This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(28.799999999999997, 12%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EL5%3C/text%3E%3C/svg%3E)
Hello,
I need some assistance with encrypting emails in Outlook, please. I've read numerous posts and articles from Microsoft Learn, but I'm still unsure about the best way to send confidential information via email.
I have a Microsoft account through my college and have downloaded the applications, so I am using the Outlook desktop version. When I compose an email and click "Options", I see a lock icon that allows me to encrypt emails, and this feature works correctly.
However, I'm facing issues with my work Outlook account. When I attempt to encrypt an email via OWA (Outlook Web App), there is no option for encryption. To address this, I downloaded the Microsoft apps from my work account onto a separate laptop from the one I use for my school account because I didn't want to have both versions (school and work) on the same laptop.
Here’s the problem: It seems that the encryption option is available on the desktop version of Outlook but not in OWA, forcing me to use the desktop Outlook. When I try to encrypt emails on my work account using the desktop version, I receive the error message: "Microsoft Outlook was not able to create a message with restricted permission."
Additionally, I asked a coworker to send an encrypted email, and she encountered two different error messages: "Connect to Right Management Servers and get templates," and "No logged-on Office users are configured for Information Rights Management (IRM)."
All our applications are Software as a Service (SaaS) and hosted in Microsoft 365. I believe all users should be able to encrypt emails or password-protect them.
I have three questions:
Thank you very much! As a temporary workaround, We have been using password-protected documents, but we need to start using end-to-end encryption when necessary.
Thank you,
Lee Manning
Your org has to be licensed and the feature has to be enabled:
https://learn.microsoft.com/en-us/purview/set-up-new-message-encryption-capabilities
We have F3, E3, and E5 licenses. Is Microsoft Purview Message Encryption in addition to our current licenses?
Why is email encryption in Purview compliance and not Exchange?
Thank you for the link.
Alot of Exch functionality is moving to Purview (Retention, DLP etc...)
If you have the licenses, I would ask your IT admin to enable or investigate why its not working.
Could you please help me locate the settings to confirm if our email encryption is enabled? I searched in purview.microsoft.com/InformationProtection, but I couldn't find anything related to Azure Information Protection or Rights Management.
Thank you
You can use powershell:
at its simplest:
Get-IRMConfiguration
and that will show true if its enabled.
InternalLicensingEnabled : True
ExternalLicensingEnabled : True
AzureRMSLicensingEnabled : True
Based on my understanding, if I activate Azure Rights Management (Azure RMS) without configuring any additional settings, policies, or mail flow rules, the service will be enabled but won't automatically protect any content. Users will still have the ability to manually encrypt emails and documents.
I plan to copy all the current settings and create a rollback SOP in case any issues arise. It appears that Azure RMS is not enabled for our tenant at this time. I'm not fully aware of all the other settings yet, but I will continue to research what those settings should be.
Thank you.
I may need to open a support ticket for assistance in configuring everything correctly. Any additional guidance is appreciated.
Thank you very much.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(310.4, 26%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EML%3C/text%3E%3C/svg%3E)
Hi, @LM-5132
Thank you for posting your question in the Microsoft Q&A forum.
According to your description, you have encountered the problem that the encryption option in Outlook is not available.
First of all, regarding the problem of no encryption option in OWA. You can first use Exchange Online PowerShell to verify whether the tenant is correctly configured for Microsoft Purview Message Encryption. Use the command to check whether the Information Rights Management (IRM) feature is enabled in Outlook Web Edition.
Get-OwaMailboxPolicy | FL *IRMEnabled*
Regarding your second question, it is not possible to send encrypted emails from the work Outlook desktop. I agree with @Andy David - MVP's answer that your organization needs to obtain permission and enable the feature. The only prerequisite for using Microsoft Purview Message Encryption is that Azure Rights Management must be activated in the organization's tenant.
Regarding the question of whether you should use the encryption option S/MIME or set up public/private keys, S/MIME is a widely accepted method for sending digitally signed and encrypted messages. You can also choose to use various encryption technologies together.
Refer to: Resolve Microsoft Purview Message Encryption issues - Microsoft 365 | Microsoft Learn
Set up Microsoft Purview Message Encryption | Microsoft Learn
Best,
Jeanne
Thank you for your assistance and for providing the resource links. I am currently reviewing the information to fully understand it before making any changes. If I enable Information Rights Management (IRM), will this allow users to manually encrypt emails or documents without the need to set up any mail flow rules or policies?
Is this correct, or are there additional settings I need to configure after enabling IRM?
Additionally, what would the rollback options be if I encounter any issues?
Thank you, I appreciate the help.
Hi, @LM-5132
Thanks for your reply, IRM uses Active Directory Rights Management Services, and when Information Rights Management (IRM) is enabled, you can manually encrypt emails or documents. Regarding the rollback option, you can try to disable IRM on the Client Access Server of the Exchange organization through the command.
Set-IRMConfiguration -ClientAccessServerEnabled $false
If you have any questions, please feel free to contact me. If the answer is helpful, please click "Accept Answer" because it can help other members of the Microsoft Q&A community who have encountered similar problems and are looking for solutions. Thank you.
Best,
Jeanne