Delegate can read your AD RMS protected messages by using Outlook Web App in an Exchange Server 2010 environment

Assume that you assign full access permissions to a delegate in a Microsoft Exchange Server 2010 environment. The delegate logs on to your mailbox by using Microsoft Outlook Web App. In this situation, the delegate can access your Active Directory Rights Management Services (AD RMS) protected messages unexpectedly.
This issue occurs because Outlook Web App lets a delegate view an RMS protected message from a mailbox if the logged-on delegate has full permissions on that mailbox.

Note Delegates cannot view an RMS protected message in Outlook.
To resolve this issue, install the following update rollup:
2891587 Description of Update Rollup 3 for Exchange Server 2010 Service Pack 3

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
More information
For more information about how to enable explicit sign-in in Outlook Web App, go to the following Microsoft website:For more information about AD RMS, go to the following Microsoft website:

Article ID: 2893437 - Last Review: 11/25/2013 18:30:00 - Revision: 1.0

Microsoft Exchange Server 2010 Service Pack 3

  • kbqfe kbfix kbsurveynew kbexpertiseinter KB2893437