Happy late Monday,
As promised, we're working on a series of blogs. This one was created with the help of Tejas on the team so you may see comments replied to by a new name. Here we'll focus on organizations that are looking/using Office365. Enjoy
DanFollow @TheRMSGuy for the latest updates
If your organization is already using or planning on moving to Office 365, information protection is available to you via Azure Rights Management. Whether your information is on Office 365, mobile devices, computers, cloud drives, or file shares, you can now use Azure RMS to protect your data wherever it goes. Azure RMS provides your users an easy way to protect data, and for your IT pros to apply additional controls across the organization.
Azure RMS is included with E3, E4, A3, A4, plans, or you can purchase Azure RMS as a standalone subscription. For more information about licensing, please view this post. There are several different services that integrate with Azure RMS: Office, SharePoint Online and Exchange Online.
Exchange Online offers a very rich set of features that are integrated with Azure RMS.
Exchange Online also uses RMS in conjunction with rich controls to protect your content via Transport rules and data leakage prevention (DLP). An organization using DLP with Transport rules provides a backstop to help prevent the inadvertent data leaks, and to help you meet compliance requirements by ensuring that your data is protected with your organization’s policies. For example, automated rules can be created to look for patterns of company confidential R&D information, payment card information, social security numbers, or patient data in health care organizations. Once such data is identified by Exchange Online that meets your criteria, the message can then be protected by using Rights Management and ensure that only the intended recipients have access to the message.
To aid with discovery, Exchange Online also provides search indexing on rights protected content and journal decryption to ensure your organization can use automated reasoning tools with the rights protected content.
Rights Management is supported within SharePoint Document Libraries. After configuring SharePoint for Rights Management, when a user downloads a file from a document library, RMS protection is applied according to the permissions that you specify. If the user is accessing SharePoint Online and does not have Microsoft Office installed, the protected content can also be viewed using a web browser and the Office Web Access Companion with SharePoint Online.
SharePoint provides a rich set of controls when using Rights Management. These controls includes a set of granular permissions to specify what a user can do after downloading the document. For example, cannot print, read only, and the ability to force a user to request permissions every time the document is opened.
In addition, Rights Management can also be enabled on SkyDrive Pro, to ensure your users’ data is always protected regardless of the storage location.
Rights Management is supported within Office 2010 and Office 2013. In addition, you can use the Rights Management Application (RMS App). This is a new application that works within the file explorer, Microsoft Office, and with many of today's popular devices to provide a streamlined experience to share content within and outside of your organization. The RMS App supports Windows, Windows Phone 8, iPhone, iPad, and Android. We’ll discuss our collaboration capabilities more in a later post. To use Office 2010 with Azure RMS, you must install the RMS App, which configures Office 2010 to work with Azure RMS. Here is a link to the user guide for the RMS App.
Migrating to Office 365
If your organization is in the process of migrating to Office 365 (you have users on Exchange Server or using SharePoint on premises), we have a new feature called the RMS connector that will enable protected content to work with your online services as well as your on-premises servers. Learn more about the RMS connector here: http://technet.microsoft.com/en-us/library/dn375964.aspx.
How do I get started?
In just a few minutes by using the following steps, you can enable Azure RMS, SharePoint Online, and Exchange Online to enable information protection. Do I really mean a few minutes? Yes, just a few minutes.
If you want to try this for yourself, by using a Trial Office 365 subscription, sign up here.
Activate Azure RMS
1. Login to the Office 365 Portal at http://portal.microsoftonline.com
2. Go to service settings.
3. Select rights management, and then click Manage.
4. Click activate.
5. Confirm you want to activate Rights Management.
6. RMS is now activated and users can now protect files by using the RMS Application or Microsoft Office.
Enable SharePoint Online RMS Integration
1. Go to service settings, click sites, and then click View site collections and manage additional settings in the SharePoint admin center.
2. Go to Information Rights Management.
3. Select Use the IRM service specified in your configuration.
4. Click OK.
Enable a SharePoint Online Document Library to use RMS
1. Go to a document library and click PAGE.
2. Click Library Settings.
3. Click Information Rights Management.
4. Select Restrict permissions on this library on download and add your policy title and policy description. Click SHOW OPTIONS to configure additional RMS settings on the library, and then click OK.
Start using RMS functionality in SharePoint Online
1. Create a new document or upload an existing document to the document library with RMS enabled.
2. Download a document from the library. The document will be RMS protected.
Enable Exchange Online
1. Connect to your Exchange Online account by using Windows PowerShell
2. Login with this command:
3. Begin configuration of Exchange Online:
( If you haven't previously run Windows PowerShell remote commands for Exchange Online, run the following command: set-executionpolicy remotesigned )
4. Run the following commands to enable Rights Management within Exchange Online:
For regions outside North America, substitute .NA. with .EU. for the European Union, and .AP. for Asia e.g.: https://sp-rms.eu.aadrm.com/TenantManagement/ServicePartner.svc e.g.: https://sp-rms.ap.aadrm.com/TenantManagement/ServicePartner.svc
Optionally test the configuration by running the following command:
Thanks for these great posts, Dan! Please keep them coming.
@Rob, you are most welcome. Tejas deserves the kudos here!
Very Cool! is there a way to generate more or edit the existing 2 templates that are in Office 365?
@DougD. Not yet, but we're working on it.
Hello, do you have any info about this error code while trying to open a protected AADRMS protected message in online OWA: "Information Rights Management. Code: -2147160053"
Thank you in advance
Hi Mat, No, I don't know off hand. That is an email related error in OWA. You'd have to chase that down via the OWA escalation paths. Sorry.
Hi, Would a standard office user - with edit rights - be able to make changes to a document created by office professional user ? what licensing would it require ?
If your using sharepoint online how do you share with a user with a windows live?
Hi Anonymous: A standard user can edit protected documents created by Office professional user. An Office standard user can't create a new protected document.
@Darell, SharePoint Online today allows you to sare files with a Microsoft account (WIndows Live) user, however this will only work for PDF files today. Office team knows about this bug and are looking at it.When a user opens a protected document on SPO, there's a Share Menu item enabled. That Share item allows the user to send document to a Microsoft Account user.The SPO library admin can also choose to share the entire library with Microsoft Account users.
Is there any option to customize the rms message, for the not enabled rms client (such as iphone email client)? the message point to a "download" of office trial (that is for PC and not for iphone .....)thanks
Is there any reason why I can't open RMS protected documents on my Windows Phone 8.1? I configured the service for Sharepoint as shown but I get a "We can't open this document right now because the license server isn't available. Try again later" after
it asked me if it should use my Office 365 credentials.
@FredlArts, Can you send the issue with a screenshot to email@example.com?
Despues de habilitar IRM para exchange online se deberían hacer otras configuraciones?