vege - Fotolia
While Exchange Server 2016 has information rights management turned on by default, the messaging platform must meet several prerequisites before it can implement Microsoft IRM.
The information rights management (IRM) functionality in Exchange 2016 gives users a way to restrict the actions a recipient can perform with sensitive email and documents. Microsoft IRM offers a way to limit the potential for misuse of confidential material.
Microsoft IRM requirements for Exchange 2016
Microsoft IRM requires an Active Directory Rights Management Services (AD RMS) cluster. The cluster can consist of a single AD RMS server unless the organization needs more clusters for high availability and load balancing.
Exchange relies on the service connection point registered with AD to detect and interact with the cluster. The AD RMS cluster needs read and execute permissions assigned to the Exchange servers. Finally, the administrator must add a federation mailbox to the Super Users group on the AD RMS server to provide features such as transport decryption, journal decryption, IRM in Outlook on the web and IRM decryption for Exchange search.
Next, a Microsoft IRM system needs an Exchange 2016 deployment, although versions as old as Exchange 2010 may also work. Exchange and AD RMS require separate servers.
Finally, the IRM deployment needs an email client. Outlook is the most common client, and Outlook versions as old as Outlook 2007 can support the AD RMS templates that employees use to apply IRM permissions to messages and attachments. Users with mobile devices on ActiveSync version 14.1 or later can view, reply to, forward and create messages with Microsoft IRM protection.
Extend IRM to protect less common formats
Microsoft IRM supports email and typical Microsoft Office file formats such as Word and Excel, but it can be extended to other file formats through custom protectors that convert other file types into IRM formats. Administrators must register each new Microsoft IRM protector. Administrators can stipulate which file types the protector can convert.
Dig Deeper on Microsoft messaging and collaboration services
Related Q&A from Stephen J. Bigelow
Understand and work around one of the more common Docker for Windows errors -- permissions for shared volumes -- to read, write and execute to the ... Continue Reading
IT administrators should familiarize themselves with the benefits and limitations of using nested virtualization to run containers in VMs before ... Continue Reading
Many issues cause VMs to become unresponsive, including invoking particular tasks, such as snapshots or migrations, resource configuration and ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.