Back to Documentation
Microsoft Office 365

Administrator Guide – Enable Microsoft 365 Message Encryption

Overview

This document explains how administrators can enable Microsoft 365 Message Encryption (OME) so users can send encrypted email from Outlook.

Prerequisites

Users must have one of the following licenses:

  • Microsoft 365 Business Premium
  • Microsoft 365 E3
  • Microsoft 365 E5
  • Exchange Online with Azure Rights Management

Step 1: Enable Azure Rights Management (IRM)

Using Microsoft 365 Admin Center

  1. Log in to Microsoft 365 Admin Center.
  2. Go to Settings → Org settings → Services.
  3. Select Rights Management.
  4. Activate Azure Rights Management.

Using PowerShell

1Connect-ExchangeOnline
2Set-IRMConfiguration -AzureRMSLicensingEnabled $true

Step 2: Verify Encryption Availability

  1. Open Outlook as a user.
  2. Create a new email.
  3. Go to Options.
  4. Confirm the Encrypt button is visible.

Step 3: Create Mail Flow Rules (Optional)

To automatically apply encryption:

  1. Open Exchange Admin Center.
  2. Go to Mail flow → Rules.
  3. Create a new rule.
  4. Define conditions (e.g., subject contains "Confidential").
  5. Apply message encryption action.

Testing

  • Send a test encrypted email to an external account.
  • Verify recipient access through secure portal or passcode.

Reference

For detailed Microsoft guidance:

Microsoft Learn – Message Encryption Documentation https://learn.microsoft.com/microsoft-365/compliance/message-encryption