How to Enable Azure RMS Protection for Exchange Online Emails

Here’s a nifty one from the trenches. Azure RMS works out of the box with Exchange installed locally through the RMS Sharing App. However, it won’t, by default, work with your Exchange Online transport rules via Office 365, nor will it work with RMS enabled email apps on Mobile such as TouchDown or Titus. The fix is just a few steps of PowerShell.

Open PowerShell and type the following and enter your O365 global administrator credentials

$UserCredential = Get-Credential


Start a session with O365 with the following command. There is a different ConnectionUri for China.

$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri -Credential $UserCredential -Authentication Basic –AllowRedirection


Import the session

Import-PSSession $Session


Configure the RMS Key Sharing Location (this is the key location for North America, see link for other locations)

Set-IRMConfiguration -RMSOnlineKeySharingLocation


Import the Trusted Publisher Domain (TPD)

Import-RMSTrustedPublishingDomain -RMSOnline -name “RMS Online”


Close your session

Remove-PSSession $Session


More on Configuring the IRM Keys: