I was recently tasked with achieving a better understanding of our Office 365 setup after our Information Security Officer left for another position. This includes the way we are encrypting our email. Initially, the only option available within Outlook & OWA was Do Not Forward. Within the last week or so the Encrypt-Only option has shown up under the same Permissions button in Outlook and I'm trying to better understand how/where these options are managed. All Microsoft documents I have been able to find are a higher level explanation of what these options do and not how to manage them or turn them off, if this is even possible.
Is the Encrypt-Only function managed through the Encryption mail transport rule in the Exchange Admin Center? If I turned this rule off, would that eliminate the Encrypt-Only option within Outlook?
The Do Not Forward option, is this managed in Azure Information Protection (AIP)? In our environment within the Global Policy (On the Azure Information Protection - Policies blade, select the Global Policy) , it looks like the Do Not Forward button is toggled to not show in the Outlook Ribbon. Why is it still showing up? Or is the attached screenshot not where these settings are actually managed?