Rights Management Service (RMS) – IRM implementation for Exchange 2010 SP2 ActiveSync


This article is written as part 2 for http://exkb.wordpress.com/2012/08/16/rights-management-service-rms-irm-implementation-for-exchange-2010-sp2-owa/

Prerequisite is to have enabled certification pipeline for mobile devices on RMS server if you have Exchange 2010 RTM installed.

  • First thing is to set up correct Active Sync policy (Policy must support device encryption and must not support nonprovisionable devices, Require password parameter must be set.)
new-ActiveSyncMailboxPolicy -Name 'RMS project' -AllowNonProvisionableDevices $false -DevicePasswordEnabled $true -AlphanumericDevicePasswordRequired $false
-MaxInactivityTimeDeviceLock '00:30:00' -MinDevicePasswordLength '4' -PasswordRecoveryEnabled $false -RequireDeviceEncryption $true -AttachmentsEnabled $true
-AllowSimpleDevicePassword $true -DevicePasswordExpiration '500.00:00:00' -DevicePasswordHistory '12' -DevicePolicyRefreshInterval '17.12:00:00'
-MaxDevicePasswordFailedAttempts '6' -IrmEnabled $true
 
Setting AS policy for RMS

Setting AS policy for RMS

Setting AS policy for RMS

Setting AS policy for RMS

  • Second thing is to apply new Active Sync policy to the mailbox, you want to have IRM enabled
Get-CASMailbox <identity> | Set-CASMailbox -ActiveSyncMailboxPolicy "RMS Project"

UPDATE: IRM works even -AllowNonProvisionableDevices is set to $true

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s