Enterprise Vault™ Setting up Exchange Server and Office 365 for SMTP Archiving
- Configuring Exchange Server for an Enterprise Vault SMTP Archiving solution
- About using Enterprise Vault SMTP Archiving for Exchange Server journaling
- Summary of steps
- Creating a remote domain using the Exchange Management shell
- Creating a recipient mail contact in the remote domain
- Creating a Send Connector for the remote domain
- Setting up Exchange Server journaling
- Points to note when setting up Enterprise Vault SMTP Archiving servers
- Configuring Office 365 for Enterprise Vault SMTP Archiving
- Configuring the Azure RMS Decryption feature for Office 365 email encryption support
- About configuring the Azure RMS Decryption feature for Office 365 email encryption support
- Summary of steps
- Configuring IRM settings for journal report decryption in your organization
- Getting the Rights Management configuration details of your Azure tenant
- Creating a new service principal that represents your tenant to external applications
- Adding the service principal to the list of superusers for your organization
- Installing Microsoft Right Management Services Client 2.1
- Configuring the decryption of RMS-protected messages in Enterprise Vault
- Configuring decryption of MPIP-protected Office 365 emails archived in Enterprise Vault
- About configuring the MPIP decryption feature in Enterprise Vault
- Summary of steps
- Disable decryption of journal report in your organization
- Register an application with the Azure Active Directory
- Assign the required permissions to an application
- Upload certificates
- Configure decryption of MPIP-protected emails in Enterprise Vault
Disable decryption of journal report in your organization
By default, journal report decryption is enabled in your organization. As a result, decrypted copies of protected emails are attached to the journal report sent to the Enterprise Vault SMTP Service. Since Enterprise Vault can now decrypt Microsoft Purview Information Protection (MPIP) protected emails for a preview of the items in Discovery Accelerator, there is no requirement to send the decrypted copies of protected emails attached to the journal report.
Verify the Information Rights Management (IRM) configuration settings for journal report decryption in your organization by using the Get-IRMConfiguration cmdlet. For more information, see Get-IRMConfiguration.
If journal report decryption is enabled on the IRM settings, run the following command to disable it:
Set-IRMConfiguration -JournalReportDecryptionEnabled $false
For more information, see Set-IRMConfiguration.
The following PowerShell commands can be executed by Exchange Administrator or Office 365 Administrator:
:
#Retrieve the Information Rights Management (IRM) configuration in your organization.
Set-ExecutionPolicy RemoteSigned
$Cred = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri
https://ps.outlook.com/powershell/ -Credential $Cred -Authentication Basic - AllowRedirection
Import-PSSession $Session
Get-IRMConfiguration
:
#Test Information Rights Management (IRM) configuration and functionality.
Test-IRMConfiguration -Sender '<sender email adress>'
:
#Disable decryption of journal report in your organization
Set-IRMConfiguration -JournalReportDecryptionEnabled $false