Applies to: Exchange Server 2010 SP3, Exchange Server 2010 SP2

Topic Last Modified: 2010-08-10

Information workers increasingly use e-mail to exchange sensitive information. To help secure this information, organizations can use Information Rights Management (IRM) to apply persistent protection to messaging content. Prior to Microsoft Exchange Server 2010, effective use of IRM protection was limited to Outlook clients. In Exchange Server 2007, Microsoft Outlook Web Access users were required to download the Rights Management add-in for Microsoft Internet Explorer so they could access IRM-protected content.

In Exchange 2010, IRM in Outlook Web App allows your users to access the rich IRM functionality offered by Exchange to apply persistent IRM-protection to messaging content.

The following IRM functionality is available in Outlook Web App:

Looking for management tasks related to managing IRM? See Managing Information Rights Management.

Enabling IRM in Outlook Web App

To enable IRM in Outlook Web App, you must add the Federation mailbox, a system mailbox created by Exchange 2010 Setup, to the super users group in AD RMS. For details, see Add the Federation Mailbox to the AD RMS Super Users Group. This allows Exchange 2010 servers to access IRM-protected messages.

You must also enable IRM in Outlook Web App by using the Set-IRMConfiguration cmdlet in the Exchange Management Shell. This enables IRM in Outlook Web App for your Exchange 2010 organization. You can disable or enable IRM in Outlook Web App for an Outlook Web App virtual directory. You can also control IRM in Outlook Web App at the following levels of granularity:

  • Per-Outlook Web App virtual directory   To enable or disable IRM in Outlook Web App for an Outlook Web App virtual directory, use the Set-OWAVirtualDirectory cmdlet and set the IRMEnabled parameter to $false or $true (default). This allows you to disable IRM in Outlook Web App for one virtual directory on an Exchange 2010 Client Access server, while keeping it enabled on another virtual directory on a different Client Access server.

  • Per-Outlook Web App mailbox policy   To enable or disable IRM in Outlook Web App for an Outlook Web App mailbox policy, use the Set-OWAMailboxPolicy cmdlet and set the IRMEnabled parameter to $false or $true (default). This allows you to enable IRM in Outlook Web App for one set of users and disable it for another set of users by assigning them a different Outlook Web App mailbox policy.

For more information, see Enable or Disable Information Rights Management on Client Access Servers.