Another new feature in Exchange 2010 Unified Messaging is Protected Voice Mail:

Exchange Server 2010 solves the problem of unauthorized distribution of the messages by securing the message content, specifying the users who may access that content, and the operations that they may perform on it.  It uses Active Directory Rights Management Services to apply Do Not Forward permissions to voice messages that are designated either by the sender (by marking the message as private) or by administrative policy.  This prevents the forwarding of protected voice mails in a playable form to unauthorized persons, whatever the mail client used.

Protected Voice Mail can be enabled or disabled by configuring the following settings on the corresponding Unified Messaging Mailbox Policy:

Protected Voice Mail

Protect voice messages from unauthenticated callers

Select one of the following options from the drop-down list to determine whether an incoming call answered by a Unified Messaging server will protect voice messages.   This setting applies to voice messages sent to UM-enabled users when they don’t answer their phone.   This setting also applies to voice messages sent directly to UM-enabled users when the caller uses a UM auto attendant.   This option isn’t available to UM-enabled users who have a mailbox on an Exchange 2010 Unified Messaging server.  You can configure the following:

• None.  Use this setting to not have protection applied to any voice messages sent to UM-enabled users.
• Private.  Use this setting when you want the Unified Messaging server to apply protection only to voice messages that have been marked as private by the caller.
• All.  Use this setting when you want the Unified Messaging server to apply protection to all voice messages including those not marked as private.

Protect voice messages from authenticated callers

Select one of the following options from the drop-down list to determine whether an incoming call answered by a Unified Messaging server will protect voice messages.  This setting applies to voice messages sent to UM-enabled users when they don’t answer their phone.  This setting also applies when callers log on to their mailbox using Outlook Voice Access, and then create and send a voice message.  This option isn’t available to UM-enabled users who have a mailbox on an Exchange 2010 Unified Messaging server.  You can configure the following:

• None.  Use this setting to not have protection applied to any voice messages sent to UM-enabled users.
• Private.  Use this setting when you want the Unified Messaging server to apply protection only to voice messages that have been marked as private by the caller.
• All.  Use this setting when you want the Unified Messaging server to apply protection to all voice messages including those not marked as private.

Require Play on Phone for protected voice messages

Select this check box if you want to force users who receive protected voice messages to use the Play on Phone feature.  Or, if the client software doesn’t support rights management, users must use Outlook Voice Access.  The Play on Phone feature only applies to clients using a version of Outlook that supports rights management.  For Outlook 2007 and earlier versions that don’t support rights management, and for Outlook Web Access clients, Outlook Voice Access is the only way that users can listen to protected voice mail.

The default setting requires all users associated with the UM mailbox policy to use the Play on Phone feature to listen to voice messages that are protected.  By doing this, it prevents other people from hearing the voice message using a media player over computer speakers or using a media player on a mobile phone to hear the voice message.  Even if this is enabled, a UM-enabled user can still use Outlook Voice Access to hear the protected voice mail.

This is especially useful when UM-enabled users use public computers, laptops in public places, or their mobile phone’s media player to listen to protected voice mail that can contain private information.

Specify the text to display to voice mail recipients who have e-mail clients that do not support rights management

Protected voice mail can only be accessed by e-mail clients that support Information Rights Management (IRM), or if a UM-enabled user uses Outlook Voice Access to access the protected voice mail message.

If a protected voice mail is sent to an e-mail client that doesn’t support IRM, the text that you include in this box will be sent to the user in an e-mail message.  This information should include instructions about what to do to be able to receive the protected voice mail.

With the appropriate features enabled, Exchange 2010 UM-enabled users can be restricted from distributing unauthorized messages such as voice mails.  In the following Microsoft Outlook Web Access (OWA) screen shot, you can see that the voice mail itself is protected:

With the release of Exchange 2010 Beta 1, you will only be able to listen to the voice mail using Outlook Voice Access (OVA).  You will not be able to use the embedded Windows Media Player in OWA until the appropriate IRM plug-ins are released at a later date.

Anyone who receives the above voice mail message will not be able to listen to the contents unless they are authorized from the AD RMS infrastructure.

For more information about AD RMS, refer to the following:

• Microsoft Active Directory Rights Management Services (AD RMS) in Windows Server 2008

For assistance with Unified Communications (UC) planning, deployment, and telephone integration, check out some of our services:

• UC Planning, Deployment, and Telephony Integration
• Unified Messaging

Tags: Active Directory Rights Management Services, AD RMS, Exchange Server 2010, Microsoft, Protected Voice Mail, Rights Management Services, RMS, UM, Unified Messaging

This entry was posted on Friday, May 1st, 2009 at 2:07 pm and is filed under Gold Systems Blog.