Let’s discuss how to Fix OMEv2 Encrypted Email Access Issues in Classic Outlook for Windows across Tenants. OMEv2 (Office Message Encryption version 2) encrypted email is a type of secure email that provided by Microsoft 365.
It protects the contents of a message so that only the intended recipients can read it. It ensures that sensitive information like financial data, personal details, or confidential company information is encrypted end-to-end.
In classic Outlook for Windows, some users cannot open OMEv2-encrypted emails sent from a different Microsoft 365 tenant. When they try to open Outlook, it displays the message: “Configuring your computer for Information Rights Management…” and fails to open the email.
This issue will affect organisations because employees may be unable to access critical encrypted emails sent from other tenants. This can delay important workflows, disrupt operations in departments that rely on secure communications, and cause confusion among users who repeatedly encounter the error. As a result, productivity may be reduced, and decision-making processes can be slowed.
Table of Contents
How to Fix OMEv2 Encrypted Email Access Issues in Classic Outlook for Windows across Tenants
The problem affects IT admins because they cannot fix it directly on employees’ computers. The issue happens on Microsoft’s Exchange Online servers not on the user’s PC. The helpdesk teams may face an increased volume of support tickets from affected users. Admins also need to guide users on workarounds until Microsoft provides a permanent resolution.
- Quick Fix to your Windows OS Issues with Detection and Remediation Scripts with Intune
- Quick and Easy way to Turn on PowerShell Audit using Intune Policy
- How to Install Microsoft Defender Browser Protection Extension using Intune PowerShell Script
Workarounds for OMEv2 Encrypted Email Access Issues
There are two ways to work around the problem of OMEv2 encrypted emails not opening in classic Outlook. The first option is to exclude external users from Conditional Access requirements, though this can affect your organisation’s security policies.
The second option is to enable cross-tenant access to trust multifactor authentication (MFA) claims from other organizations. This allows encrypted emails you send to external tenants to be opened successfully, ensuring smoother communication across organizations.
| Workarounds for OMEv2 Encrypted Email Access Issues |
|---|
| Exclude external users from Conditional Access requirements. |
| Enable cross-tenant access to trust MFA claims from other organizations. |
How to Enable Cross-Tenant Access to Fix OMEv2 Email Issues
You can easily enable Cross-Tenant Access to Fix OMEv2 Email Issues. Enabling cross-tenant access is the simplest way to ensure that encrypted emails you send to external tenants can be opened successfully.
- Steps to Enable Cross-Tenant Access:
- Sign in to the Microsoft Entra admin center with your admin account.
- In the left-hand menu, go to “External Identities.”
- Under External Identities, select “Cross-tenant access settings.”
- You will see the Inbound access section, where you can configure default settings or add specific organization settings.
- Inbound access → Default settings → Trust settings.
- Select the option “Trust multifactor authentication from Microsoft Entra tenants.”
- Save the settings to apply the change.
Understanding What the Cross-Tenant Access Workaround Does and Does Not Do
Enabling cross-tenant access to trust MFA claims helps solve part of the OMEv2 encrypted email issue, but it has limitations. The table below helps you to show more details.
| Action | Effect of Workaround | Notes |
|---|---|---|
| Sending | Encrypted emails you send can be opened by external tenants | Immediate benefit; recipients don’t need additional steps |
| Receiving | Encrypted emails sent to you from external tenant | No effect unless the sending organization also enables the workaround |
Need Further Assistance or Have Technical Questions?
Join the LinkedIn Page and Telegram group to get the latest step-by-step guides and news updates. Join our Meetup Page to participate in User group meetings. Also, join the WhatsApp Community to get the latest news on Microsoft Technologies. We are there on Reddit as well.
Author
Anoop C Nair has been Microsoft MVP for 10 consecutive years from 2015 onwards. He is a Workplace Solution Architect with more than 22+ years of experience in Workplace technologies. He is a Blogger, Speaker, and Local User Group Community leader. His primary focus is on Device Management technologies like SCCM and Intune. He writes about technologies like Intune, SCCM, Windows, Cloud PC, Windows, Entra, Microsoft Security, Career, etc.