Export (0) Print
Expand All

Configure IRM to Use Microsoft Azure Rights Management

Exchange Online
 

Applies to: Exchange Online

Topic Last Modified: 2014-04-04

Information Rights Management (IRM) in Exchange Online uses Active Directory Rights Management Services (AD RMS), an information protection technology in Windows Server 2008 and later and Microsoft Azure Rights Management service in Office 365. IRM protection is applied to email by applying an AD RMS rights policy template to an email message. Usage rights are attached to the message itself so that protection occurs online and offline and inside and outside of your organization’s firewall.

This topic shows you how to configure IRM to use the Azure Rights Management service. For details about how to accomplish the same task using an on-premises AD RMS server, see Configure IRM to Use an On-Premises AD RMS Server.

To learn more about IRM in Exchange Online, see Information Rights Management in Exchange Online.

TipTip:
Having problems? Ask for help in the Exchange forums. Visit the forums at: Exchange Server, Exchange Online, or Exchange Online Protection.

By default, Azure Rights Management is disabled. To enable IRM features in Exchange Online, you need to activate it by using the Rights Management settings within the Office 365 administrative portal. For more information, see Activating rights management.

Use the RMS key sharing URL corresponding to your location.

 

Location RMS key sharing location

North America

https://sp-rms.na.aadrm.com/TenantManagement/ServicePartner.svc

European Union

https://sp-rms.eu.aadrm.com/TenantManagement/ServicePartner.svc

Asia

https://sp-rms.ap.aadrm.com/TenantManagement/ServicePartner.svc

South America

https://sp-rms.sa.aadrm.com/TenantManagement/ServicePartner.svc

Office 365 for Government (Government Community Cloud)

https://sp-rms.govus.aadrm.com/TenantManagement/ServicePartner.svc 1

NoteNote:
1   Only customers who have purchased Office 365 for Government SKUs (Government Community Cloud) should use this RMS key sharing location.

 

This command configures the RMS Online key sharing location in Exchange Online for a customer located in North America. Replace the RMS Online key sharing location with the correct URL for your location from the above table.

Set-IRMConfiguration -RMSOnlineKeySharingLocation "https://sp-rms.na.aadrm.com/TenantManagement/ServicePartner.svc"

For detailed syntax and parameter information, see Set-IRMConfiguration.

Run the following command to import the TPD from RMS Online.

Import-RMSTrustedPublishingDomain -RMSOnline -name "RMS Online"

For detailed syntax and parameter information, see Import-RMSTrustedPublishingDomain.

To verify that you have successfully configured IRM in Exchange Online to use Azure Rights Management service, run the Test-IRMConfiguration cmdlet. Among other things, the command checks connectivity with the RMS Online service, downloads the TPD, and checks its validity.

Test-IRMConfiguration -RMSOnline

After you configure the RMS Online key sharing location in Exchange Online and import the RMS Online TPD, run the following command to enable IRM for your cloud-based email organization.

Set-IRMConfiguration -InternalLicensingEnabled $true

For detailed syntax and parameter information, see Set-IRMConfiguration.

To verify that you have successfully imported the TPD and enabled IRM, do the following:

  • Use the Test-IRMConfiguration cmdlet to test IRM functionality. For details, see "Example 1" in Test-IRMConfiguration.

  • Compose a new message in Outlook Web App and IRM-protect it by selecting Set permissions from the extended menu (More Options Icon).

 
Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft