vege - Fotolia
While Exchange Server 2016 has information rights management turned on by default, the messaging platform must meet several prerequisites before it can implement Microsoft IRM.
The information rights management (IRM) functionality in Exchange 2016 gives users a way to restrict the actions a recipient can perform with sensitive email and documents. Microsoft IRM offers a way to limit the potential for misuse of confidential material.
Microsoft IRM requirements for Exchange 2016
Microsoft IRM requires an Active Directory Rights Management Services (AD RMS) cluster. The cluster can consist of a single AD RMS server unless the organization needs more clusters for high availability and load balancing.
Exchange relies on the service connection point registered with AD to detect and interact with the cluster. The AD RMS cluster needs read and execute permissions assigned to the Exchange servers. Finally, the administrator must add a federation mailbox to the Super Users group on the AD RMS server to provide features such as transport decryption, journal decryption, IRM in Outlook on the web and IRM decryption for Exchange search.
Next, a Microsoft IRM system needs an Exchange 2016 deployment, although versions as old as Exchange 2010 may also work. Exchange and AD RMS require separate servers.
Finally, the IRM deployment needs an email client. Outlook is the most common client, and Outlook versions as old as Outlook 2007 can support the AD RMS templates that employees use to apply IRM permissions to messages and attachments. Users with mobile devices on ActiveSync version 14.1 or later can view, reply to, forward and create messages with Microsoft IRM protection.
Extend IRM to protect less common formats
Microsoft IRM supports email and typical Microsoft Office file formats such as Word and Excel, but it can be extended to other file formats through custom protectors that convert other file types into IRM formats. Administrators must register each new Microsoft IRM protector. Administrators can stipulate which file types the protector can convert.
Dig Deeper on Microsoft messaging and collaboration services
Related Q&A from Stephen J. Bigelow
Containers have rapidly come into focus as a popular option for deploying applications, but they have limitations and are fundamentally different ... Continue Reading
Senior technology editor Stephen Bigelow breaks down how AWS Storage Gateway can trip up users' hybrid cloud strategies. Beware these issues with ... Continue Reading
There is a small list of enterprise-class deployments and integrations known to run on VMware Cloud on AWS, but not all complex workloads are suited ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.