Email revocation is offered as part of Office 365 Advanced Message Encryption. Office 365 Advanced Message Encryption is included in Microsoft 365 Enterprise E5, Office 365 E5, Microsoft 365 E5 (Nonprofit Staff Pricing), Office 365 Enterprise E5 (Nonprofit Staff Pricing), and Office 365 Education A5. If your organization has a subscription that does not include Office 365 Advanced Message Encryption, you can purchase it with the Microsoft 365 E5 Compliance SKU add-on for Microsoft 365 E3, Microsoft 365 E3 (Nonprofit Staff Pricing), or the Office 365 Advanced Compliance SKU add-on for Microsoft 365 E3, Microsoft 365 E3 (Nonprofit Staff Pricing), or Office 365 SKUs.
This article is part of a larger series of articles about Office 365 Message Encryption.
If a message was encrypted using Office 365 Advanced Message Encryption, and you are a Microsoft 365 admin, you can revoke the message under certain conditions. This article describes the circumstances under which revocation is possible and how to do it.
Encrypted emails that you can revoke
You can revoke encrypted emails if the recipient received a link-based, branded encrypted email. If the recipient received a native inline experience in a supported Outlook client, then you can't revoke those.
Whether a recipient receives a link-based experience or an inline experience depends on the recipient identity type: Office 365 and Microsoft account recipients (for example, outlook.com users) get an inline experience in supported Outlook clients. All other recipient types, such as Gmail recipients, get a link-based experience.
Recipient experience for revoked encrypted emails
Once an email has been revoked, the recipient receives an error when they access the encrypted email through the Office 365 Message Encryption portal: 'The message has been revoked by the sender'.
How to Recall sent email message in Outlook - Office 365. You can recall an email message sent to multiple recipients but you will be able to recall only if the recipients haven't read the message.
How to revoke an encrypted email
Microsoft 365 administrators follow these general steps to revoke an eligible encrypted email:
- Get the Message ID of the email.
- Verify that you can revoke the message.
- Revoke the mail.
Keep reading for in-depth instructions for each step in the revocation process.
Step 1. Obtain the Message ID of the email
Before you can revoke an encrypted mail, gather the Message ID of the mail. The MessageId is usually of the format:
<xxxxxxxxxxxxxxxxxxxxxxx@xxxxxx.xxxx.prod.outlook.com>
There are multiple ways to find the Message ID of the email that you want to revoke. This section describes a couple of options, but you can use any method that provides the ID.
To identify the Message ID of the email you want to revoke by using Message Trace in the Security & Compliance Center
Search for the email by sender or recipient using New Message Trace in Security & Compliance Center.
Once you've located the email, select it to bring up the Message trace details pane. Expand More Information to locate the Message ID.
To identify the Message ID of the email you want to revoke by using Office Message Encryption reports in the Security & Compliance Center
In the Security & Compliance Center, navigate to the Message encryption report. For information on this report, see View email security reports in the Security & Compliance Center.
Choose the View details table and identify the message that you want to revoke.
Double-click the message to view details that include the Message ID.
Step 2. Verify that the mail is revocable
To verify whether you can revoke a message, check whether the Revocation Status field is visible in the Encryption report, in the Details table in the Security & Compliance Center.
To verify whether you can revoke a particular email message by using Windows PowerShell, complete these steps.
Using a work or school account that has global administrator permissions in your organization, start a Windows PowerShell session and connect to Exchange Online. For instructions, see Connect to Exchange Online PowerShell.
Run the Get-OMEMessageStatus cmdlet as follows:
This command returns the subject of the message and whether the message is revocable. For example,
Step 3. Revoke the mail
Once you know the Message ID of the email you want to revoke, and you have verified that the message is revocable, you can revoke the email using the Security & Compliance Center or Windows PowerShell.
To revoke the message using the Security & Compliance Center
Using a work or school account that has global administrator permissions in your organization, connect to the Security & Compliance Center.
In the Encryption report, in the Details table for the message, choose Revoke message.
To revoke an email by using Windows PowerShell, use the Set-OMEMessageRevocation cmdlet.
Using a work or school account that has global administrator permissions in your organization, Connect to Exchange Online PowerShell.
Run the Set-OMEMessageRevocation cmdlet as follows:
Hawksford5576, Gustav Stickley0118596X, Michele Salas, Katarziyna Rogowizc0001 - Les Livres de Salomon (1555), Nicole Gueunier5541, Kelsey Phillips5547 - The Fine Art of Limiting Yourself to the Essential.in Business and in Life, Leo Babauta, Fred Stella6635, Maurice Hinson3313 - Combined Percussion, Jack Bullock, Anthony Maiello8875, International Business Machines Corporat8849, Urban Land Institute6622, Andrew P. Learnables spanish 2 learnables on computer 3 disc set for mac pro. SitemapSearch:5534 - Neurologie, Psychiatrie, Psychosomatik, Juliane Bremer, Klaus-Peter W. Rivera5514 - Lesson Book: Level 1b, Morton Manus, Willard Palmer, Amanda Lethco0078, Michael Dahl778X - A Jersey Romance (1883), C. Debicki0051, Jack Lamb64428750 - Making Sense of the Post-2008 World, Yanis Varoufakis, Joseph Halevi, Nicholas J. Schaps, Oliver Kessler.6601, John Jacob Anderson, Alexander Clarence Flick2285, Periplus Editors8897, Hannah Tofts, Rupert Horrox0063, Raquel Z.
To check whether the email was revoked, run the Get-OMEMessageStatus cmdlet as follows:
If revocation was successful, the cmdlet returns the following result: