TechNet
Export (0) Print
Expand All
Collapse the table of content
Expand the table of content
Expand Minimize

Set-IRMConfiguration

 

Applies to: Exchange Online, Exchange Server 2016

This cmdlet is available in on-premises Exchange Server 2016 and in the cloud-based service. Some parameters and settings may be exclusive to one environment or the other.

Use the Set-IRMConfiguration cmdlet to configure Information Rights Management (IRM) features on your organization.

For information about the parameter sets in the Syntax section below, see Exchange cmdlet syntax.

importantImportant:
Configuring and using IRM features in an on-premises Microsoft Exchange organization requires Active Directory Rights Management Services (AD RMS).

Set-IRMConfiguration [-ClientAccessServerEnabled <$true | $false>] [-Confirm [<SwitchParameter>]] [-DomainController <Fqdn>] [-EDiscoverySuperUserEnabled <$true | $false>] [-ExternalLicensingEnabled <$true | $false>] [-Force <SwitchParameter>] [-InternalLicensingEnabled <$true | $false>] [-JournalReportDecryptionEnabled <$true | $false>] [-LicensingLocation <MultiValuedProperty>] [-PublishingLocation <Uri>] [-RefreshServerCertificates <SwitchParameter>] [-RMSOnlineKeySharingLocation <Uri>] [-SearchEnabled <$true | $false>] [-ServiceLocation <Uri>] [-TransportDecryptionSetting <Disabled | Optional | Mandatory>] [-WhatIf [<SwitchParameter>]]

This example enables journal report decryption.

Set-IRMConfiguration -JournalReportDecryptionEnabled $true

This example enables transport decryption and enforces decryption. When decryption is enforced, messages that can't be decrypted are rejected, and an NDR is returned.

Set-IRMConfiguration -TransportDecryptionSetting Mandatory

This example enables licensing for external messages.

Set-IRMConfiguration -ExternalLicensingEnabled $true

IRM requires the use of an on-premises AD RMS server or the ILS service. IRM features can be selectively enabled or disabled.

You need to be assigned permissions before you can run this cmdlet. Although all parameters for this cmdlet are listed in this topic, you may not have access to some parameters if they're not included in the permissions assigned to you. To see what permissions you need, see the "Information Rights Management (IRM) configuration" entry in the Messaging policy and compliance permissions topic.

 

Parameter Required Type Description

ClientAccessServerEnabled

Optional

System.Boolean

The ClientAccessServerEnabled parameter specifies whether to enable IRM in Microsoft Outlook on the web and in Microsoft Exchange ActiveSync. Both of these features are enabled by default. To disable them, set the parameter to $false.

importantImportant:
Enabling IRM in Outlook on the web requires additional configuration on AD RMS servers. For more information, see Information Rights Management in Outlook Web App.

Confirm

Optional

System.Management.Automation.SwitchParameter

The Confirm switch specifies whether to show or hide the confirmation prompt. How this switch affects the cmdlet depends on if the cmdlet requires confirmation before proceeding.

  • Destructive cmdlets (for example, Remove-* cmdlets) have a built-in pause that forces you to acknowledge the command before proceeding. For these cmdlets, you can skip the confirmation prompt by using this exact syntax: -Confirm:$false.

  • Most other cmdlets (for example, New-* and Set-* cmdlets) don't have a built-in pause. For these cmdlets, specifying the Confirm switch without a value introduces a pause that forces you acknowledge the command before proceeding.

DomainController

Optional

Microsoft.Exchange.Data.Fqdn

This parameter is available only in on-premises Exchange 2016.

The DomainController parameter specifies the domain controller that's used by this cmdlet to read data from or write data to Active Directory. You identify the domain controller by its fully qualified domain name (FQDN). For example, dc01.contoso.com.

EDiscoverySuperUserEnabled

Optional

System.Boolean

The EDiscoverySuperUserEnabled parameter specifies whether members of the Discovery Management role group can access IRM-protected messages that were returned by a discovery search and are residing in a discovery mailbox. To enable IRM-protected message access to the Discovery Management role group, set the value to $true. For more information about In-Place eDiscovery and IRM-protected messages, see In-Place eDiscovery in Exchange 2016.

ExternalLicensingEnabled

Optional

System.Boolean

The ExternalLicensingEnabled parameter specifies whether to enable IRM features for messages sent to external recipients. In on-premises deployments, licensing is disabled for external messages by default. To enable licensing, set the value to $true.

Force

Optional

System.Management.Automation.SwitchParameter

The Force switch specifies whether to suppress the confirmation prompt that appears when you modify the InternalLicensingEnabled parameter.

InternalLicensingEnabled

Optional

System.Boolean

The InternalLicensingEnabled parameter specifies whether to enable IRM features for messages sent to internal recipients. In on-premises deployments, licensing is disabled for internal messages by default. To enable licensing, set the value to $true.

noteNote:
If the InternalLicensingEnabled parameter is set to $false, no AD RMS templates are returned when you use the Get-RMSTemplate cmdlet.

JournalReportDecryptionEnabled

Optional

System.Boolean

The JournalReportDecryptionEnabled parameter specifies whether to enable journal report decryption. When enabled, journal report decryption attaches a decrypted copy of an IRM-protected message to the journal report. Journal report decryption is enabled by default. To disable journal report decryption, set the value to $false.

importantImportant:
Enabling journal report decryption requires additional configuration on AD RMS servers. For more information, see Journal report decryption.

LicensingLocation

Optional

Microsoft.Exchange.Data.MultiValuedProperty

This parameter is available only in on-premises Exchange 2016.

The LicensingLocation parameter specifies one or more additional AD RMS licensing URLs in on-premises deployments. It isn't required to populate this parameter if the organization doesn't have cross-forest deployment of licensing servers.

PublishingLocation

Optional

System.Uri

This parameter is available only in the cloud-based service.

The PublishingLocation parameter specifies one or more AD RMS publishing URLs.

RefreshServerCertificates

Optional

System.Management.Automation.SwitchParameter

This parameter is available only in on-premises Exchange 2016.

The RefreshServerCertificates switch clears all Rights Account Certificates (RACs), Computer Licensor Certificates (CLCs), and cached AD RMS templates from all Exchange servers in the organization. You don't need to specify a value with this switch.

Clearing RACs, CLCs, and cached templates may be required during troubleshooting or in the event of a change of keys on the AD RMS cluster in your organization. For more information about RACs and CLCs, see Understanding AD RMS Certificates.

RMSOnlineKeySharingLocation

Optional

System.Uri

This parameter is available only in the cloud-based service.

The RMSOnlineKeySharingLocation parameter specifies the RMS Online URL to obtain the trusted publishing domain (TPD) for the Exchange Online organization.

SearchEnabled

Optional

System.Boolean

The SearchEnabled parameter specifies whether to enable searching of IRM-encrypted messages in Outlook on the web. Valid values are:

  • $true (default)   Enables search of IRM-encrypted messages in Outlook on the web.

  • $false   Disables search of IRM-encrypted messages in Outlook on the web.

ServiceLocation

Optional

System.Uri

This parameter is available only in the cloud-based service.

The ServiceLocation parameter specifies the AD RMS service URL.

TransportDecryptionSetting

Optional

Microsoft.Exchange.Data.Directory.SystemConfiguration.TransportDecryptionSetting

The TransportDecryptionSetting parameter specifies the transport decryption configuration. Valid values include one of the following:

  • Disabled   Transport decryption is disabled for internal and external messages.

  • Mandatory   Messages that can't be decrypted are rejected, and a non-delivery report (NDR) is returned.

  • Optional   A best effort approach to decryption is provided. Messages are decrypted if possible, but delivered even if decryption fails.

WhatIf

Optional

System.Management.Automation.SwitchParameter

The WhatIf switch simulates the actions of the command. You can use this switch to view the changes that would occur without actually applying those changes. You don't need to specify a value with this switch.

To see the input types that this cmdlet accepts, see Cmdlet Input and Output Types. If the Input Type field for a cmdlet is blank, the cmdlet doesn’t accept input data.

To see the return types, which are also known as output types, that this cmdlet accepts, see Cmdlet Input and Output Types. If the Output Type field is blank, the cmdlet doesn’t return data.

 
Show:
© 2016 Microsoft