Protecting Intellectual Property with Azure Rights Management Services
MICHAEL NOELCCO
SPONSORS
Michael Noel@MichaelTNoel
•Author of 20 books including the best selling SharePoint and Exchange Unleashed series•Presented at over 200 events in over 70 countries around the world•Microsoft SharePoint MVP, first awarded in 2007•Partner at Convergent Computing in the San Francisco Bay Area (cco.com)
Why Information Rights Management?
Understanding the Need for IRM•Emphasis today is placed on perimeter based security mechanisms, which block unauthorized access•Transit-based security (Email encryption, IPSec, etc.) only protects the content while it is moving from one place to another•ACLs also effective for limiting access•However, these mechanisms are powerless to stop data that has been accessed by authorized individuals from ‘leaking’ out of the organization via email, print, or copy/paste
Once Accessed, Data is at Risk•All perimeter security mechanisms, ACL security, and transport security mechanisms can’t do anything after the data has been delivered to the authorized individuals•Disgruntled employees who email or print company secrets are only part of the problem•Laptop theft, ‘leakage’ of data onto thumbdrives, Smartphones, etc., can be a concern if they are stolen
Governmental/Industry Compliance
•Many Governmental compliance rules (EU Privacy Rules, HIPAA, Sarbanes Oxley, FDA 21CFR11, etc.) require that measures are put into place to safeguard digital information•Expiration of content required for many other industry and governmental regulations
Solution: Azure Rights Mgmt Services
•Azure RMS is a form of Digital Rights Management (DRM) technology, used in various forms to protect content•Specifically, it is a subset of DRM called Enterprise Rights Management•X.509 Certificates based, similar to SSL encryption, IPSec, or other forms of encryption based on Public Key Infrastructure (PKI) technologies
Azure RMS Gives Authors Control
•Document Author can define who do the following:•View document•Edit document•Print document•Copy/Paste
What is Azure Rights Management Services?
How Azure RMS Works
Azure RMS vs. AD RMS• Azure RMS supports significantly more features and services, including
but not limited to:• Built-in Mobile Device Support• Default Templates• Document tracking, revocation, and email notification
• Key difference with Azure RMS vs. AD RMS is ease of setup and long term maintenance - AD RMS requires complex hardware configuration • 2x front-end• 2x SQL back-end• SPNs published in AD• External reverse proxy connections• Federation• Complex config on SharePoint On-Premises and Exchange On-Premises
• Microsoft offers a migration path from AD RMS to Azure RMS (http://is.gd/mig2azrms)
Azure RMS Components
Azure RMS Options• Exchange Online/On-Premises• Do not forward, Confidential, and Confidential – View Only default
policies• Custom organizational policies and DLP Policies
• SharePoint Online/On-Premises• IRM policies defined per document library
• Office Client (Word, Excel, PowerPoint)• Per-document policies applied to individual documents and enabled
directly from the client• Windows Server 2012/2016 File Classification Infrastructure• File-server level policies that stay with the documents even if they are
moved• Office 365 Message Encryption
Office 365 Message Encryption• Transparent
message encryption setup at Exchange Online level• Included in RMS
license• Allows sending
encrypted messages to external or internal accounts
Office 365 Message Encryption• Users on the
outside get custom message• Simple
process to allow them to validate their account• Can be
enforced in Exchange Online with mail flow rules
Windows Server 2012/2016 File Classification Infrastructure
Exchange Online Data Loss Prevention (DLP) Policies
• DLP Policies can be created in Exchange that automatically protect content based on certain criteria• One example would be
protecting emails that have SSNs in them
Azure RMS Effective Permissions in SharePoint Online
Enabling RMS in Office 365
Enabling RMS in Exchange Online
Enabling RMS in SharePoint Online
Azure RMS Licensing
Azure RMS in Office 365
Plan RMS Included?Office 365 Business Essentials NoOffice 365 Business Premium NoOffice 365 E1/A1 NoOffice 365 K1 NoSharePoint Online Plan 1/2 NoExchange Online Plan 1/2 NoOffice 365 E3/A3/G3 YesOffice 365 E4/A4/G4 YesOffice 365 E5/A5 Yes
• Azure RMS is included only in specific SKUs of Office 365• Organizations that
do not include licenses can purchase standalone licenses of Office 365• List pricing is
$2.00 USD per user per month for standalone Azure RMS licenses
Azure RMS LicensingFeature RMS for
Office 365
Azure RMS Premium
Users can create and consume protected content by using Windows clients and Office applications X XUsers can create and consume protected content by using mobile devices X XIntegrates with Exchange Online, SharePoint Online, and OneDrive for Business X XIntegrates with Exchange Server 2013/Exchange Server 2010 and SharePoint Server 2013/SharePoint Server 2010 on-premises via the RMS connector X XAdministrators can create departmental templates X XOrganizations can create and manage their own RMS tenant key in a hardware security module (the Bring Your Own Key solution) X XSupports non-Office file formats: Text and image files are natively protected; other files are generically protected X XRMS SDK for all platforms: Windows, Windows Phone, iOS, Mac OSX, and Android X XIntegrates with Windows file servers for automatic protection with FCI via the RMS connector XUsers can track usage of their documents XUsers can revoke access to their documents X
USING AZURE RIGHTS MANAGEMENT SERVICES
thank youquestions?
live ratingsSHARINGTHEGLOBE.COM@MICHAELTNOEL
spca.biz/DF5Z