RMS implementation is well described in several blogs. I have been requested to implement RMS on user basis. This means to override global / CAS / Virtual directory based settings of IRM and set IRM through OWAMailboxPolicy parameter (Get-CASMailbox ‘ Set-CASMailbox)
- IRM has been enabled globally:
Set-IRMConfiguration –InternalLicensingEnabled $true
- IRM has been enabled on CAS servers
Set-IRMConfiguration –ClientAccessServerEnabled $true
- IRM has been enabled on particular virtual directory (needs iisreset /noforce)
Get-OwaVirtualDirectory -identity *10*owa* | Set-OwaVirtualDirectory -IRMEnabled $true
At this point the only thing which matters is OWA mailbox policy to prevent / allow use of IRM in OWA
- Created Two OWA mailbox policies:
New-OWAMailboxPolicy -Name IRM_Disabled
Set-OwaMailboxPolicy IRM_Disabled -IRMEnabled $false
New-OWAMailboxPolicy -Name IRM_Enabled
There is no need to set IRMEnabled to $true since this is default.
- Assign policies to mailboxes:
Set-CasMailbox <alias> -OWAMailboxPolicy IRM_Disabled
Set-CasMailbox <alias> -OWAMailboxPolicy IRM_Enabled
Note: Even though in both ways it seems that IRM is enabled, In case of disabled IRM, there are visible only default RMS Templates and even though you select one of these templates, it will take no action an mail will be sent unrestricted.
- Also user has to log off from OWA to apply IRM setup changes.
- For global IRM configuration there is need for IISreset.