Configure IRM in Exchange 2007 Hybrid Deployments

Exchange 2010

Applies to: Exchange Server 2010 SP3, Exchange Server 2010 SP2

Topic Last Modified: 2012-07-23

If you use Information Rights Management (IRM) in your on-premises Exchange organization and you want your Exchange Online users to also use IRM, you need to do the following:

  1. Configure your on-premises Active Directory Rights Management Services (AD RMS) server.

  2. Enable IRM in your Exchange Online organization.

  3. Distribute the imported AD RMS templates to users in the Exchange Online organization.

Learn more at: Understanding IRM in an Exchange 2007 Hybrid Deployment

To configure IRM in a hybrid deployment, you need to use Windows PowerShell to access your on-premises AD RMS server. Learn more at: Using Windows PowerShell to Administer AD RMS

Do the following to export trusted publishing domain (TPD) data from your on-premises AD RMS server and then configure access to the AD RMS server for external clients.

  1. Export TPD data from your on-premises organization. Learn more at: Exporting a Trusted Publishing Domain

  2. Configure access to AD RMS servers from external clients. Learn more at: Adding an Extranet Cluster URL

After you export the TPD data from your on-premises AD RMS servers, you need to import that data into the Exchange Online organization and then enable IRM.

  1. In the Exchange Online organization, import the TPD data.

    Import-RMSTrustedPublishingDomain -FileData $( [Byte[]] (Get-Content -Encoding Byte -Path "<Path to exported TPD file>" -ReadCount 0))
  2. Enable IRM in the Exchange Online organization.

    Set-IRMConfiguration -InternalLicensingEnabled $True

After you've enabled IRM in the Exchange Online organization, you must distribute the imported AD RMS templates. The following Exchange Online users and features use AD RMS templates:

  • Outlook Web App users

  • Exchange ActiveSync users

  • Transport rules

  • Journal report decryption

  • Outlook protection rules

  1. In the Exchange Online organization, retrieve a list of AD RMS templates.

    Get-RMSTemplate -Type All
  2. Distribute the AD RMS templates to users and features in the Exchange Online organization.

    Set-RMSTemplate <template name> -Type Distributed
    You can't modify the "Do Not Forward" AD RMS template.
  3. Repeat step 2 for each AD RMS template you want to distribute.

Outlook Web App users should be able to apply AD RMS templates to new messages. Outlook Web App and Exchange ActiveSync users should be able to read messages that have AD RMS templates applied to them. In addition, all the AD RMS templates that were imported from your on-premises organization should be listed when you run the Get-RMSTemplate cmdlet.

Run the following command in the Exchange Online organization.


Learn more at: Understanding Information Rights Management in Outlook Web App

Having problems? Ask for help in the Office 365 forums. To access the forums, you'll need to sign in using an account that's granted administrator access to your cloud-based service. Visit the forums at: Office 365 Forums

 © 2010 Microsoft Corporation. All rights reserved.