Office 365 Hosted IRM Configuration for Exchange Online

I recently had the opportunity to actually deployed hosted IRM for a customer with Exchange Online. Now there are some restrictions to this which is you only get what the templates are you don’t have the ability to customize the templates. If you want this then AADRM should be deployed on premise and then connected to Exchange Online.

Before we start the following needs to be installed locally:

Sign in Assistant: http://www.microsoft.com/en-us/download/details.aspx?id=39267

Then download the Azure AD Module for PowerShell – http://go.microsoft.com/fwlink/p/?linkid=236297 – Note this is the 64 bit version if you are running 32 bit go herehttp://go.microsoft.com/fwlink/p/?linkid=236298

Then download the Azure AD RM Tools – http://www.microsoft.com/en-us/download/details.aspx?id=30339 – Note this states 2010 but is the current version as of writing.

 

Then open PowerShell on your machine and run the following commands

Import-module AADRM

Connect-aadrmservice – you will be then prompted for credentials enter your admin account on the tenant.

Then run get-aadrmconfiguration – and look for functionalstate is enabled this proves it has been enabled successfully for your tenant.

Then run the following command to connect to Exchange Online

Import-module msonline

$cred=get-credential

$Sess = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $Cred -Authentication Basic -AllowRedirection Import-PSSession $Sess

Once connected run

Enable-organizationcustomization

Set-IRMConfiguration –RMSOnlineKeySharingLocation “https://sp-rms.eu.aadrm.com/TenantManagement/ServicePartner.svc

Note this is for the EMEA region if you want the other regions they are listed below:

https://sp-rms.na.aadrm.com/TenantManagement/ServicePartner.svc for North America
https://sp-rms.ap.aadrm.com/TenantManagement/ServicePartner.svc for Asia Pacific

Import-RMSTrustedPublishingDomain -RMSOnline -name “RMS Online”


Get-IRMConfiguration – you should get back the same as below you will notice internallicensingenabled is set to false which blocks OWA the next step is to turn this on

 

get-irmconfig

 

Set-IRMConfiguration -InternalLicensingEnabled $true

Test-IRMConfiguration –sender testuser@tenant.onmicrosoft.com – note this is an dummy account replace the name and the domain for the tenant you are trying it out on.

You should get back the following:

test-user

 

After this time I have noticed that it can take up to 24 hours for it to work in OWA but in Outlook it should be instant. Viola you are free to play and test with.

Now from this you have the ability to create rules that will also apply these templates otherwise by default a user will have to select them for each email.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s