The other day I received an email from a coworker which was protected by Information Rights Management and I realized I could not open it using my Windows Mobile device. We are running Rights Management Server internally and with my laptop on Vista, the IRM components are built-in and all integrated seamlessly. The first time I had to open an IRM-protected message or document at work I was prompted to add and configure an account in Outlook in order to access the protected content. Since then, dealing with IRM-protected content is seamless whether online or offline thanks to the updated lockbox functionality of RMS SP1.
To test out the phone I sent myself a protected email, using the Permission drop-down under Options on the Message ribbon.
When viewing the message on my Windows Mobile 6 Blackjack I see that the message icon denotes protected content, and I get the same message I saw originally telling me that the phone is not configured for IRM.
Since ActiveSync is no longer in the picture, the phone’s instructions no longer apply. According to the Windows Mobile Device Center (WMDC) help documentation all I needed to do was connect my phone and then choose the option to activate IRM:
You can activate Information Rights Management (IRM) on your device to access IRM-protected e-mail and other content. (IRM is only supported for Windows Mobile 6 devices.)
To activate IRM on your device:
- Connect your device to a PC with which a partnership has been set up using a cable, cradle, infrared connection, or Bluetooth connection.
- Click Mobile Device Settings.
- Click Activate Information Rights Management.
Enter your logon credentials and click Activate. Most of the activation process happens behind the scenes and depends on server availability and network conditions.
Well that sounds easy enough but WMDC did not display that option. I verified via the Help menu that WMDC was updated to the most current version (6.1.6965). The help file also lists some prerequisites for the activation to be possible:
To activate IRM on your Windows Mobile powered device so that you can use IRM-protected documents:
- IRM must be installed and activated on the PC. (If your PC runs Windows Vista, the Windows Rights Management Services (RMS) Client is already installed. If your PC runs Windows XP, the Windows RMS Client Service Pack 1 (SP1) must be installed.)
- Your device must be connected to a PC with which a partnership has been set up.
- Your device must require IRM activation (that is, IRM has never been activated or the IRM license needs to be renewed).
All of these requirements had been met, so I spent some time searching online for solutions to why the elusive "Activate Information Rights Management" option was just no where to be found. I finally ran across an archived discussion from last year by the Microsoft Development Lead for WMDC Steve Spiller. He basically reiterated the above requirements but added one key piece of information:
"So be sure that you’ve successfully opened an IRM protected email on your desktop and that your desktop is connected to your corporate network so it will have access [to Active Directory] in order to get the IRM server information required for activation."
Duh. I’m so used to working remotely that this didn’t even occur to me, as I already have my ‘lockbox’ for RMS since I’ve previously connected to our RMS server and I can sign and decrypt content online or offline without issues. But apparently WMDC needs to be able to connect to the RMS server in order to perform the IRM activation process on the phone. So I disconnected the phone, connected to our corporate VPN, and reconnected the phone. This time WMDC displayed what I was looking for:
Clicking the new "Activate Information Rights Management" option prompts for AD credentials, and then activates the device. Now when I go back to that email on my phone I can properly access the content:
And as a final test I sent myself a protected message from my phone by accessing the Message Options and changing the Permission setting.