M365 Changelog: (Updated) Planned Maintenance – Updates to mail encryption from external mail

MC556775 – Updated June 1, 2023: Microsoft has completed this maintenance and the mail will no longer be rejected/NDR. Thank you for your patience.

Microsoft has maintenance planned for Exchange:

When this will happen:

  • Starting: May 22, 2023
  • Ending: May 31, 2023

How this will affect you organization:

As part of this planned maintenance, the following feature areas may be affected: Microsoft Purview Message Encryption.  Any customers that use Exchange Mailflow rule or Data Loss Protection to encrypt mail may have incorrectly configured mail to try to apply encryption to external incoming mail.  This is not a valid configuration.  As a result, this change will explicitly reject the mail back to the original sender.   The sender will receive a mail with NDR txt: “Emails NDRed with 550 5.7.162 OmeEncryptionAgent; Permanent Failure 550-5.7.162 Exception encountered: RmException. 550-5.7.162 Exception message: ETR encryption only applies to outgoing mail”

This maintenance is planned outside of normal business hours, to help minimize any impact to your organization.

For organizations with users around the globe, Microsoft recognizes that “outside of normal business hours” might affect you differently. Microsoft apologizes for the impact this may have on your users. Microsoft is working hard to improve Exchange, to minimize these maintenance windows.

What you need to do to prepare:

During this planned maintenance window, the following workarounds can be used: This is an automatic update. There is no change required to existing data loss prevention policy or mail flow rule, but Microsoft does highly recommend administrators to update their policy or mail flow rule to ensure that they have added the condition to  that mail is coming from inside the online organization. For details, on setting this, refer to step 6 of Define mail flow rules to encrypt email messages for mail flow rule.

Additional information