Forum Discussion
Email Encryption in Office 365 with Azure
Hi All,
I'm trying to setup office 365 Email encryption and having some issues. Following these instructions:
http://office365support.ca/setup-and-enable-office-365-message-encryption/
This command:
Set-IRMConfiguration -RMSOnlineKeySharingLocation https://sp-rms.na.aadrm.com/TenantManagement/ServicePartner.svc
Gives this error:
The Trusted Publishing Domain (TPD) for your organization should be managed in Microsoft Azure Rights Management. The 'RMSOnlineKeySharingLocation' parameter has been deprecated. For more information, see http://go.microsoft.com/fwlink/p/?LinkId=789272.
+ CategoryInfo : InvalidArgument: (:) [Set-IRMConfiguration], LocalizedException
+ FullyQualifiedErrorId : [Server=DM5PR22MB0444,RequestId=cb997291-1895-4faa-a895-6098f745280f,TimeStamp=1/5/2018 7:38:18 PM] [FailureCategory=Cmdlet-LocalizedException] 63B7BAFF,Microsoft.Exchange.Management.RightsManagement.SetIRMConfiguration
+ PSComputerName : outlook.office365.com
I've also tried folowing these instructions:
https://support.office.com/en-us/article/set-up-new-office-365-message-encryption-capabilities-built-on-top-of-azure-information-protection-7ff0c040-b25c-4378-9904-b1b50210d00e
and completed the comands with no error, but when I send an encrypted email and try to open it in the web browser I get this error every time:
Sorry, we can't display your message right now
Something went wrong and your encrypted message couldn't be opened. Please try again by following the instructions in the original email message in 5 minutes.
Any help would be appreciated
18 Replies
If run the below commands before you setting the Publishing the Domains
Set-IRMConfiguration -InternalLicensingEnabled $false
Set-IRMConfiguration -AzureRMSLicensingEnabled $false
Once both commands successfully executed, Set the Publishing domain once again and post publishing domain enabled. Enable InternalLicensing and AzureRMSLicensing once again using the below commands,
Set-IRMConfiguration -InternalLicensingEnabled $True
Set-IRMConfiguration -AzureRMSLicensingEnabled $True
well, well, well almost one year later December 19, 2018 and I also still have the same problem same error, this should not be this difficult to setup email encryption in O365
Hey J1901, I never got a message saying someone responded to this until today. I found the answer shortly after I asked this question.
Open powershell and run this to install AADRM if you havent already: "Install-Module -Name AADRM" without quotes.
Then run this script:
$cred = Get-Credential
Get-Command -Module aadrm
Connect-AadrmService -Credential $cred
#Activate the service.
Enable-Aadrm
#Get the configuration information needed for message encryption.
$rmsConfig = Get-AadrmConfiguration
$licenseUri = $rmsConfig.LicensingIntranetDistributionPointUrl
#Disconnect from the service.
Disconnect-AadrmService
#Create a remote PowerShell session and connect to Exchange Online.
$session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $cred -Authentication Basic -AllowRedirection
Import-PSSession $session -allowclobber
#Collect IRM configuration for Office 365.
$irmConfig = Get-IRMConfiguration
$list = $irmConfig.LicensingLocation
if (!$list) { $list = @() }
if (!$list.Contains($licenseUri)) { $list += $licenseUri }
#Enable message encryption for Office 365.
Set-IRMConfiguration -LicensingLocation $list
Set-IRMConfiguration -AzureRMSLicensingEnabled $true -InternalLicensingEnabled $true
#Enable server decryption for Outlook on the web, Outlook for iOS, and Outlook for Android.
Set-IRMConfiguration -ClientAccessServerEnabled $true
Then log into O365 and follow these instructions:
Create a rule in the Exchange admin center that will apply encryption.
- Login to the Exchange admin center with the administrator credentials
- On the right side click “Mail Flow” add a rule and call it Email Encryption or something similar
- Under “Apply this rule if” select “if the subject or body include” and type “is encrypted” then click OK
- Click “More Option” at the bottom of the rule box
- Under “ Do the Following” Select “Apply Office 365 Message Encryption and rights protection to the message with…” >> “Modify the message security…” >> “Apply Office 365 Message Encryption and rights protection”
- Select RMS template “Encrypt”
- Click “OK”
- Click save
You get some errors in Powershell but I just did this last week and it worked still.
I had the issue where running the powershell scripts and setting up Encryption thru the portal still resulted with no templates in the Transport rules setup, finally found this script, ran it, and instantly solved my issue, this is after having a ticket open and spending an hour on line with the MS Tech rep.
First download - https://www.microsoft.com/en-us/download/details.aspx?id=30339
Then follow the updated instructions - https://support.office.com/en-us/article/Set-up-new-Office-365-Message-Encryption-capabilities-built-on-top-of-Azure-Information-Protection-7ff0c040-b25c-4378-9904-b1b50210d00e?ui=en-US&rs=en-US&ad=US
When I run the import part I get the following:
Import-RMSTrustedPublishingDomain -RMSOnline -name "RMS Online"
This cmdlet is deprecated. The Trusted Publishing Domain (TPD) for your organization is managed in Microsoft Azure Rights Management. For more information, see http://go.microsoft.com/fwlink/p/?LinkId=789272.I discovered for those commands that produce "cmdlet deprecated" and "The Trusted Publishing Domain (TPD) for your organization is managed in Microsoft Azure Rights Management" errors you have to first disable any transport rule you have enabled to encrypt email in Exchange admin console then
Set-IRMConfiguration -InternalLicensingEnabled $false
Set-IRMConfiguration -InternalLicensingEnabled $false
then the cmdlet
Import-RMSTrustedPublishingDomain -RMSOnline "RMS Online"
should work. If so, then set the above back to $true and re-enable your transport rules. You may have to wait for a period of time for the rule to kick in. I had to do the above because when we ran
Get-IRMConfiguration
the output showed empty values for RMSOnlineKeySharingLocation, RMSOnlineVersion, ServiceLocation, and PublishingLocation. These values were filled in after successfully running the Import-RMSTrustedPublishingDomain cmdlet.
I too am having the same issue and after following the instructions from Microsoft support, I have not gained any progress.
Try this;
$LiveCred = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $LiveCred -Authentication Basic -AllowRedirection
Import-PSSession $SessionSet-IRMConfiguration -RMSOnlineKeySharingLocation https://sp-rms.na.aadrm.com/TenantManagement/ServicePartner.svc
Import-RMSTrustedPublishingDomain -RMSOnline -name "RMS Online"
Set-IRMConfiguration -InternalLicensingEnabled $TrueTest-IRMConfiguration -RMSOnline
I have the samme problem.
Any news from Microsoft support on this issue?
I have also created a support ticket now.
Same issue here. No resolution yet. Starting a ticket w/ MS.
Did you get any resolution for this? I am also having this issue.
- have you verified the configuration with the Test-IRMConfiguration cmdlet?
- Hi Jay!
Have you verified that the command below has been set to true?
Set-IRMConfiguration -ClientAccessServerEnabled $true
For details, have a look at https://support.office.com/en-us/article/Set-up-new-Office-365-Message-Encryption-capabilities-built-on-top-of-Azure-Information-Protection-7ff0c040-b25c-4378-9904-b1b50210d00e?ui=en-US&rs=en-US&ad=US
Best regards
Anders Eide
