What are the Microsoft IRM requirements for Exchange 2016?

Microsoft IRM requirements for Exchange 2016

Microsoft IRM requires an Active Directory Rights Management Services (AD RMS) cluster. The cluster can consist of a single AD RMS server unless the organization needs more clusters for high availability and load balancing.

Exchange relies on the service connection point registered with AD to detect and interact with the cluster. The AD RMS cluster needs read and execute permissions assigned to the Exchange servers. Finally, the administrator must add a federation mailbox to the Super Users group on the AD RMS server to provide features such as transport decryption, journal decryption, IRM in Outlook on the web and IRM decryption for Exchange search.

Microsoft IRM supports email and typical Microsoft Office file formats such as Word and Excel, but it can be extended to other file formats.

Next, a Microsoft IRM system needs an Exchange 2016 deployment, although versions as old as Exchange 2010 may also work. Exchange and AD RMS require separate servers.

Finally, the IRM deployment needs an email client. Outlook is the most common client, and Outlook versions as old as Outlook 2007 can support the AD RMS templates that employees use to apply IRM permissions to messages and attachments. Users with mobile devices on ActiveSync version 14.1 or later can view, reply to, forward and create messages with Microsoft IRM protection.

Extend IRM to protect less common formats

Microsoft IRM supports email and typical Microsoft Office file formats such as Word and Excel, but it can be extended to other file formats through custom protectors that convert other file types into IRM formats. Administrators must register each new Microsoft IRM protector. Administrators can stipulate which file types the protector can convert.