Microsoft are making some changes to Azure Information Protection (AIP) and Office Message Encryption (OME) configuration. Starting August 1st, 2018, they will roll out the protection features in AIP and OME to tenants with the eligible Office 365 licenses.
With this update your organization can start using Azure Information Protection (AIP) and Office 365 Message Encryption (OME) capabilities.
If you have already set your configuration to disable AIP/OME you will need to follow the steps below to confirm that configuration is set properly as Microsoft have recently made updates to the opt-out mechanism. If you do not confirm, and your organization is using Active Directory Rights Management Services (AD RMS) in your on-premises environment, your users won’t be able to use AD RMS or AIP/OME. If you are using AD RMS and do not opt-out, some computers might automatically start using the Azure Rights Management service and also connect to your AD RMS cluster. This scenario isn’t supported and has unreliable results, so it’s important that you opt-out of this change within the next 30 days, when Microsoft roll out these new features.
Please see the guidance below on how to opt-out of this change. If you are unsure if you are using AD RMS, please check this link for information on how to confirm your organization’s configuration.
If you are using AD RMS:
You must opt-out of this change if your organization is using AD RMS.
- Even if you have already opted-out, please confirm whether the opt-out was successful by running the following steps:
– Connect to Exchange Online PowerShell as a user with the global administrator role (see https://aka.ms/exopowershell) – Run the following code after authenticating. Get-IRMConfiguration – Check if the parameter AutomaticServiceUpdateEnabled is set to False
- To opt-out, follow these steps:
– Connect to Exchange Online PowerShell as a user with the global administrator role (see https://aka.ms/exopowershell) – Run the following code after authenticating. Set-IRMConfiguration -AutomaticServiceUpdateEnabled $false OME is only available in a tenant if AIP is enabled; however, you are not advised to enable AIP if you are already using AD RMS.
If you are not using AD RMS:
Disclosure: Some of the links on are "affiliate links", a link with a special tracking code. This means if you click on an affiliate link and purchase the item, we will receive an affiliate commission. The price of the item is the same whether it is an affiliate link or not. Regardless, we only recommend products or services we believe will add value to our readers. By using the affiliate links, you are helping support the VOUdeals website, and we genuinely appreciate your support.
Tags: Azure AD, Microsoft