This article is written as part 2 for http://exkb.wordpress.com/2012/08/16/rights-management-service-rms-irm-implementation-for-exchange-2010-sp2-owa/
Prerequisite is to have enabled certification pipeline for mobile devices on RMS server if you have Exchange 2010 RTM installed.
- First thing is to set up correct Active Sync policy (Policy must support device encryption and must not support nonprovisionable devices, Require password parameter must be set.)
new-ActiveSyncMailboxPolicy -Name 'RMS project' -AllowNonProvisionableDevices $false -DevicePasswordEnabled $true -AlphanumericDevicePasswordRequired $false
-MaxInactivityTimeDeviceLock '00:30:00' -MinDevicePasswordLength '4' -PasswordRecoveryEnabled $false -RequireDeviceEncryption $true -AttachmentsEnabled $true
-AllowSimpleDevicePassword $true -DevicePasswordExpiration '500.00:00:00' -DevicePasswordHistory '12' -DevicePolicyRefreshInterval '17.12:00:00'
-MaxDevicePasswordFailedAttempts '6' -IrmEnabled $true
Setting AS policy for RMS
Setting AS policy for RMS
- Second thing is to apply new Active Sync policy to the mailbox, you want to have IRM enabled
Get-CASMailbox <identity> | Set-CASMailbox -ActiveSyncMailboxPolicy "RMS Project"
UPDATE: IRM works even -AllowNonProvisionableDevices is set to $true
