How to Enable Azure RMS Protection for Exchange Online Emails

Here’s a nifty one from the trenches. Azure RMS works out of the box with Exchange installed locally through the RMS Sharing App. However, it won’t, by default, work with your Exchange Online transport rules via Office 365, nor will it work with RMS enabled email apps on Mobile such as TouchDown or Titus. The fix is just a few steps of PowerShell.

Open PowerShell and type the following and enter your O365 global administrator credentials

$UserCredential = Get-Credential

 

Start a session with O365 with the following command. There is a different ConnectionUri for China.

$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic –AllowRedirection

 

Import the session

Import-PSSession $Session

 

Configure the RMS Key Sharing Location (this is the key location for North America, see link for other locations)

Set-IRMConfiguration -RMSOnlineKeySharingLocation https://sp-rms.na.aadrm.com/TenantManagement/ServicePartner.svc

 

Import the Trusted Publisher Domain (TPD)

Import-RMSTrustedPublishingDomain -RMSOnline -name “RMS Online”

 

Close your session

Remove-PSSession $Session

 

More on Configuring the IRM Keys: http://technet.microsoft.com/en-us/library/dn151475(v=exchg.150).aspx