Configure IRM in Exchange 2010 Hybrid Deployments
Applies to: Exchange Server 2010 SP3, Exchange Server 2010 SP2
Topic Last Modified: 2012-07-23
If you use Information Rights Management (IRM) in your on-premises Exchange organization and you want your Exchange Online users to also use IRM, you need to do the following:
Configure your on-premises Active Directory Rights Management Services (AD RMS) server.
Enable IRM in your Exchange Online organization.
Distribute the imported AD RMS templates to users in the Exchange Online organization.
Learn more at: Understanding IRM in Exchange 2010 Hybrid Deployments
To configure IRM in a hybrid deployment, you need to use Windows PowerShell to access your on-premises AD RMS server. Learn more at: Using Windows PowerShell to Administer AD RMS
Do the following to export trusted publishing domain (TPD) data from your on-premises AD RMS server and then configure access to the AD RMS server for external clients.
After you export the TPD data from your on-premises AD RMS servers, you need to import that data into the Exchange Online organization and then enable IRM.
In the Exchange Online organization, import the TPD data.
Import-RMSTrustedPublishingDomain -FileData $( [Byte] (Get-Content -Encoding Byte -Path "<Path to exported TPD file>" -ReadCount 0))
Enable IRM in the Exchange Online organization.
Set-IRMConfiguration -InternalLicensingEnabled $True
After you've enabled IRM in the Exchange Online organization, you must distribute the imported AD RMS templates. The following Exchange Online users and features use AD RMS templates:
Outlook Web App users
Exchange ActiveSync users
Journal report decryption
Outlook protection rules
In the Exchange Online organization, retrieve a list of AD RMS templates.
Get-RMSTemplate -Type All
Distribute the AD RMS templates to users and features in the Exchange Online organization.
Set-RMSTemplate <template name> -Type Distributed
Note: You can't modify the "Do Not Forward" AD RMS template.
Repeat step 2 for each AD RMS template you want to distribute.
Outlook Web App users should be able to apply AD RMS templates to new messages. Outlook Web App and Exchange ActiveSync users should be able to read messages that have AD RMS templates applied to them. In addition, all the AD RMS templates that were imported from your on-premises organization should be listed when you run the Get-RMSTemplate cmdlet.
Run the following command in the Exchange Online organization.
Having problems? Ask for help in the Office 365 forums. To access the forums, you'll need to sign in using an account that's granted administrator access to your cloud-based service. Visit the forums at: Office 365 Forums