Exchange Online has the problematic behaviour to rename e-mail addresses when somebody sends an E-mail to an alias. This prevents E-mail decryption in many ways, that is the SEPPmail domain encryption, and others. What happens is that the private decryption keys for the re-written alias addresses do not fit any more.

 

 

Beginning with 2022, Microsoft has announced a beta-feature for Exchange Online that does not rewrite domains any more. The feature is in public preview and can be activated with the following command:

 

Set-OrganizationConfig -SendFromAliasEnabled $TRUE

 

This setting prevents the alias rewrite and allows it for SEPPmail to use the correct keys for decryption.

 

 

See the original blog from Microsoft for more information.