Office 365 Message Encryption is an additional server built on Azure RMS and Exchange Online.

Exchange Online Administrators can enable message encryption by defining transport rules that determine the conditions for encryption.

Messages can be encrypted regardless of the destination email service (, Yahoo, Gmail, or another service).

Recipients have a similar experience to the Windows RMS Sharing Application (prompted to sign up for free service).

Video Overview

Technical Reference

Steps to enable the Office 365 Message Encryption

  1. login to Office 365 admin center via . Go to service settings -> rights management -> manage , make sure the Rights management is activated .
  2. Connect to Exchange Online Using Remote PowerShell .
  3. Login with this command:
    • $LiveCred = Get-Credential
  4. If you haven't previously run Windows PowerShell remote commands for Exchange Online, run the following command:
    • set-executionpolicy remotesigned )
    • $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri -Credential $LiveCred -Authentication Basic –AllowRedirection
    • Import-PSSession $Session
  5. run the following command. Select one based on your region:
  6. run the command:
    • Import-RMSTrustedPublishingDomain -RMSOnline -name "RMS Online"
  7. run the command and make sure the result is PASS:
    • Test-IRMConfiguration -RMSOnline
  8. run the command:
    • Set-IRMConfiguration -InternalLicensingEnabled $true

This action will need a few hours to take effect.

Until then you might see the error "You can't create a rule containing the AppyOME or RemoveOME action because IRM licensing is disabled" when creating rules.