These are the initial steps to configure AD RMS to support Information Rights Management in Exchange 2013 which I've collected here as TechNet has this information but it is spread over multiple articles.
Exchange 2013 is installed and operational (the steps will also work with Exchange 2010)
AD RMS is already configured and a valid certificate is installed on that server which includes the FQDN used in the Certification and Publishing URIs. The AD RMS server is running Windows Server 2012 but Windows 2008 R2 is also supported.
1. Create a distribution group with the Federation mailbox as its only member
New-DistributionGroup AdRmsSuperUsers Add-DistributionGroupMember AdRmsSuperUsers -Member FederatedEmail.4c1f4d8b-8179-4148-93bf-00a95fa1e042
2. Enable Super Users in AD RMS
2.1 In Active Directory Rights Management Services console, expand the AD RMS cluster.
2.2 Expand Security Policies then click Super Users.
2.3 Click Enable Super Users in the action pane
2.4 Click Change Super User Group
2.5 Type the email address of the AdRmsSuperUsers distribution group or click Browse to search for it.
3. Add Permissions to the AD RMS Server Certification Pipeline File
On the AD RMS server change the security of ServerCertification.asmx, located by default in C:\inetpub\wwwroot\_wmcs\certification\. Both the Exchange Servers and AD RMS Service Group groups need Read & execute permissions to this file.
The default permissions are System:Full Control so these steps will be required: On the Security Tab | Advanced | Continue | Add | Select a principal | Exchange Servers | OK. Do the same for the AD RMS Service Group.
4. Enable Internal Licensing
Finally run this command in the Exchange Management Shell to enable IRM Internal Licensing:
Set-IRMConfiguration -InternalLicensingEnabled $True
Run this command in the Exchange Management Shell:
Test-IRMConfiguration -Sender email@example.com
If successful the output will look like this:
More information on IRM can be found here: Information Rights Management in Exchange 2013