Enable or disable message encryption of individual emails by end users

 

Applies to: Exchange Online, Exchange Online Protection, Office 365

Summary: Describes how to manage whether or not your users can apply Office 365 Message Encryption to an individual email message in Outlook Web App.

In addition to overall encryption rules, you can also choose to enable or disable individual message encryption options for end users. By default, Office 365 is configured to allow your end users to encrypt individual email messages when they send email from Outlook Web App. You can disable or enable this setting by using the Set-OMEConfiguration Windows PowerShell cmdlet for Exchange Online.

Note

To use the procedure in this topic, your organization must have Windows Azure Rights Management set up for Office 365 Message Encryption, as described in Set up Microsoft Azure Rights Management for Office 365 Message Encryption.

To enable or disable individual message encryption by end users by using the Set-OMEConfiguration PowerShell cmdlet

  1. Connect to Office 365 using Remote PowerShell, as described in Connect to Exchange Online using Remote PowerShell.

  2. To enable individual message encryption for your end users, run the cmdlet with the ClientEncryptionEnabled attribute set to True. For example, type:

    Set-OMEConfiguration -Identity <OMEConfigurationId> -ClientEncryptionEnabled $True
    

    To disable individual message encryption for your end users, run the cmdlet with the ClientEncryptionEnabled attribute set to False. For example, type:

    Set-OMEConfiguration -Identity <OMEConfigurationId> -ClientEncryptionEnabled $False
    

    Where:

    This parameter Specifies:

    -Identity <OMEConfigurationId>

    The OME configuration that you want to modify. The default OME configuration has the Identity value "OME Configuration". You can also use "default".

    -ClientEncryptionEnabled $True

    Allows users to encrypt individual email messages with Office Message Encryption.

    -ClientEncryptionEnabled $False

    Prevents the Outlook Web App from displaying the "Encrypt with OME" option in the user interface.

    See Set-OMEConfiguration for more information about this cmdlet.

See Also

Encryption in Office 365
Service information for Office 365 Message Encryption
Define rules to encrypt or decrypt email messages