Product Documentation

Microsoft IRM Support for WorxMail

Oct 20, 2015

WorxMail for Android supports messages protected with Microsoft Information Rights Management (IRM), subject to the configured IRM policy.

This feature allows the organizations to use IRM to apply persistent protection to messaging content and allows mobile device users be able to create and consume IRM-protected content. WorxMail supports the following template attributes:

Important: Attachments are not included in IRM support.
ContentExpiryDate Allows you to purge the body and attachments of the e-mail message when the ContentExpiryDate has passed. Additionally, WorxMail provides the ability to fetch the content again from the server.
EditAllowed Specifies whether the e-mail can be modified by the user when the user forwards, replies, or replies all to the e-mail message.
ExportAllowed Specifies whether the IRM protection on the e-mail message can be removed by the user.
ExtractAllowed Specifies whether the user can copy content out of the e-mail messages.
ForwardAllowed Specifies whether the user can forward the e-mail message.
ModifyRecipientsAllowed Specifies whether the user can modify the recipient list when the user forwards or replies to the e-mail message.
PrintAllowed Specifies whether the e-mail can be printed by the user. This element does not indicate client support for printing an e-mail message; it only specifies whether the e-mail message can be printed if the client supports printing.
ProgrammaticAccessAllowed Specifies whether the contents of the e-mail message can be accessed programmatically by third-party applications.
ReplyAllAllowed Specifies whether the user can reply to all of the recipients of the original e-mail message.
ReplyAllowed Specifies whether the user is allowed to reply to the e-mail message.

Security Considerations

Some organizations may require strict adherence to their IRM policy. Users with access to WorxMail may attempt to bypass the IRM policy by tampering with WorxMail, the operating system, or even the hardware platform. Although XenMobile can detect certain of these attacks, preventing them is largely the responsibility of the device itself.

Subject to your organizational security policy, consider the following precautionary measures:

  • Review security guidance supplied by the device vendor.
  • Configure devices accordingly, using XenMobile capabilities or otherwise.
  • Provide guidance to your users for appropriate use of IRM features, including WorxMail.
  • Deploy additional third-party security software to resist this type of attack.