Applies to: Exchange Server 2010 SP3, Exchange Server 2010 SP2
Topic Last Modified: 2012-07-23
If you use Information Rights Management (IRM) in your on-premises Exchange organization and you want your Exchange Online users to also use IRM, you need to do the following:
- Configure your on-premises Active Directory Rights Management
Services (AD RMS) server.
- Enable IRM in your Exchange Online organization.
- Distribute the imported AD RMS templates to users in the
Exchange Online organization.
Learn more at: Understanding IRM in an Exchange 2007 Hybrid Deployment
How do I configure on-premises AD RMS servers?
To configure IRM in a hybrid deployment, you need to use Windows PowerShell to access your on-premises AD RMS server. Learn more at: Using Windows PowerShell to Administer AD RMS
Do the following to export trusted publishing domain (TPD) data from your on-premises AD RMS server and then configure access to the AD RMS server for external clients.
How do I enable IRM in the Exchange Online organization?
After you export the TPD data from your on-premises AD RMS servers, you need to import that data into the Exchange Online organization and then enable IRM.
- In the Exchange Online organization, import the TPD data.
Import-RMSTrustedPublishingDomain -FileData $( [Byte] (Get-Content -Encoding Byte -Path "<Path to exported TPD file>" -ReadCount 0))
- Enable IRM in the Exchange Online organization.
Set-IRMConfiguration -InternalLicensingEnabled $True
How do I distribute AD RMS templates in the Exchange Online organization?
After you've enabled IRM in the Exchange Online organization, you must distribute the imported AD RMS templates. The following Exchange Online users and features use AD RMS templates:
- Outlook Web App users
- Exchange ActiveSync users
- Transport rules
- Journal report decryption
- Outlook protection rules
- In the Exchange Online organization, retrieve a list of
AD RMS templates.
Get-RMSTemplate -Type All
- Distribute the AD RMS templates to users and features in
the Exchange Online organization.
Set-RMSTemplate <template name> -Type Distributed
Note: You can't modify the "Do Not Forward" AD RMS template.
- Repeat step 2 for each AD RMS template you want to
How do I know this worked?
Outlook Web App users should be able to apply AD RMS templates to new messages. Outlook Web App and Exchange ActiveSync users should be able to read messages that have AD RMS templates applied to them. In addition, all the AD RMS templates that were imported from your on-premises organization should be listed when you run the Get-RMSTemplate cmdlet.
Run the following command in the Exchange Online organization.
Having problems? Ask for help in the Office 365 forums. To access the forums, you'll need to sign in using an account that's granted administrator access to your cloud-based service. Visit the forums at: Office 365 Forums