Enable OMEv2 (AIP) using PowerShell script

November 03, 2018

Scenario

Are you looking to protect your M365 data from unauthorized access? If so, Office 365 Message Encryption (OME) provides an effective way of doing just that. OME is a powerful encryption mechanism that can be configured using Azure Information Protection. In this article, we’ll walk you through the steps needed to enble M365 encryption using PowerShell.

Message encryption is a security feature that helps protect your data from unauthorized access. By encrypting your M365 messages, you can ensure that only authorized users can view and access them. Office 365 Message Encryption offers several layers of security, providing protection from both malicious hackers and government investigators.

By following these steps, you will be able encrypt your M365 messages. This process is simple and can be completed in minutes.

Scenarios you’re possibly in:

You want to encrypt messages from O365
You want to enable Protect button in OWA
You want to use IRM templates for emails
Unable to open encrypted messages in EXO

Assumptions:

Exchange Online and Azure Information Protection Licenses
Activated Azure Rights Management
Fully provisioned user(s)
PowerShell 5 (latest version)

Steps

One-time machine configuration

1. Make sure Microsoft’s PackageManagement PowerShell Modules is configured on your machine.

2. Open PowerShell and execute the following cmdlets.

Install-Module MSOnline

Install-Module -Name AADRM

Update-Module -Name AADRM

Using a PowerShell script to enable OME v2

There’s a lot of configuration you can make using this script. However, in this section we will only describe the steps on how to enable OME v2 so that you can encrypt Office 365 message from Outlook or Outlook on the web.

1. Download the script from Microsoft’s TechNet Gallery. If no longer found, you can copy the code from the author’s (MS Employee) GitHub repo and save it as [.ps1]

Start-OfficeMessageEncryption.ps1.

exo-enable-omev2-aip-img-1