Exchange IRM feature
Exchange version
Minimum Exchange Server role(s) required
Additional roles required (dependencies)
AD RMS version required
Configuration steps
Prelicensing
2007 SP3 2010 2010 SP1
Hub Transport
Windows Server 2008 SP2 Windows Server 2008 R2
Implementing Prelicensing
OWA IRM2
2010 2010 SP1
CAS, Mailbox
Implementing Prelicensing Implementing OWA IRM
IRM in Windows Mobile
CAS
Implementing Prelicensing Implementing IRM in Windows Mobile
IRM Search
Hub Transport, Mailbox
Implementing Prelicensing Implementing IRM Search
OWA WebReady Document Viewing
2010 SP1
Implementing Prelicensing Implementing OWA WebReady Document Viewing
Transport Protection Rules
Implementing Transport Protection Rules
Transport Decryption
Implementing Transport Decryption
Journal Decryption
Implementing Journal Report Decryption
IRM over EAS
Implementing IRM over Exchange ActiveSync
You can use the Active Directory Rights Management Services (AD RMS) Prelicensing agent to certify the Microsoft Office Outlook recipient's authenticity so that the recipient can open messages without receiving a credential prompt on every attempt. The AD RMS Prelicensing Agent requires the Hub Transport server role of Exchange Server 2007 or later and, if Exchange Server is running on Windows Server 2003, installing the Windows Rights Management Server client. No special configuration of Windows Rights Management Services or AD RMS is required to enable prelicensing.
To implement prelicensing, follow the instructions in the following documents:
In Exchange 2010, IRM in Outlook Web App (OWA) allows your users to access the rich IRM functionality offered by Exchange to apply persistent IRM-protection to messaging content. OWA IRM requires the Prelicensing service, and the CAS and Mailbox server roles of Exchange Server 2010. In addition, AD RMS must be configured to support OWA IRM.
To implement OWA IRM, follow the instructions in Implementing Prelicensing and then follow the instructions in the following documents:
Organizations can use Information Rights Management (IRM) to apply persistent protection to messaging content.
In Microsoft Exchange Server 2010 RTM, use of IRM on mobile devices has the following requirements:
To implement IRM in ActiveSync and Windows Mobile, follow the instructions in Implementing Prelicensing and then follow the instructions in the following documents:
In Microsoft Exchange Server 2010, you can provision personal archives for your users, helping you reduce or eliminate the use of .pst files. This results in more mailbox data being stored by a user, and it makes searching across the user's primary and archive mailboxes an important productivity tool.
With Exchange Search, new items are indexed almost immediately after they're created or delivered to the mailbox, providing users with a fast, stable, and more reliable way of searching mailbox data. In Exchange 2010 and Exchange Server 2007, content indexing is enabled by default on all mailbox databases, and there's no initial setup or configuration required.
Messages protected using Information Rights Management (IRM) are indexed by Exchange Search and included in search results. Messages must be protected by using an AD RMS server in the same Active Directory forest as the Exchange 2010 Mailbox server.
To implement the ability to search IRM-protected items, follow the instructions in Implementing Prelicensing and then follow the instructions in the following documents:
In Exchange 2010 SP1, users can view supported IRM-protected attachments by using WebReady Document Viewing. This allows users to view supported attachments without having to download the attachment by using the associated application.
To implement OWA WebReady Document Viewing, follow the instructions in Implementing Prelicensing and then follow the instructions in the following documents:
In Exchange Server 2010, you can use transport protection rules to implement messaging policies that help protect sensitive information by inspecting message content, encrypting sensitive e-mail content, and using rights management to control access to the content. Transport protection rules allow you to use transport rules to IRM-protect messages by applying an AD RMS rights policy template.
To implement transport protection rules, following the instructions in the following documents:
Transport decryption allows you to decrypt IRM-protected messages in transit. IRM-protected messages are decrypted by the Decryption agent. The Decryption agent decrypts the following types of IRM-protected messages:
To implement transport decryption, following the instructions in the following documents:
Journal report decryption allows you to save a clear-text copy of IRM-protected messages in journal reports, along with the original, IRM-protected message. If the IRM-protected message contains any supported attachments that were protected by the AD RMS cluster in your organization, the attachments are also decrypted.
Decryption is performed by the Journal Report Decryption agent. The agent decrypts the following types of IRM-protected messages:
To implement journal report pipeline decryption, following the instructions in the following documents:
In Exchange 2010 SP1, IRM in Exchange ActiveSync allows your users to access the rich IRM functionality offered by Exchange on any supported Exchange ActiveSync device without tethering the device to a computer and activating it for IRM.
Using IRM in Exchange ActiveSync, mobile device users can:
To implement IRM over Exchange ActiveSync, follow the instructions in the following documents:
Naomi N edited Revision 12. Comment: Formatting
Naomi N edited Revision 11. Comment: Formatting
Ed Price - MSFT edited Revision 8. Comment: Adding TOC and tags