ODM O365 to O365 migration and Azure Information Protection Encrypted emails

I have a support ticket in about this, and I'm wondering if anybody has had any real world experience with ODM and Azure Information Protection Encrypted emails in O365 to O365 tenant migration? 

Support are being non-committal, saying to test first. Which is difficult because it can't only be tested after Domain cut-over. I have the required M365 licencing for both sides for AIP encryption. I'm just unsure if the Migrated user will definitely be able to access the Encrypted emails they had access to once migrated to the new mailbox.

If there is any documentation I've missed, I'd be grateful for a link also.

Parents Reply Children
  • There is not a lot of people with that service enabled AND doing a migration. That would be why Support said testing is the easiest way to validate. Just simply migrate a mailbox with encrypted messages, Logon and try and open the message. 

    The issue is access to the encryption keys, the target users will not have access to the encryption keys. So while the message can be migrated, it cant be decrypted without the encryption key. That I assume is tied to the user and not the UPN, or Domain you are cutting over. 

  • That's the thing, Support are suggesting that once the original email address is attached as an Alias to the destination mailbox, the encrypted messages should be readable after migration. To test that I've to cutover the domains. Simply migrating the mailbox isn't enough.