Export (0) Print
Expand All

Set-IRMConfiguration

Topic Last Modified: 2011-03-19

Use the Set-IRMConfiguration cmdlet to configure Information Rights Management (IRM) features.

Dd979792.important(en-us,EXCHG.140).gifImportant:
Configuring and using IRM features requires an Active Directory Rights Management Services (AD RMS) server or the ILS service.


Set-IRMConfiguration [-Identity <OrganizationIdParameter>] [-Confirm [<SwitchParameter>]] [-DomainController <Fqdn>] [-ExternalLicensingEnabled <$true | $false>] [-InternalLicensingEnabled <$true | $false>] [-JournalReportDecryptionEnabled <$true | $false>] [-LicensingLocation <MultiValuedProperty>] [-OWAEnabled <$true | $false>] [-PublishingLocation <Uri>] [-SearchEnabled <$true | $false>] [-ServiceLocation <Uri>] [-TransportDecryptionSetting <Disabled | Optional | Mandatory>] [-UseSharedRMS <$true | $false>] [-WhatIf [<SwitchParameter>]]

Parameter Required Type Description

Confirm

Optional

System.Management.Automation.SwitchParameter

The Confirm switch causes the command to pause processing and requires you to acknowledge what the command will do before processing continues. You don't have to specify a value with the Confirm switch.

DomainController

Optional

Microsoft.Exchange.Data.Fqdn

The DomainController parameter specifies the fully qualified domain name (FQDN) of the domain controller that writes this configuration change to Active Directory.

ExternalLicensingEnabled

Optional

System.Boolean

The ExternalLicensingEnabled parameter specifies whether to enable IRM features for messages sent to external recipients. In on-premises deployments, licensing is disabled for external messages by default. To enable licensing, set the value to $true.

Identity

Optional

Microsoft.Exchange.Configuration.Tasks.OrganizationIdParameter

The Identity parameter is reserved for internal Microsoft use.

InternalLicensingEnabled

Optional

System.Boolean

The InternalLicensingEnabled parameter specifies whether to enable IRM features for messages sent to internal recipients. In on-premises deployments, licensing is disabled for internal messages by default. To enable licensing, set the value to $true.

JournalReportDecryptionEnabled

Optional

System.Boolean

The JournalReportDecryptionEnabled parameter specifies whether to enable Journal Report Decryption. When enabled, Journal Report Decryption attaches a decrypted copy of an IRM-protected message to the journal report. Journal Report Decryption is enabled by default. To disable Journal Report Decryption, set the value to $false.

Dd979792.important(en-us,EXCHG.140).gifImportant:
Enabling Journal Report Decryption requires additional configuration on AD RMS servers. For more information, see Understanding Journal Report Decryption.

LicensingLocation

Optional

Microsoft.Exchange.Data.MultiValuedProperty

The LicensingLocation parameter specifies one or more additional AD RMS licensing URLs in on-premises deployments. It isn't required to populate this parameter if the organization doesn't have cross-forest deployment of licensing servers.

OWAEnabled

Optional

System.Boolean

The OWAEnabled parameter specifies whether to enable IRM in Microsoft Office Outlook Web App. IRM in Outlook Web App is enabled by default. To disable IRM, set the parameter to $false.

Dd979792.important(en-us,EXCHG.140).gifImportant:
Enabling IRM in Outlook Web App requires additional configuration on AD RMS servers. For more information, see Understanding Information Rights Management in Outlook Web App.

PublishingLocation

Optional

System.Uri

This parameter is available only in the Outlook Live service.

The PublishingLocation parameter specifies one or more AD RMS publishing URLs.

SearchEnabled

Optional

System.Boolean

The SearchEnabled parameter specifies whether to enable searching IRM-encrypted messages in Outlook Web App. Valid values include:

  • $true (default)   Enables search of IRM-encrypted messages in Outlook Web App.
  • $false   Disables search of IRM-encrypted messages in Outlook Web App.

ServiceLocation

Optional

System.Uri

This parameter is available only in the Outlook Live service.

The ServiceLocation parameter specifies the AD RMS service URL.

TransportDecryptionSetting

Optional

Microsoft.Exchange.Data.Directory.SystemConfiguration.TransportDecryptionSetting

The TransportDecryptionSetting parameter specifies the Transport Decryption configuration. Valid values include one of the following:

  • Disabled   Transport Decryption is disabled for internal and external messages.
  • Mandatory   Messages that can't be decrypted are rejected, and a non-delivery report (NDR) is returned.
  • Optional   This parameter value provides a best effort approach to decryption. Messages are decrypted if possible, but delivered even if decryption fails.

UseSharedRMS

Optional

System.Boolean

This parameter is available only in the Outlook Live service.

The UseSharedRMS parameter enables the use of the ILS service.

Valid values include:

  • $false   The ILS service is disabled, and AD RMS is used if configured.
  • $true   The ILS service is used.

WhatIf

Optional

System.Management.Automation.SwitchParameter

The WhatIf switch instructs the command to simulate the actions that it would take on the object. By using the WhatIf switch, you can view what changes would occur without having to apply any of those changes. You don't have to specify a value with the WhatIf switch.

IRM requires the use of an on-premises AD RMS server or the ILS service. IRM features can be selectively enabled or disabled.

You need to be assigned permissions before you can run this cmdlet. Although all parameters for this cmdlet are listed in this topic, you may not have access to some parameters if they're not included in the permissions assigned to you. To see what permissions you need, see the "Rights protection" entry in the Messaging Policy and Compliance Permissions topic.

Error Description

 

This example enables Journal Report Decryption.

Set-IRMConfiguration -JournalReportDecryptionEnabled $true

This example enables Transport Decryption and enforces decryption. When decryption is enforced, messages that can't be decrypted are rejected, and an NDR is returned.

Set-IRMConfiguration -TransportDecryptionSetting Mandatory

This example enables licensing for external messages.

Set-IRMConfiguration -ExternalLicensingEnabled $true
Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft