Hybrid setup with E2 and azure P1 license encryption issue

%3CLINGO-SUB%20id%3D%22lingo-sub-2525056%22%20slang%3D%22en-US%22%3EHybrid%20setup%20with%20E2%20and%20azure%20P1%20license%20encryption%20issue%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2525056%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%3EHaving%20some%20encryption%20issues%20that%20started%20a%20month%20ago%20that%20does%20not%20allow%20some%20outsiders%20to%20open%20the%20encrypted%20emails%3A%26nbsp%3B%20%3CEM%3EThis%20message%20is%20protected%20and%20you%20don't%20have%20permission%20to%20view%20it.%3C%2FEM%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CEM%3EMessage%20Encryption%20by%20Microsoft%20Office%20365%3C%2FEM%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EI%20read%20this%3A%26nbsp%3B%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%3CP%20class%3D%22alert-title%22%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3EImportant%3C%2FP%3E%3CP%3E%3CFONT%20color%3D%22%230000FF%22%3EFor%20hybrid%20Exchange%20environments%2C%20on-premises%20users%20can%20send%20and%20receive%20encrypted%20mail%20using%20OME%20only%20if%20email%20is%20routed%20through%20Exchange%20Online.%20To%20configure%20OME%20in%20a%20hybrid%20Exchange%20environment%2C%20you%20need%20to%20first%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CU%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2FExchange%2Fexchange-hybrid%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Econfigure%20hybrid%20using%20the%20Hybrid%20Configuration%20wizard%3C%2FA%3E%26nbsp%3Band%20then%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fexchange%2Fmail-flow-best-practices%2Fuse-connectors-to-configure-mail-flow%2Fset-up-connectors-to-route-mail%23part-1-configure-mail-to-flow-from-office-365-to-your-on-premises-email-server%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Econfigure%20mail%20to%20flow%20from%20Office%20365%20to%20your%20email%20server%3C%2FA%3E%26nbsp%3Band%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fexchange%2Fmail-flow-best-practices%2Fuse-connectors-to-configure-mail-flow%2Fset-up-connectors-to-route-mail%23part-2-configure-mail-to-flow-from-your-email-server-to-office-365%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Econfigure%20mail%20to%20flow%20from%20your%20email%20server%20to%20Office%20365%3C%2FA%3E.%20Once%20you've%20configured%20mail%20to%20flow%20through%20Office%20365%2C%20then%20you%20can%20configure%20mail%20flow%20rules%3C%2FU%3E%20for%20OME%20by%20using%20this%20guidance.%3C%2FFONT%3E%3C%2FP%3E%3CP%3Ebut%20we%20have%20already%20had%20the%20transport%20rules%20set%20up%20to%20go%20online%20for%20a%20while.%26nbsp%3B%3CSTRONG%3E%20My%20questions%20is...Do%20I%20need%20to%20re-run%20the%20hybrid%20wizared%3F%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20ran%20this%20command%26nbsp%3BTest-IRMConfiguration%20-Sender%20%3CA%20href%3D%22mailto%3Atest%40micorosoft.com%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3Etest%40micorosoft.com%3C%2FA%3E%26nbsp%3Band%20it%20comes%20back%20Failed%20even%20though%20the%20Get-IRMConfiguration%20comes%20back%20fine.%3C%2FP%3E%3CP%3EI%20deleted%20all%20the%20rules%20and%20I%20am%20redoing%20them%20to%20see%20if%20that%20helps.%20Users%20that%20have%20O365%20outside%20also%26nbsp%3B%20are%20fine.%20Its%20Especially%20not%20working%20when%20the%20outside%20users%20is%20part%20of%20an%20internal%20distribution%20list.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EInternalLicensingEnabled%20%3A%20True%3CBR%20%2F%3EExternalLicensingEnabled%20%3A%20True%3CBR%20%2F%3EAzureRMSLicensingEnabled%20%3A%20True%3CBR%20%2F%3ETransportDecryptionSetting%20%3A%20Optional%3CBR%20%2F%3EJournalReportDecryptionEnabled%20%3A%20True%3CBR%20%2F%3ESimplifiedClientAccessEnabled%20%3A%20True%3CBR%20%2F%3EClientAccessServerEnabled%20%3A%20True%3CBR%20%2F%3ESearchEnabled%20%3A%20True%3CBR%20%2F%3EEDiscoverySuperUserEnabled%20%3A%20True%3CBR%20%2F%3EDecryptAttachmentFromPortal%20%3A%20False%3CBR%20%2F%3EDecryptAttachmentForEncryptOnly%20%3A%20False%3CBR%20%2F%3ESystemCleanupPeriod%20%3A%200%3CBR%20%2F%3ESimplifiedClientAccessEncryptOnlyDisabled%20%3A%20False%3CBR%20%2F%3ESimplifiedClientAccessDoNotForwardDisabled%20%3A%20False%3CBR%20%2F%3EEnablePdfEncryption%20%3A%20True%3CBR%20%2F%3EAutomaticServiceUpdateEnabled%20%3A%20True%3CBR%20%2F%3ER%7D%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2525056%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EHybrid%20encryption%20issue%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Occasional Contributor

Having some encryption issues that started a month ago that does not allow some outsiders to open the encrypted emails:  This message is protected and you don't have permission to view it.

Message Encryption by Microsoft Office 365

I read this:  

 Important

For hybrid Exchange environments, on-premises users can send and receive encrypted mail using OME only if email is routed through Exchange Online. To configure OME in a hybrid Exchange environment, you need to first configure hybrid using the Hybrid Configuration wizard and then configure mail to flow from Office 365 to your email server and configure mail to flow from your email server to Office 365. Once you've configured mail to flow through Office 365, then you can configure mail flow rules for OME by using this guidance.

but we have already had the transport rules set up to go online for a while.  My questions is...Do I need to re-run the hybrid wizared?

 

I ran this command Test-IRMConfiguration -Sender test@micorosoft.com and it comes back Failed even though the Get-IRMConfiguration comes back fine.

I deleted all the rules and I am redoing them to see if that helps. Users that have O365 outside also  are fine. Its Especially not working when the outside users is part of an internal distribution list. 

 

InternalLicensingEnabled : True
ExternalLicensingEnabled : True
AzureRMSLicensingEnabled : True
TransportDecryptionSetting : Optional
JournalReportDecryptionEnabled : True
SimplifiedClientAccessEnabled : True
ClientAccessServerEnabled : True
SearchEnabled : True
EDiscoverySuperUserEnabled : True
DecryptAttachmentFromPortal : False
DecryptAttachmentForEncryptOnly : False
SystemCleanupPeriod : 0
SimplifiedClientAccessEncryptOnlyDisabled : False
SimplifiedClientAccessDoNotForwardDisabled : False
EnablePdfEncryption : True
AutomaticServiceUpdateEnabled : True
R}

0 Replies