Unable to Open Encrypted Email in Office 365

Microsoft 365 has a powerful security feature called Office 365 Message Encryption (OME) that enables organizations to securely send sensitive information by encrypting Outlook emails. Office 365 message encryption uses the capabilities of Azure Information Protection to send and receive encrypted email messages inside and outside your organization.

You should open an encrypted email using Outlook on Desktop or via browser (Office 365 Email) if the sender has allowed you to read the protected email.

There could be several reasons if a user is unable to open an encrypted Office 365 email.

How to View Encrypted Email from Office 365 (Microsoft 365)?

When an encrypted message reaches an external recipient, he needs to authenticate to read its contents. If the recipient is already signed-in with his Microsoft account and uses Outlook, he will be able to read the email without further action. The email will contain an icon that is encrypted.

ADVERTISEMENT

this message might have been moved or deleted encrypted email

We recommend you to use Outlook Web Access to view encrypted messages. Outlook Web App is the simplest and most effective tool that doesn’t depend on the security settings of your computer or desktop version of Outlook.

If you receive an encrypted message and open it in Outlook Web Access, OWE will decrypt it automatically. In this case, under the subject and recipient in the header of the letter, the following information will appear:

Encrypt: This message is encrypted. Recipient can’t remove encryptions.
Permission granted by: username

cannot open encrypted email in outlook

If encrypted emails are opened in the OWE web client, but not in the Outlook desktop version, try to disable all third-party Add-ins/Plugins in Outlook 2019, 2016, 2013.

  1. Select File > Options from the menu;
  2. In the Outlook Options window, go to the Add-ins tab;
  3. Disable all third-party add-ins (be sure to first disable the antivirus and firewall plugins); unable to open encrypted email office 365
  4. Restart Outlook and check if encrypted emails are displayed.

If the user uses another email platform (Gmail, iCloud, etc.), he will receive an email with an attachment (message.html):

You’ve received an encrypted message from xx@xx.com

To view your message

Save and open the attachment (message.html) and follow the instructions.

Sign in using the following email address: xxx@gmail.com

outlook encrypted email not opening

Follow the link to the Office 365 Message Encryption Portal (OME Portal) where you need to authenticate. The authentication method depends on the email client. You may be prompted for user credentials or a one-time code that will be sent to you with another message.

To view the message, sign in with a Microsoft account, your work or school account, or use a one-time passcode.

why can't i open encrypted emails in outlook

 

We Can’t Display Your Encrypted Message Right Now in Outlook

In some cases, when authenticating with a Microsoft account or one-time passcode, you may receive errors:

ADVERTISEMENT

An error has occurred.  We’re sorry. An unknown error has occurred. Please try again later.

Or:

Sorry, we can’t display your message right now. Something went wrong and your encrypted message couldn’t be opened. Please try again by following the instructions in the original email message in 5 minutes.

outlook cannot open encrypted email

In this case, try to sign out of all Microsoft Office programs on your device, sign out your Microsoft account in your browser, restart your computer, and try to authenticate again.

If the user’s mailbox is hosted in an Exchange Online tenant and they can’t view the encrypted message in Outlook Web App, check the default Outlook Web App policy in Microsoft 365.

When an Exchange Online user tries to read a message encrypted with Microsoft Purview Message Encryption (ex. Microsoft 365 compliance), Outlook will automatically decrypt the email, only if the content type matches the configured Outlook Web App policy. Check if the MIME types associated with the default Outlook Web App policy changed and if the text/html MIME type was removed.

Connect to your Exchange Online tenant using the Exchange Online PowerShell (EXOv2) module:

Connect-ExchangeOnline -UserPrincipalName admin@theitbros.com

Get the current OWA policy settings:

ADVERTISEMENT
$owapolicy = Get-OwaMailboxPolicy

List the current associations for MIME file types:

$owapolicy|select *MimeTypes*

unable to open encrypted email outlook

Reset text/html MIME types to default:

Set-OwaMailboxPolicy -AllowedMimeTypes @{remove = "text/html"} -BlockedMimeTypes @{remove = "text/html"} -ForceSaveMimeTypes @{add = "text/html"} -Identity $owapolicy.Identity

Note. Wait about 1 hour for the changes to take effect.

View Encrypted 365 Email on iOS and Android

If you want to use an iOS/Android mobile device to read emails, be sure to install and use Outlook for Mobile. The native iOS email app doesn’t support encrypted emails from Office 365.

When you receive an encrypted message in alternative application, you will see the following text (and the encrypted message file with the *.rpmsg extension — Rights-Managed Email Message will be attached to the email).

This message is protected with Microsoft Information Protection. You can open it using Microsoft Outlook, which is available for iOS, Android, Windows, and Mac OS. Get Outlook for your device.

Microsoft Information Protection allows you to ensure your emails can’t be copied or forwarded without your permissions.

you don't have permission to view this message office 365 encryption

If you cannot open an encrypted email using the desktop version of Outlook (2016/2019/365) or Outlook on the web, make sure you are connected to the Internet. The easiest way is to open your browser and browse any external site in it.

I enjoy technology and developing websites. Since 2012 I'm running a few of my own websites, and share useful content on gadgets, PC administration and website promotion.

2 comments

  1. Cyril,

    Great post! However, I’m receiving reports from several users on Outlook 2016 that are being forced to open encrypted messages in the browser instead of having the message appear normally in preview (but with the lock icon). I’ve been dealing with support requests from the issue for a few days and have tried to find a resolution through various troubleshooting. My only guess now is that something in the Group Policy has been configured to not allow encrypted messages to be displayed in Outlook. Any advice on where to look?

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.