Configure IRM in an Exchange 2007 Hybrid Deployment


Applies to: Exchange Server 2010 SP2

Topic Last Modified: 2012-07-23

If you use Information Rights Management (IRM) in your on-premises Exchange organization and you want your cloud-based users to also use IRM, you need to configure the cloud-based Exchange organization. Configuration of the cloud-based organization involves copying Active Directory Rights Management Services (AD RMS) configuration from your on-premises AD RMS servers to the cloud-based organization and enabling IRM in the cloud.

Learn more at: Understanding IRM in an Exchange 2007 Hybrid Deployment

To configure IRM in a hybrid deployment, you need to use Windows PowerShell to access your on-premises AD RMS server.

Learn more at: Using Windows PowerShell to Administer AD RMS

Do the following to export trusted publishing domain (TPD) data from your AD RMS and configure access to the AD RMS server for external clients.

  1. Export TPD data from your on-premises organization. Learn more at: Exporting a Trusted Publishing Domain

  2. Configure access to AD RMS servers from external clients. Learn more at: Adding an Extranet Cluster URL

After you export the TPD data from your on-premises AD RMS servers, you need to import that data into the cloud-based Exchange organization and then enable IRM.

  1. In the cloud-based organization, import the TPD data.

    Import-RMSTrustedPublishingDomain -FileData $( [Byte[]] (Get-Content -Encoding Byte -Path "<Path to exported TPD file>" -ReadCount 0))
  2. Enable IRM in the cloud-based organization.

    Set-IRMConfiguration -InternalLicensingEnabled $True

After you've imported the TPD data into the cloud-based organization, you must distribute the AD RMS templates that you want cloud-based Outlook Web App and Exchange ActiveSync users and features such as transport rules, journal report decryption, and Outlook protection rules in the cloud-based Exchange organization to use.

  1. In the cloud-based organization, retrieve a list of AD RMS templates.

    Get-RMSTemplate -Type All
  2. Distribute the AD RMS templates to users and features in the cloud-based organization.

    Set-RMSTemplate <template name> -Type Distributed
    You can't modify the "Do Not Forward" AD RMS template.
  3. Repeat step 2 for each AD RMS template you want to distribute.

After you've configured and enabled IRM and imported TPD data into the cloud-based organization, Outlook Web App users should have access to AD RMS templates.

Learn more at: Understanding Information Rights Management in Outlook Web App

In addition, all of the AD RMS templates that you have available in your on-premises organization should be listed when you run the Get-RMSTemplate cmdlet in the cloud-based organization.

Having problems? Ask for help in the Office 365 forums. To access the forums, you'll need to sign in using an account that's granted administrator access to your cloud-based service. Visit the forums at: Office 365 Forums

 © 2010 Microsoft Corporation. All rights reserved.