Hi folks, I'm Dan Plastina, Group Manager for the Information Protection team and I wanted to bring to your attention the launch of the most recent version of Nitrodesk's very popular TouchDown email client for devices running on the Android platform. This is exciting news and important to those of you who are running or supporting Android smartphones and netbooks. With this change, you can now enjoy the same level of IRM rights-protected messaging on Android devices that has in the past largely been available only to customers using Windows devices.
I’ll let our expert Enrique Saggese explain more.
Hi, I’m Enrique, and I’m the PM responsible for working with our partners at Nitrodesk to help facilitate IRM-enabled email in the latest version of TouchDown. As Dan expressed above, we are excited to be announcing this new development. I'd like to talk a little bit about how it came about and what's changed with this this new release of TouchDown from Nitrodesk.
A few months ago, Microsoft renewed its push to actively promote our Rights Management capabilities to application developers. This accompanied the release of a new, significantly enhanced SDK for Rights Management Services, and was also based on the support added for IRM in the latest version of the Exchange ActiveSync protocol, EAS 14.1.
Today we see the first fruits of all this hard work. The good folks at Nitrodesk have just announced that the latest version of TouchDown, their popular email client for Android, is now IRM enabled. They did that by leveraging the server-side IRM capabilities in Exchange for supporting mobile devices.
EAS IRM works by identifying protected messages before they are delivering to the ActiveSync client, acquiring licenses for them on behalf of the user (through Exchange Prelicensing) and preparing the content for delivery in a format that can be interpreted on a device without an RMS client. This is done after the client offers assurances that it will enforce the policies indicated by the server for the message and that it supports the required device policies such as encrypted storage and encrypted communications, as mandated by Exchange. That way, the Email client and the device don’t need to deal with the low level aspects of IRM and can focus on enforcing protection in the User Interface.
With EAS IRM, you receive your email just like any other regular email, and you only notice it is protected if the application shows a small lock icon by it, as TouchDown does. Once you open it, it looks just like a regular email, save for the restrictions.
This is a screen shot of a protected email. Obviously you don’t see the contents of the email because the email client, as expected, blocked the screen capture capability when displaying protected content. You can see that the Forward button is blocked, as this message was protected with Do Not Forward.
When opening a protected message you can view the rights passed by the server, which the application is enforcing by blocking UI elements such as Copy or Forward.
When protecting content on the device, an EAS IRM-enabled client will offer the option to choose among different templates downloaded from the server and the Do Not Forward option.
Once protected, the message is sent to the Exchange CAS Server, where it will be natively encrypted and an RMS Publishing License will be stamped in the email, and from then on it will be a regular RMS-protected email.
Since Android devices do not support (yet) consumption of protected documents, when downloading an attachment to a protected document you will get a file that is encrypted and that can’t be opened on the device, unless the attachment is an email, in which case you will be able to open it like a regular protected email.
For more information on the IRM capabilities in TouchDown, go to http://nitrodesk.com/irm.aspx.
To learn how IRM support is implemented in an email application, see the Exchange ActiveSync Protocol Specification.
So congratulations to our friends at Nitrodesk for supporting this technology in such a thorough way, we’ll be looking forward for the upcoming iOS version.
Dear Dan Plastina,
first of all, thanks for the blog. i need some guide lines to create a (ios - android) app to view document which is protected using RMS.
Hi Hager! Sorry about the delay in the response, but on the other hand we now have a much better answer than when you posted your question :-). We have now released the beta for the RMS SDK 3.0 for Android (and other platforms) which will enable to very easily RMS-enable your Android applications.
See the video at channel9.msdn.com/.../Solution-Provider-Webinar-Full-Recording and the demos at channel9.msdn.com/.../danplastina for details on how to get and use these SDKs.
Enrique, I just wanted to point out that GigaTrust also offers a mail solution for android but that the GigaTrust solution also offers Attachment support. To my knowledge, GigaTrust is the only company to offer attachment support for RMS. I'd also like
to point out that if customers are Azure RMS customers and they navigate to our website (www.gigatrust.com) we're now offering a 90 day trial for our Azure products.
TITUS also offers RMS support for email and attachments. Support is for both AzureRMS and AD RMS. See the TITUS app on the Google Play Store -
That's nice and all, but there are times you need to be able to capture the screen shot. It would be nice if there was a workaround for this security feature (nuisance, in my book). Do you know of a way to override this on Android? Thanks!
Is there a way to disable the default mail application in android from automatically decrypting RMS protected messages