Main
difference from a security perspective is, that OME is encrypting the transport
and not the attached content over its lifetime.
Details:
All feature like IRM, AIP and OEM are based on the
Azure RMS Service. The overall architecture looks like this:Comparison of OME, IRM, and new OME capabilities
Source and
further details: https://docs.microsoft.com/en-us/office365/securitycompliance/ome-faq
OME vs AIP
- If you want to protect documents attached to an E-Mail only on the transport layer or if you want to use the “Do not forward” feature OME is the way to do it.
- If you want to protect the document also after the E-Mail is received and the document is downloaded etc. then you need AIP.
Bothe features
are good to protect E-Mails and attachments for internal use and for sharing
them with externals. In OME you can send protected E-Mails to external receptions
with out configuring anything special. The recipients received an HTML message
that they downloaded and opened in a browser or downloaded mobile app:
To make the
functionally available with AIP you need to add the external domain to you AIP
label:
Protecting an E-Mail with AIP or OME in Outlook
OME:
AIP: