The Official RMS Team Blog

Your official source for all the latest news and tech tips for Microsoft AD RMS and Azure RMS.

Integrating AD RMS and SharePoint

Integrating AD RMS and SharePoint

  • Comments 5
  • Likes

(This post was originally published on the original AD RMS blog in February 2010)

AD RMS can be used to protect Microsoft Office SharePoint Server 2007 document libraries.  If you would like to integrate your SharePoint server with AD RMS here are a few links to get you started:

  • Less of a comment, more of a question - is it possible to use IRM/RMS in conjunction with Office Web Apps and Sharepoint 2010? If so, could you point me to any reference materials? Thanks!


  • Dan, virtual lab AD RMS Integration with MOSS, Exchange and Windows Mobile isn't available for a while now:

    "The Event you are searching for does not exist".

  • If we have created a farm based sharepoint website in ADRMS integrated SharePoint module. How can we protect the documents and how authentication will happen in this mode.

  • Hi Saurabh,

    SharePoint protection works at the Library level, and this is regardless of it being a stand-alone installation or a farm. Authentication to SharePoint is independent from authentication to the RMS platform, and the only point of connection is that when a user downloads a document from a protected library SharePoint needs to read the users object Work Email attribute to create the policy that it will stamp on the document (the policy will indicate that that email is assigned with rights based on those the user has on the library). Once protected with such a policy, the document is downloaded by the user and then the user tries to acquire a license from AD RMS, with a completely separate authentication process. Authentication with AD RMS is typically Windows Integrated Authentication (though basic auth is also supported), and Federated authentication is also supported (see the second article in the post above for a primer on that configuration). This is all regardless of the authentication method utilized in SharePoint (since both authentication processes will happen at different points in the process of downloading and opening a document) but typically you want to configure SharePoint and AD RMS to utilize the same authentication mechanism (e.g. both using Federated auth or both using Integrated auth).

    In the case of Azure RMS, you would deploy the RMS connector (currently in Release Candidate as of September 2013), authorize your SharePoint Central Administration Web Site service account to utilize the connector (you do that in the connector itself) and configure SharePoint to use RMS through the connector (by indicating the connector URL in the SharePoint IRM settings). Again, authentication to SharePoint and to RMS are independent, and you can use any supported authentication mechanism on either platform, though the best user experience is obtained if both platforms use the same authentication mechanism (e.g. both use federated authentication). Once SharePoint protects the document with a policy based on the users identity and the user downloads the document from SharePoint, it will acquire a license from Azure RMS directly after authenticating to that service separately from SharePoint authentication.

    Hope this helps..

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment