I recently configured IRM to protect documents and email communications as part of a security initiative.

Information Rights Management (IRM) in Exchange Online uses Active Directory Rights Management Services (AD RMS), an information protection technology service in Office 365. IRM protection is applied to email by applying an AD RMS rights policy template to an email message. Usage rights are attached to the message itself so that protection occurs online and offline and inside and outside of your organization’s firewall

Need to know info:

  • Time to complete this task: 30-60 minutes
  • You need to be assigned admin permissions to manage IRM
  • Knowledge of using Windows PowerShell to connect to Exchange Online

Steps Taken:

Step 1: Activating Azure Rights Management

  1. Log into the Office 365 admin center
  2. In the left pan expand the services settings
  3. Click Rights Management
  4. On the Rights Management page, click Manage
  5. On the Rights Management page, click Activate
  6. You will be prompted with the question: Do you want to activate Rights Management? click activate.

You should now see Rights Management is activated

Step 2: Using Exchange Management Shell to log into Office 365

Here I use PowerShell ISE to step through he process

# Login to the Office 365 Account

Set-ExecutionPolicy RemoteSigned

$UserCredential = Get-Credential

$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection

Import-PSSession $Session

Step 3: Use the Exchange Management Shell to configure the RMS Online key sharing location in Exchange Online

#Displaying the IRM Configuration

Get-IRMConfiguration

# List of Locaitons

#North America https://sp-rms.na.aadrm.com/TenantManagement/ServicePartner.svc

#European Union https://sp-rms.eu.aadrm.com/TenantManagement/ServicePartner.svc

#Asia https://sp-rms.ap.aadrm.com/TenantManagement/ServicePartner.svc

#South America https://sp-rms.sa.aadrm.com/TenantManagement/ServicePartner.svc

#Office 365 for Government (Government Community Cloud) https://sp-rms.govus.aadrm.com/TenantManagement/ServicePartner.svc

Set-IRMConfiguration -RMSOnlineKeySharingLocation “https://sp-rms.na.aadrm.com/TenantManagement/ServicePartner.svc”

#Checking that the configraiton was applied

Get-IRMConfiguration

Step 4: Importing Trusted Publishing Domain (TPD) from RMS Online

Import-RMSTrustedPublishingDomain -RMSOnline -name “RMS Online”

Test-IRMConfiguration -RMSOnline

Step5: Enabling IRM in Exchange Online

Set-IRMConfiguration -InternalLicensingEnabled $true

Step 5: Testing the IRM configuration

Get-IRMConfiguration

Test-IRMConfiguration -Sender jsmith@jermsmit.tld

Expected Results should show that each area verified has passed

Ref Links:

https://technet.microsoft.com/en-us/library/jj983436(v=exchg.150).aspx

https://support.office.com/en-us/article/Set-up-Information-Rights-Management-IRM-in-SharePoint-admin-center-239ce6eb-4e81-42db-bf86-a01362fed65c

Summery  image of my PowerShell ISE