Your company has an Exchange Server 2016 organization and a Microsoft Office 365 subscription configured
in a hybrid deployment.
You configure the synchronization of on-premises Active Directory accounts to Office 365.
All users connect to email services by using Outlook 2016.
You plan to deploy Office 365 Message Encryption for the mailboxes of two executives named Exec1 and
Exec2. The mailboxes are hosted in Office 365.
You need to recommend which actions must be performed to ensure that all of the email messages sent from
Exec1 and Exec2 to any recipient on the Internet are encrypted.
Which two actions should you recommend? Each correct answer presents part of the solution.
Deploy Microsoft Azure Rights Management (Azure RMS) to the Office 365 subscription.
Deploy Active Directory Rights Management Services (AD RMS) to the network.
Run the Set-MsolUserLicense cmdlet.
From the Office 365 Exchange admin center, create a rule.
Install a certificate on the computer of Exec1 and the computer of Exec2.
From the on-premises Exchange admin center, create a transport rule.
A: Office 365 Message Encryption requires the Azure Rights Management service. Once you have asubscription to this service, you can activate it.
Note: Encryption options for Office 365:
Azure RMS, including both IRM capabilities and OME
Encryption of data at rest (through BitLocker)
F: As an administrator, you can create transport rules to enable Microsoft Office 365 Message Encryption. This
lets you encrypt any outgoing email messages and remove encryption from encrypted messages coming from
inside your organization or from replies to encrypted messages sent from your organization.
To use the transport rule to encrypt messages, your organization must have Windows Azure Rights
Management set up for Office 365 Message Encryption.