No RMS templates are available in your organization

No RMS templates are available in your organization

Problem:

When configuring a transport rule for ‘Apply Office 365 Message Encryption and rights protection to the message with…” you receive the following error when attempting to select a label:

“No RMS templates are available in your organization”

No RMS Templates

Solution:

You need to configure Exchange Online for RMS. See below for powershell commands:

#Configure Credentials
$cred = Get-Credential

# Configure Exchange Online PS Session
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $Cred -Authentication Basic –AllowRedirection

# Import Exchange Online PS Session
Import-PSSession $Session

# Configure the RMS Online Key Sharing Location (Note that this url changes based on location – See the bottom of this article for locations)
Set-IRMConfiguration –RMSOnlineKeySharingLocation “https://sp-rms.eu.aadrm.com/TenantManagement/ServicePartner.svc”

# Import the RMS Trusted Publishing Domain
Import-RMSTrustedPublishingDomain -RMSOnline -name “RMS Online”

# Test the IRM Configuration to ensure that Exchange is configured correctly
Test-IRMConfiguration -RMSOnline

The output of this command should look something like this, with the overall result as PASS.
Results : Checking organization context …

– PASS: Organization context checked; running as tenant administrator.
Loading IRM configuration …
– PASS: IRM configuration loaded successfully.
Checking RMS Online tenant prerequisites …
– PASS: RMS Online tenant prerequisites passed.
Checking RMS Online authentication certificate …
– PASS: The RMS Online authentication certificate is valid.
Checking that a Trusted Publishing Domain can be obtained from RMS Online …
– PASS: Trusted Publishing Domain successfully obtained from RMS Online. Templates available:
Confidential \ All Employees, Highly Confidential \ All Employees, Secure Email.
Checking that the Trusted Publishing Domain obtained from RMS Online is valid …
– PASS: Trusted Publishing Domain obtained from RMS Online is valid.

OVERALL RESULT: PASS

# Set the IRM Internal Licencing to True
Set-IRMConfiguration -InternalLicensingEnabled $true

Give Exchange Online 20 minutes to see the update and you should then be able to see the Templates.

Global policy issue:

Currently there is a bug with Exchange Online not being able to see labels that are NOT included in the ‘Global’ Azure Information Protection Policy. This is being investigated by Microsoft at the time of writing this article.

 

RMS Key Sharing Location URLs:

North America
https://sp-rms.na.aadrm.com/TenantManagement/ServicePartner.svc

European Union
https://sp-rms.eu.aadrm.com/TenantManagement/ServicePartner.svc

Asia
https://sp-rms.ap.aadrm.com/TenantManagement/ServicePartner.svc

South America
https://sp-rms.sa.aadrm.com/TenantManagement/ServicePartner.svc

Office 365 for Government (Government Community Cloud)
https://sp-rms.govus.aadrm.com/TenantManagement/ServicePartner.svc

17 Replies to “No RMS templates are available in your organization”

  1. Great article. David.

    When I run the command “Test-IRMConfiguration -RMSOnline” for one of my organizations, part of the output reads (I have included xxxxxxxx here to hide the organization name):-

    PASS: Trusted Publishing Domain successfully obtained from RMS Online. Templates available: xxxxxxxxxxxx – Confidential View Only, xxxxxxxxxxxx – Confidential.
    Checking that the Trusted Publishing Domain obtained from RMS Online is valid …

    Your output David has “……Confidential \ All Employees, Highly Confidential \ All Employees, Secure Email…….” where as mine has “Confidential View Only”

    Does this mean I cannot setup encryption or need higher licensing plan in place ?

    1. Hello, thank you for the comment.

      You should have an Azure Information Plan licence for this to work. That output is just the templates that I’ve created from Azure.

  2. Hi David, When I try to test it, it gives me the following error:

    Results : Acquiring RMS Templates …
    – FAIL: Failed to acquire RMS templates. This failure may cause features such as Transport Protection Rul
    es, IRM in OWA, and IRM in EAS to not work.

    OVERALL RESULT: FAIL

    1. Hi Michel,

      Have you enabled the Azure Information Protection yet?
      Office365 Admin Center> Settings> Services & Add-ins> Microsoft Azure Information Protection> Manage Microsoft Azure Information Protection Settings

      One in there, make sure it’s activated. Then give it 30 mins and re-test.

      David

        1. I can only really suggest that you leave it with Microsoft Support. It sounds like there is an issue behind the scenes somewhere. It might be worth re-testing as well – Changes on Office365 aren’t always immediate.

          If Microsoft do manage to resolve it, it would be interesting to know how though as it may help others with the same issue.

          1. Well, the reaction I got from Microsoft Support, they can’t seem to help me any further:

            We got a response from our escalation, and unfortunately, the news is not good:

            Direct quotes:

            “This is a known gap and will be fixed soon. Scoped templates will be available in Exchange mail flow rules. …
            No definitive eta yet. Aiming for early August to be released in production.”

            I apologize for the projected delay. At this time, I can do nothing else.

  3. So, I’ve contacted Microsoft again and they came up with a solution. It seems that when you have an older tenant you have to jump start some stuff. The steps in your post are still necessary to make this work.

    #install aadrm module

    install-module aadrm
    Connect-AadrmService

    # Activate the service
    Enable-Aadrm

    # Get the configuration information needed for message protection.
    $rmsConfig = Get-AadrmConfiguration
    $licenseUri = $rmsConfig.LicensingIntranetDistributionPointUrl

    # Collect IRM configuration for Office 365.
    $irmConfig = Get-IRMConfiguration
    $list = $irmConfig.LicensingLocation
    if (!$list) { $list = @() }
    if (!$list.Contains($licenseUri)) { $list += $licenseUri }

    # Enable message protection for Office 365.
    Set-IRMConfiguration -LicensingLocation $list
    Set-IRMConfiguration -AzureRMSLicensingEnabled $True -InternalLicensingEnabled $true

    # Enable new Protect button in Outlook on the Web
    Set-IRMConfiguration -SimplifiedClientAccessEnabled $true

    # Afterwards, to test that the IRM configuration is good, run the Test-IRMConfiguration cmdlet for a user in your tenant

    1. That’s excellent news. Thank you for updating me as well.

      Hopefully it will help someone else with the same issue.

      Kind Regards,

      David

  4. Great article. Thanks for posting. I run into an issue right at [$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $Cred -Authentication Basic –AllowRedirection].

    It tells me this [WARNING: Your connection has been redirected to the following URI: “https://ps.outlook.com/PowerShell-LiveID?PSVersion=5.1.17134.228 “]

    Any ideas?
    Thanks,
    N.Z.

    1. Hi N.Z.

      This shouldn’t cause an error with the actual command. It’s just letting you know that you’re being redirected from the initial URI which was specified. The -AlloWRedirection switch grants authorisation to do this.

      Is it stopping you from continuing?

      David

      1. Hi David,
        Thank you for your response. I was able to get over that hump, but ran into other issues.

        First when I got to running Test-IRMConfiguration -RMSOnline, The only thing that failed was “Failed to obtain a Trusted Publishing Domain from RMS Online”, but it would say RMS configuration, authentication and prereqs are successful. However, after running the commands in Michel ten Hove ‘s post above, now I get just one line – FAIL: Failed to acquire RMS templates.

        BEFORE
        ===============
        Checking organization context …
        – PASS: Organization context checked; running as tenant administrator.
        Loading IRM configuration …
        – PASS: IRM configuration loaded successfully.
        Checking RMS Online tenant prerequisites …
        – PASS: RMS Online tenant prerequisites passed.
        Checking RMS Online authentication certificate …
        – PASS: The RMS Online authentication certificate is valid.
        Checking that a Trusted Publishing Domain can be obtained from RMS Online …
        – FAIL: Failed to obtain a Trusted Publishing Domain from RMS Online.
        —————————————-
        Microsoft.Exchange.Security.RightsManagement.RightsManagementException: InvalidIssuanceLicenseTemplate
        at Microsoft.Exchange.Security.RightsManagement.Errors.ThrowOnErrorCode(Int32 hr, LocalizedString contextMessage)
        at Microsoft.Exchange.Security.RightsManagement.Errors.ThrowOnErrorCode(Int32 hr)
        at Microsoft.Exchange.Security.RightsManagement.RmsTemplate.GetTemplateNamesAndDescriptions(String template)
        at Microsoft.Exchange.Security.RightsManagement.RmsTemplate.ServerRmsTemplate.GetNameAndDescription(CultureInfo locale, String& templateName, String&
        templateDescription)
        at Microsoft.Exchange.Security.RightsManagement.RmsTemplate.get_Name()
        at Microsoft.Exchange.Management.RightsManagement.RmsUtil.TemplateNamesFromTemplateArray(String[] templateXrMLArray)
        at Microsoft.Exchange.Management.RightsManagement.RMSOnlineValidator.ValidateTPDCanBeObtainedFromRMSOnline(RmsOnlineTpdImporter tpdImporter,
        TrustedDocDomain& tpd)
        —————————————-

        OVERALL RESULT: FAIL

        ===================

        AFTER
        ====================
        Test-IRMConfiguration -Sender [email protected]

        Results : Acquiring RMS Templates …
        – FAIL: Failed to acquire RMS templates. This failure may cause features such as Transport Protection Rules, IRM in OWA, and IRM in EAS to not work.

        OVERALL RESULT: FAIL
        ======================

        Looks like I made my situation worse. Any advice?

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: