Main difference from a security perspective is, that OME is encrypting the transport and not the attached content over its lifetime.
Details:All feature like IRM, AIP and OEM are based on the Azure RMS Service. The overall architecture looks like this:
Comparison of OME, IRM, and new OME capabilities
Source and further details: https://docs.microsoft.com/en-us/office365/securitycompliance/ome-faq
OME vs AIP
- If you want to protect documents attached to an E-Mail only on the transport layer or if you want to use the “Do not forward” feature OME is the way to do it.
- If you want to protect the document also after the E-Mail is received and the document is downloaded etc. then you need AIP.
Bothe features are good to protect E-Mails and attachments for internal use and for sharing them with externals. In OME you can send protected E-Mails to external receptions with out configuring anything special. The recipients received an HTML message that they downloaded and opened in a browser or downloaded mobile app:
To make the functionally available with AIP you need to add the external domain to you AIP label:
Protecting an E-Mail with AIP or OME in Outlook