PPE M365 Integrated Deployment - Unable to open Microsoft Purview Encrypted Emails

Created by Jericho Lao, Modified on Fri, 10 Jul at 3:23 PM by Jericho Lao

PROBLEM:

PPE URL DEFENSE BLOCKING MS Purview Encrypted Emails and Integrated Deployment Breaking Purview Encrypted Email 



SOLUTION:

You want these OME emails to be filtered by Essentials but without having URL breaking the Encryption:


Add these domains to the URL Defense Exceptions, in the two fields (Exclude URLs that contain specified domains/IP addresses & Exclude re-writing emails that are sent by specified senders)>


messaging.microsoft.com

office.com

outlook.com

login.microsoftonline.com

odc.officeapps.live.com

protection.outlook.com

office365.com

outlook.office365.com

go.microsoft.com



This will completely prevent the URL Defense re-writing for all the emails received by these domains, ultimately preserving the Purview Encryption URLs intact.



Exception: FOR INTEGRATED CUSTOMERS

You can choose to keep those emails inside M365 if you are using Integrated Deployment. This will prevent those emails to go to Proofpoint for filtering completely. Is less safe than the previous process, but still a valid workaround for you to consider.

-- Add an exception to the PPE Inbound Redirect rule in Exchange Admin Center

Except if -- The message type is 'Permission Controlled'