Enabling and Troubleshooting Email Encryption in M365 (S/MIME ERROR)
If you have a client that is attempting to encrypt emails using the built in Office365 email encryption but users are getting an error about now having an S/Mime certificate, please follow the steps below.
First, you want to make sure the users have the correct license. This license is included in E3, E5 and Business Premium (as well as a few other less common A and G licenses).
AIP Settings:
- Open powershell as admin
- Run:
Connect-AipService- If that fails, run this then retry:
Install-Module -Name AIPService
- If that fails, run this then retry:
- Run:
Get-AIPService- if disabled, run:
Enable-AIPService
- if disabled, run:
- Run:
Set-AipServiceOnboardingControlPolicy -UseRmsUserLicense $True
Information Rights Management Settings:
- Open powershell as admin
- Run:
Connect-ExchangeOnline- if this fails, run this then retry:
Install-Module -Name ExchangeOnlineManagement
- if this fails, run this then retry:
- Run:
Get-IRMConfiguration- if the “AzureRMSLicensingEnabled” parameter is set to $True, encryption is enabled
- if not, run:
Set-IRMConfiguration -AzureRMSLicensingEnabled $True
- if not, run:
- if SimplifiedClientAccessEnabled is set to True, then the newer Encrypt button will show in Outlook and OWA
- if not, run:
Set-IRMConfiguration -SimplifiedClientAccessEnabled $True
- if not, run:
- if the “AzureRMSLicensingEnabled” parameter is set to $True, encryption is enabled
Testing a user:
- Open powershell as admin
- Run:
Connect-ExchangeOnline- if this fails, install the module with:
Install-Module -Name ExchangeOnlineManagement
- if this fails, install the module with:
- Run:
Test-IRMConfiguration -Sender user@domain.com - If working, it should report all PASS
Table of Contents
