AD RMS and Windows Mobile Requirements

The following list describes the requirements for Windows Mobile and AD RMS integration:

·        An AD RMS cluster located in the same forest as the accounts of the users who will use AD RMS on their Windows Mobile device.

·        A domain-joined computer running Windows 7, Windows Vista or Windows XP.  The domain-joined computer must have the AD RMS client installed, must be able to access the AD RMS cluster, and must be able to connect to the Windows Mobile device.  The mobile device is configured to work with the AD RMS cluster from the domain-joined computer.

·        A Windows Mobile 6.0 or later device.  Both Standard and Professional editions of Windows Mobile 6.0 or later can use AD RMS.

·        A sync client installed on the domain-joined computer.  For clients running Windows XP use Active Sync 4.5 (  For clients running Windows 7 or Windows Vista use Windows Mobile Device Center 6.1 (

·        Recommended: Many mobile services use advanced Active Directory Domain Services (AD DS) functionality that is available only if all AD DS Domain Controllers are running Windows Server 2003 or Windows Server 2008.  If you are using any mobile services, we recommend that all domain controllers are running Windows Server 2003 or Windows Server 2008 and that both the domain and forest functional levels are at least at Windows Server 2003.

AD RMS client capabilities are embedded in the operating system of Windows Mobile 6.0 and later devices.  There is no AD RMS client available for Windows Mobile 5.0 or earlier; AD RMS can be used only on devices with Windows Mobile 6.0 or later.  There is full interoperability when sharing AD RMS protected content between the different versions and editions of Windows Mobile 6.0 or later.

Windows Mobile Considerations

Users can create and consume protected e-mails using their Windows Mobile 6.0 or later device.  While users can consume e-mails protected by rights policy templates, Windows Mobile does not support protecting e-mails with rights policy templates.  The only protection policy available when creating a protected e-mail message in Windows Mobile is “Do Not Forward”.
Windows Mobile users can consume protected Microsoft Word, Excel, and PowerPoint documents using Microsoft Office Mobile.  However, users cannot protect Microsoft Office documents using a Windows Mobile device.  Some versions of Microsoft Office Mobile may require the Microsoft Office Mobile 6.1 Upgrade to support Office 2007 file formats.  This upgrade is available for download on the Microsoft Download Center ( Microsoft InfoPath and Microsoft XML Paper Specification (XPS) are not currently supported by Windows Mobile.
Windows Mobile clients cannot authenticate through Active Directory Federation Services (AD FS).  Therefore, mobile users must reside in the same forest as an AD RMS server to be able to use AD RMS with Windows Mobile.

AD RMS Prelicensing Agent in Windows Mobile

The AD RMS Prelicensing Agent is a feature introduced in Microsoft Exchange Server 2007 Service Pack 1 and later.  It allows Exchange to call the AD RMS server directly on behalf of the user and fetch an end-use license to consume e-mail messages, instead of forcing the end user to do it when the content is first opened.  By enabling AD RMS Prelicensing in Exchange, protected documents and e-mails are ready to be opened without any additional steps.
When the AD RMS Prelicensing Agent is enabled end users accessing e-mail through their Windows Mobile device can take advantage of this feature.

For more information on the AD RMS Prelicensing Agent see Managing the AD RMS Prelicensing Agent (


See Also