Share via

Configuring IRM for Exchange Online with no ADRMS (no on premise) server

  • Article

There are several step by step documents on implementing IRM in Exchange Online when you are importing a TPD ( Trusted Publishing Domain) from an Active Directory Rights Management server (an on premises ADRMS server), but what do you do if you are using pure Azure Active Directory Rights Management?

The steps are ALMOST exactly the same, but you will be importing a TPD from the Azure service instead.  It’s useful to think of RMS in Exchange Online as a separate “mini” RMS server that you must configure a RMS Trust relationship with.

Prerequisites:

You must have enabled Azure Directory Services Rights Management (AADRM) in the O365 Interface.  Those steps are detailed HERE

(you must have installed Office 365 Modules for PowerShell as well as RMS Modules for PowerShell http://www.microsoft.com/en-us/download/details.aspx?id=30339)

Enable Exchange Online

1. Connect to your Exchange Online account by using Windows PowerShell

2. Login with this command:

$LiveCred = Get-Credential

3. Begin configuration of Exchange Online:

( If you haven't previously run Windows PowerShell remote commands for Exchange Online, run the following command: set-executionpolicy remotesigned )

$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $LiveCred -Authentication Basic –AllowRedirection

Import-PSSession $Session

4. Run the following commands to enable Rights Management within Exchange Online:

Set-IRMConfiguration –RMSOnlineKeySharingLocation "https://sp-rms.na.aadrm.com/TenantManagement/ServicePartner.svc"

Import-RMSTrustedPublishingDomain -RMSOnline -name "RMS Online"

Set-IRMConfiguration -InternalLicensingEnabled $true

For regions outside North America, substitute .NA. with .EU. for the European Union, and .AP. for Asia

         e.g.: https://sp-rms.eu.aadrm.com/TenantManagement/ServicePartner.svc

         e.g.: https://sp-rms.ap.aadrm.com/TenantManagement/ServicePartner.svc

        Optionally test the configuration by running the following command:

Test-IRMConfiguration -sender user@company.onmicrosoft.com

To update templates for Exchange Online

 If you use the Custom Template feature you will need to refresh Exchange Online to see new template changes.

  1. Using Windows PowerShell in Exchange Online, connect to the service (step 1-3 above).

  2. Use the Import-RMSTrustedPublishingDomain cmdlet to re-import your trusted publishing domain (TPD) from Azure RMS:

    To verify your TPD name, you can use the

    Get-RMSTrustedPublishingDomain
    **
    **Typically this will be “RMS Online – 1”

    Import-RMSTrustedPublishingDomain -Name "<TPD name>" -RefreshTemplates –RMSOnline

    For example, if your TPD name is “RMS Online – 1”, enter:

    Import-RMSTrustedPublishingDomain -RMSOnline -name "RMS Online - 1"  -RefreshTemplates –RMSOnline

     

  3. To confirm that the templates have imported successfully, wait a few minutes and then run the Get-RMSTemplate cmdlet.