Applies to: Exchange Server 2013
Topic Last Modified: 2012-12-04
Enabling Information Rights Management (IRM) on Client Access servers enables the following features:
- Microsoft Office Outlook Web App
- IRM in Microsoft Exchange ActiveSync
When IRM is enabled on Client Access servers, Outlook Web App users can IRM-protect messages by applying an Active Directory Rights Management Services (AD RMS) template created on your AD RMS cluster. Outlook Web App users can also view IRM-protected messages and supported attachments. Before you enable IRM on Client Access servers, you must add the Federation mailbox to the super users group on the AD RMS cluster.
Important: |
---|
Members of the super users group are granted an owner use license when they request a license from the AD RMS cluster. This allows them to decrypt all RMS-protected content by that cluster. |
For additional management tasks related to IRM, see Information Rights Management Procedures.
What do you need to know before you begin?
- Estimated time to completion: 1 minute.
- You need to be assigned permissions before you can perform this
procedure or procedures. To see what permissions you need, see the
"Information Rights Management (IRM) configuration" entry in the
Messaging Policy
and Compliance Permissions topic.
- An AD RMS cluster must be installed in the Active
Directory forest.
- The Federation mailbox has been added to the AD RMS super
users group. For detailed instructions, see Add the Federation
Mailbox to the AD RMS Super Users Group.
- IRM features must be enabled for the organization. For detailed
instructions, see Enable or Disable IRM
for Internal Messages.
- You can use the Set-IRMConfiguration cmdlet to enable or
disable IRM in Outlook Web App and IRM in Exchange ActiveSync for
the entire Exchange organization or at specific levels.
You can control IRM in Outlook Web App at the following levels:
- Per-Outlook Web App virtual
directory To enable or disable IRM in Outlook
Web App for an Outlook Web App virtual directory, use the
Set-OWAVirtualDirectory cmdlet and set the IRMEnabled
parameter to
$false
or$true
(default). This allows you to disable IRM in Outlook Web App for one virtual directory on an Exchange 2013 Client Access server, while keeping it enabled on another virtual directory on a different Client Access server.
- Per-Outlook Web App mailbox policy To
enable or disable IRM in Outlook Web App for an Outlook Web App
mailbox policy, use the Set-OWAMailboxPolicy cmdlet and set
the IRMEnabled parameter to
$false
or$true
(default). This allows you to enable IRM in Outlook Web App for one set of users and disable it for another set of users by assigning them a different Outlook Web App mailbox policy.
$false
or$true
(default). This allows you to enable IRM in Exchange ActiveSync for one set of users and disable it for another set of users by assigning them a different Exchange ActiveSync mailbox policy.
- Per-Outlook Web App virtual
directory To enable or disable IRM in Outlook
Web App for an Outlook Web App virtual directory, use the
Set-OWAVirtualDirectory cmdlet and set the IRMEnabled
parameter to
- You can't use the Exchange Administration Center (EAC) to
enable or disable IRM on Client Access servers. You must use the
Shell.
What do you want to do?
Use the Shell to enable IRM on Client Access servers
This example enables IRM on a Client Access server for an Exchange organization.
Copy Code | |
---|---|
Set-IRMConfiguration -ClientAccessServerEnabled $true |
For detailed syntax and parameter information, see Set-IRMConfiguration.
Use the Shell to disable IRM on Client Access servers
This example disables IRM on a Client Access server for an Exchange organization.
Copy Code | |
---|---|
Set-IRMConfiguration -ClientAccessServerEnabled $false |
For detailed syntax and parameter information, see Set-IRMConfiguration.
How do you know this worked?
To verify that you have successfully enabled or disabled IRM on Client Access servers, do the following:
- Run the Get-IRMConfiguration cmdlet and check the value
of the ClientAccessServerEnabled property.
For an example of how to retrieve the IRM configuration, see Examples in Get-IRMConfiguration.
- Use Outlook Web App to create or read an IRM-protected
message.