Microsoft Information Protection Broken in Gmail

Just a short note to help you fix this error:

You get this when you send an encrypted or “Do Not Forward” Purview Message Encryption message external to Gmail. The Gmail user cannot open it and all the message says is the above. The message also includes a message_v2.rpmsg attachment, which cannot be opened either as it requires an app that says you need a “work or school account” and does not allow you to use your Gmail account.

The message looks like this in Gmail:

But it should look like this:

We have moved to message_v4.rpmsg as the attachment name but you open the email by clicking the blue button “Read the message” and either logging in with your Google account or getting a code sent to your mailbox and entering that code.

The above problem is caused by the TransportDecryptionSetting on the IRM Configuration setting being set to Disabled. Change this to Optional and within a few minutes your Gmail encrypted emails that you send from this point forward (not any emails already sent) will work.

To change the TransportDecryptionSetting you need to install the Exchange Online Management PowerShell module and then run the Set-IRMConfiguration cmdlet.

# Install Exchange Online Management PowerShell module
Install-Module ExchangeOnlineManagement -Scope CurrentUser

Then once install, connect as an Exchange Administrator role holder and correct the IRMConfiguration settings

Connect-ExchangeOnline

# Check that the IRMConfiguration - look for Disabled for TransportDecryptionSetting
Get-IRMConfiguration | Format-List

# Then fix the setting
Set-IRMConfiguration -TransportDecryptionSetting Optional

# Finally test Purview Message Encryption - everything should say PASS
Test-IRMConfiguration -Sender user-in-your@tenant.com -Recipient user-in-your@tenant.com