vege - Fotolia
While Exchange Server 2016 has information rights management turned on by default, the messaging platform must meet several prerequisites before it can implement Microsoft IRM.
The information rights management (IRM) functionality in Exchange 2016 gives users a way to restrict the actions a recipient can perform with sensitive email and documents. Microsoft IRM offers a way to limit the potential for misuse of confidential material.
Microsoft IRM requirements for Exchange 2016
Microsoft IRM requires an Active Directory Rights Management Services (AD RMS) cluster. The cluster can consist of a single AD RMS server unless the organization needs more clusters for high availability and load balancing.
Exchange relies on the service connection point registered with AD to detect and interact with the cluster. The AD RMS cluster needs read and execute permissions assigned to the Exchange servers. Finally, the administrator must add a federation mailbox to the Super Users group on the AD RMS server to provide features such as transport decryption, journal decryption, IRM in Outlook on the web and IRM decryption for Exchange search.
Next, a Microsoft IRM system needs an Exchange 2016 deployment, although versions as old as Exchange 2010 may also work. Exchange and AD RMS require separate servers.
Finally, the IRM deployment needs an email client. Outlook is the most common client, and Outlook versions as old as Outlook 2007 can support the AD RMS templates that employees use to apply IRM permissions to messages and attachments. Users with mobile devices on ActiveSync version 14.1 or later can view, reply to, forward and create messages with Microsoft IRM protection.
Extend IRM to protect less common formats
Microsoft IRM supports email and typical Microsoft Office file formats such as Word and Excel, but it can be extended to other file formats through custom protectors that convert other file types into IRM formats. Administrators must register each new Microsoft IRM protector. Administrators can stipulate which file types the protector can convert.
Dig Deeper on Microsoft messaging and collaboration services
Related Q&A from Stephen J. Bigelow
Microsoft Hyper-V on Windows comes with advanced protection schemes, including several virtualization-based security features the company introduced ... Continue Reading
The BitLocker encryption technology continues to evolve from its roots as a Windows Vista feature to protect resources both in the local data center ... Continue Reading
Some enterprises avoid the public cloud due to its multi-tenant nature and data security concerns. Learn what data separation is and how it can keep ... Continue Reading