An update is going to be rolled out (and disabled by default) for Office 365 Message Encryption.

With this update administrators will be able to allow/deny the opening of an attachment outside of an Office 365 service (like Gmail or Outlook) were not able to open attachments send using Office 365 Message Encryption.

As of today (and until your administrators enable it), attachments can not be opened when sent through Message Encryption.

IMPORTANT if downloading/opening attachments sent through Message Encryption is being allowed by your administrator, the attachment will not be protected. The principle of this update is the decryption/protection is being removed on the back end to allow recipient opening the attachments. Additional protection (like Azure Information Protection) is required if you want to keep encrypted/protected your attachment.

To enable (or disable) this feature (“Decrypt Attachment”) you need to run the following Exchange Online PowerShell (get if from https://aka.ms/exopowershell) command

Set-IRMConfiguration –DecryptAttachmentFromPortal $true (or $false)