Forum Discussion

ITTTTTT42's avatar
ITTTTTT42
Copper Contributor
Oct 29, 2025
Solved

Outlook Classic for M365 - File > Encrypt > 'Encrypt-Only' option applies 'Do Not Forward' label?

I recently joined a new company and am helping support their M365 tenant and admin duties.   I'm running into a very weird issue where no recipients can actually read/view the message when we encry...
admin
email
encryption
microsoft 365
outlook
  • Kidd_Ip's avatar
    Kidd_Ip
    Nov 03, 2025

    Would suggest taking a look at the following:

     

    1. Review Sensitivity Label Configuration in Purview
    • Go to Microsoft Purview portal > Information Protection > Labels.
    • Check the Encrypt-Only label:
      • Ensure it’s not configured with “Do Not Forward” permissions.
      • Confirm it’s published to the correct users/groups.
      • Verify that Outlook and OWA are selected under “Apps that support this label.”

     

    1.  Check Outlook Client behavior
    • Ensure users are on the latest Outlook Classic build.
    • Clear Outlook cache and restart the client.
    • Optionally, check registry keys under:
    HKEY_CURRENT_USER\Software\Microsoft\Office\<version>\Common\Security

    Look for any overrides related to IRM or encryption.

    1. Test with a Clean Profile
    • Create a new Outlook profile and test the File > Encrypt > Encrypt-Only path.
    • If it works correctly, the issue may be profile-specific or cached label metadata.
    1. Consider Disabling Legacy IRM Mapping
    • If your org migrated from legacy IRM templates, they may still be influencing behavior.
    • You can disable legacy IRM mapping via PowerShell:
    Set-IRMConfiguration -SimplifiedClientAccessEnabled $true

     

    1. Educate Users to Use the Options Ribbon
    • Until resolved, recommend users always use the Options ribbon > Encrypt method.
    • You can even customize the ribbon or disable the File > Encrypt path via GPO or UI customization.

     

    Apply encryption using sensitivity labels | Microsoft Learn

TRogers's avatar
TRogers
Copper Contributor
Oct 31, 2025

Started seeing these exact same issues for multiple tenants starting around Oct 17th 2025. We're currently having end users just use the Option > Encrypt method as a work around. Users on New Outlook do not have this issue as the File > Encrypt method doesn't exist. Currently no fix found or working.

ITTTTTT42's avatar
ITTTTTT42
Copper Contributor
Nov 17, 2025

Any luck??

 

After trying Kidd's suggestions of updating Outlook/M365 apps, and clearing deleting all contents of the Outlook cache (C:\Users\%username%\AppData\Local\Microsoft\Outlook\RoamCache), the issue/original behavior has disappeared and it's no longer randomly changing to 'Do Not Forward'! 

Resources