1. Ensure you have assigned an Azure right Management license to the user in Office 365.
2. Run the following from a an Elevate PowerShell instance.
If you have never installed Encrypted email before, you may need to install AzureRM and AADRM.
Install-Module -Name AzureRM -AllowClobber Install-Module -Name AADRM
3. Next run this script (you will need the tenant office 365 credentials):
$session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $cred -Authentication Basic -AllowRedirection Import-PSSession $session Set-IRMConfiguration -SimplifiedClientAccessEnabled $true $cred = Get-Credential Get-Command -Module aadrm Connect-AadrmService -Credential $cred Enable-Aadrm $rmsConfig = Get-AadrmConfiguration $licenseUri = $rmsConfig.LicensingIntranetDistributionPointUrl Disconnect-AadrmService $session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $cred -Authentication Basic -AllowRedirection Import-PSSession $session $irmConfig = Get-IRMConfiguration $list = $irmConfig.LicensingLocation if (!$list) { $list = @() } if (!$list.Contains($licenseUri)) { $list += $licenseUri } Set-IRMConfiguration -LicensingLocation $list Set-IRMConfiguration -AzureRMSLicensingEnabled $true -InternalLicensingEnabled $true Set-IRMConfiguration -SimplifiedClientAccessEnabled $true Set-IRMConfiguration -ClientAccessServerEnabled $true
4. To test it is working run:
Test-IRMConfiguration -Sender [email protected]
5. Next, in the Office 365 Exchange Admin centre, set up a mail flow rule like this: