Enable or Disable Information Rights Management in Outlook Web App
Applies to: Exchange Server 2010
By enabling Information Rights Management (IRM) in Microsoft Office Outlook Web App in a Microsoft Exchange Server 2010 organization, Outlook Web App users can IRM-protect messages by applying an Active Directory Rights Management Services (AD RMS) template created on your AD RMS cluster. Outlook Web App users can also view IRM-protected messages. Before you enable IRM in Outlook Web App, you must add the Federated Delivery mailbox to the super users group on the AD RMS cluster.
Important
Members of the super users group are granted an owner use license when they request a license from the AD RMS cluster. This allows them to decrypt all RMS-protected content created by that AD RMS cluster.
You can use the Set-IRMConfiguration cmdlet to enable or disable IRM in Outlook Web App for the entire Exchange 2010 organization. You can also control IRM in Outlook Web App at the following levels:
- Per-Outlook Web App virtual directory To enable or disable IRM in Outlook Web App for an Outlook Web App virtual directory, use the Set-OWAVirtualDirectory cmdlet and set the IRMEnabled parameter to
$falseor$true(default). This allows you to disable IRM in Outlook Web App for one virtual directory on an Exchange 2010 Client Access server, while keeping it enabled on another virtual directory on a different Client Access server. - Per-Outlook Web App mailbox policy To enable or disable IRM in Outlook Web App for an Outlook Web App mailbox policy, use the Set-OWAMailboxPolicy cmdlet and set the IRMEnabled parameter to
$falseor$true(default). This allows you to enable IRM in Outlook Web App for one set of users and disable it for another set of users by assigning them a different Outlook Web App mailbox policy.
Looking for other management tasks related to rights protection? Check out Managing Information Rights Management.
Prerequisites
- An AD RMS cluster is installed in the Active Directory forest.
- The Federated Delivery mailbox has been added to the AD RMS super users group. For instructions, see Add a Federated Delivery Mailbox to the AD RMS Super Users Group.
Use the Shell to enable IRM in Outlook Web App
You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "Rights protection" entry in the Messaging Policy and Compliance Permissions topic.
Note
You can't use the EMC to enable IRM in Outlook Web App.
This example enables IRM in Outlook Web App. In Exchange 2010, the OWAEnabled parameter is set to $true by default. Also, to enable IRM in Outlook Web App, you're only required to add the Federated Delivery mailbox to the super users group configured on your AD RMS server.
Set-IRMConfiguration -OWAEnabled $true
For detailed syntax and parameter information, see Set-IRMConfiguration.
Use the Shell to disable IRM in Outlook Web App
You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "Rights protection" entry in the Messaging Policy and Compliance Permissions topic.
Note
You can't use the EMC to disable IRM in Outlook Web App.
This example disables IRM in Outlook Web App for an Exchange 2010 organization.
Set-IRMConfiguration -OWAEnabled $false
For detailed syntax and parameter information, see Set-IRMConfiguration.
Other Tasks
After you enable IRM in Outlook Web App, you may also want to create a transport protection rule. For detailed steps, see Create a Transport Protection Rule.