Applies to: Exchange Server 2013
Topic Last Modified: 2012-12-04
Enabling journal report decryption allows the Journaling agent to attach a decrypted copy of a rights-protected message to the journal report. Before you enable journal report decryption, you must add the Federated Delivery mailbox to the super users group configured on your Active Directory Rights Management Services (AD RMS) server.
For additional management tasks related to Information Rights Management (IRM), see Information Rights Management Procedures.
What do you need to know before you begin?
- Estimated time to complete: 1 minute
- You need to be assigned permissions before you can perform this
procedure or procedures. To see what permissions you need, see the
"Rights protection" entry in the Messaging Policy and
Compliance Permissions topic.
- Members of the super users group are granted an owner use
license when they request a license from the AD RMS cluster.
This allows them to decrypt all RMS-protected content created by
that AD RMS cluster.
- An AD RMS cluster must be installed in the Active
Directory forest.
- The Federated Delivery mailbox has been added to an AD RMS
super users group. For details, see Add the Federation
Mailbox to the AD RMS Super Users Group.
- You can't use the Exchange Administration Center (EAC) to
enable journal report decryption. You must use the Shell.
- For information about keyboard shortcuts that may apply to the
procedures in this topic, see Keyboard Shortcuts in
the Exchange Admin Center.
Tip: |
---|
Having problems? Ask for help in the Exchange forums. Visit the forums at: Exchange Server, Exchange Online, or Exchange Online Protection |
What do you want to do?
Use the Shell to enable journal report decryption
This example enables journal report decryption for the Exchange organization.
Copy Code | |
---|---|
Set-IRMConfiguration -JournalReportDecryptionEnabled $true |
For detailed syntax and parameter information, see Set-IRMConfiguration.
Use the Shell to disable journal report decryption
This example disables journal report decryption for the Exchange organization.
Copy Code | |
---|---|
Set-IRMConfiguration -JournalReportDecryptionEnabled $false |
For detailed syntax and parameter information, see Set-IRMConfiguration.
How do you know this worked?
To verify that you have enabled or disabled journal report decryption, run the Get-IRMConfiguration cmdlet and check the value of the JournalDecryptionEnabled property.
For an example of how to check the IRM configuration, see Examples in Get-IRMConfiguration.