time to access Office 365 Message encryption messages

New Contributor



activating Office 365 Message Encryption and having questions regarding time periods:


- How long (/often) is an encrypted sent e-mail accessible?

- Suppose I delete sending office 365 tenant completely, can messages still be opened by receivers?

- Basically: Any control of OME Messages after sending?

5 Replies

Mail is not stored in the service, but in your (and the recipient's) mailbox. O365 servers are only used to decrypt/display the message. As long as the message is not deleted and you are still using the service, it can be accessed. If you mean message expiration, I dont think this is officially supported, though we do have a parameter for PowerShell that hints it's possible.


The service does store the encryption keys however, and as OME is using Azure RMS on the backend, decommissioning of the service will be similar to what's detailed here: https://docs.microsoft.com/en-us/information-protection/deploy-use/decommission-deactivate


Not sure what you mean about control? Did you check the FAQ here: https://technet.microsoft.com/en-us/library/dn569285.aspx

Thanks, thats what dawned on me somehow.

"As long as the message is not deleted and you are still using the service"

With "you" do you mean the sender implementing ome or the non-ome receiver?

You as the one using/paying for the serice, and he as the one keeping the message.


Looking at the product pages however, it seems that OME is now only offered as part of AIP, and the latter offers you a bit more flexibility compared to OME in terms of revoking access, tracking protected documents, etc.

@Vasil Michev 

Thanks for your insight, as Microsoft is currently pushing the hole topic under the name MIP, let me warm up this old thread.



I don't use Microsoft 365 or Microsoft outlook.


I receive an OME encrypted E-Mail, which I open via "the link", which redirects to an Outlook Webaccess light. I sign in with one time password. --> The mail is basically stored in the Microsoft cloud.


How long, or which are the conditions under which I can access this E-Mail?


  1. Am I understanding you right, that when the sender deletes the mail from his "Sent Items" and "Trash Bin", I would loose access to that mail?
  2. When the sender terminates the M365 contract (e.g. going out of business), then I would not have access to that mail anymore?
  3. Would I still have access via Microsoft Outlook (aka is the MS MIP/AIP/RMS Service still handing out keys in a decomissend state, or would even this service be "switched off"
  4. Are there any "grace periods" involved?


As a background:

In Germany it is mandatory to archive business communication in readable format (including E-Mail for 10 years).

When I can't guarantee access to that mails for this time frame, I would need to refuse OME Mails?

Or is there a known legal backup?

Is there any Information from Microsoft side? Unfortunatly I haven't found any.




Interesting questions. Do you have discovered answers to these points meanwhile? It seems to be quiet complicated to find valuable information about the details of the message encryption.