Share via

Microsoft Purview M365 to M365 Email message encryption.

Brendan 0 Reputation points
2025-01-31T03:09:14.05+00:00

Hi

Normally when a Purview encrypted email is sent from a M365 environment to another M365 environment, the email encryption is seamless and requires no interaction by the end user.

Now when an encrypted email is sent from one M365 environment to another M365, the message appears as if it was sent to a non Outlook/Exchange email address. The user is required to click on a link and view the email in a webmail client.

Is there a reason why this would suddenly happen with no changes to the Purview DLP policies?

Any assistance would be appreciated.

Microsoft 365
Microsoft 365
Formerly Office 365, is a line of subscription services offered by Microsoft which adds to and includes the Microsoft Office product line.
5,622 questions
Microsoft Purview
Microsoft Purview
A Microsoft data governance service that helps manage and govern on-premises, multicloud, and software-as-a-service data. Previously known as Azure Purview.
1,366 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Smaran Thoomu 19,390 Reputation points Microsoft Vendor
    2025-01-31T12:46:19.38+00:00

    Hi @Brendan
    Welcome to Microsoft Q&A platform and thanks for posting your query here.
    I understand how frustrating it can be when something that was working seamlessly suddenly changes. If Microsoft Purview’s email encryption is now requiring recipients in another M365 tenant to open emails via a web client instead of decrypting them directly in Outlook, a few things could be causing this:

    1. Even if no updates were made to your DLP policies, check if any changes were made to Microsoft Purview Message Encryption (OME) settings. Sometimes, org-wide encryption settings can be updated without direct modifications to DLP policies.
    2. The receiving M365 tenant may have updated their policies, which could be affecting the way encrypted emails are handled. You might want to check if Rights Management Service (RMS) settings have changed on their side.
    3. If your organization uses mail flow rules (e.g., to force encryption for certain recipients), a recent change could be affecting behavior. You can check this in Exchange Admin Center (EAC) → Mail Flow → Rules.
    4. Occasionally, Microsoft updates backend behavior that could affect encryption handling. It’s worth checking the Microsoft 365 Service Health Dashboard to see if there are any related incidents.

    To troubleshoot:

    • Try sending an encrypted email to a test account in another M365 tenant and see if the issue persists.
    • Review encryption settings in Microsoft Purview Compliance Portal under Information Protection → Email Encryption.
    • Ask the recipient to check their Microsoft 365 Message Encryption (OME) settings in their admin center.

    Refer this article for more information on Encryption issues

    Hope this helps. Do let us know if you any further queries.

    If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.