Office Message Encryption Configuration and Troubleshooting


With Office 365 Message Encryption, an organization can send and receive encrypted email messages between people inside and outside its organization.
We have this functionality for a while in Office 365. This is also called Office 365 Message Encryption version 1 (OMEv1).
In the last fall we received a new version of Office 365 Message Encryption, version 2 (OMEv2) which is based on Azure Information Protection (AIP) and allows organization not only to encrypt but also to protect emails & documents on the entire life of them. OMEv2 also adds the capability to work with partners and external recipients.

New information about OME setup and capabilities you can find in the following articles:
- Set up new Office 365 Message Encryption capabilities built on top of Azure Information Protection
- https://docs.microsoft.com/en-us/information-protection/

Me and my colleague Daniel David started writing this blog post and building a script as we found as some of the capabilities are sometimes misunderstood and/or misconfigured.

Currently both versions can be used independently or mixed if they are configured correctly.

With the script we wrote we tried to address OME configurations in all these situations.
You can find the script on TechNet Gallery: Office Message Encryption Configuration and Troubleshooting

Important: the script is provided with the following Disclaimer:

You can find bellow the main menu:

You have the possibility of checking:
- the current configuration
- enable/disable OME versions
- view and export templates/labels details
- check known issues
- export and check logs
- open or refresh cache IRM folder or registry

Bellow there are few screenshots from the execution of the script:

Skip to main content