.
- Consider Disabling Legacy IRM Mapping
- If your org migrated from legacy IRM templates, they may still be influencing behavior.
- You can disable legacy IRM mapping via PowerShell:
Set-IRMConfiguration -SimplifiedClientAccessEnabled $true
- Educate Users to Use the Options Ribbon
- Until resolved, recommend users always use the Options ribbon > Encrypt method.
- You can even customize the ribbon or disable the File > Encrypt path via GPO or UI customization.