Office 365 message encryption (2 thoughts)

Posted by

What if you think you know a platform or functionality, but it turns out that you don’t? Or: not all the details? That’s what crossed my mind when I was presented with two use-cases regarding Office 365 message encryption.

The cases in this article were presented to me by users of the functionality, and these guys really know who to find these sort of issues. A short disclaimer: I wrote this article just to inform you. I’ve included some links to the Microsoft documentation, for further reading. But if you encounter the same issues, here’s why…..

User gets prompted to download Outlook

In this case a protected message is sent from Office 365 to Office 365 and Gmail. The standard “Do not forward” action is used. In most cases this went well. One Office 365 recipient could open the e-mail and see the protected content. Notice the Word documents: those are for later 🙂

But the other Office 365 recipient got an error displayed and an invitation to download a free trial. Nice one!

Weird. Because this only seemed to be effecting the one Office 365 recipient. So this must be Exchange Online related, I figured. And that was the case.

In the default setting, Exchange Online will display IRM protected messages. But in this case the administrators probably moved away from this default setting. You can do this by using the Set-IRMConfiguration PowerShell cmdlet with the -ClientAccessServerEnabled parameter.

PowerShell Get-IRM-Configuration

When you set this to $False, you will get the stated results. This cmdlet also offers a multitude of additional parameters, so be sure to check it out!

Send an Office document

The other use-case was centered around an Office document. Like you probably know, there are a lot of people still using the .doc (or related) file extensions. You can or cannot blame them….. Most of the times, these people reuse (copy/paste) a previous document……

And one of the negative side-effects is shown when using message encryption.

Disclaimer: Please note that this file extension (.doc for example) is supported in Office Online and Azure Information Protection. So that makes this use-case somewhat weird.

When you send an e-mail with the Do not forward option and you attach a .doc file – beware. Office Web will not be able to open the document.


Attaching the same document in the right format (.docx) solves this problem.


As these out-of-date extensions cause other issues as-well, you should educate your people in using the correct one. But as this is easier said then done, I thought you should know this potential issue.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s