securing intellectual property using azure rights management services

Click here to load reader

Post on 16-Apr-2017




2 download

Embed Size (px)


Name of the session

Protecting Intellectual Property with Azure Rights Management ServicesMichael NoelCCO


Michael [email protected] of 20 books including the best selling SharePoint and Exchange Unleashed seriesPresented at over 200 events in over 70 countries around the worldMicrosoft SharePoint MVP, first awarded in 2007Partner at Convergent Computing in the San Francisco Bay Area (

Why Information Rights Management?

Understanding the Need for IRMEmphasis today is placed on perimeter based security mechanisms, which block unauthorized accessTransit-based security (Email encryption, IPSec, etc.) only protects the content while it is moving from one place to anotherACLs also effective for limiting accessHowever, these mechanisms are powerless to stop data that has been accessed by authorized individuals from leaking out of the organization via email, print, or copy/paste

Once Accessed, Data is at RiskAll perimeter security mechanisms, ACL security, and transport security mechanisms cant do anything after the data has been delivered to the authorized individualsDisgruntled employees who email or print company secrets are only part of the problemLaptop theft, leakage of data onto thumbdrives, Smartphones, etc., can be a concern if they are stolen

Governmental/Industry ComplianceMany Governmental compliance rules (EU Privacy Rules, HIPAA, Sarbanes Oxley, FDA 21CFR11, etc.) require that measures are put into place to safeguard digital informationExpiration of content required for many other industry and governmental regulations

Solution: Azure Rights Mgmt ServicesAzure RMS is a form of Digital Rights Management (DRM) technology, used in various forms to protect contentSpecifically, it is a subset of DRM called Enterprise Rights ManagementX.509 Certificates based, similar to SSL encryption, IPSec, or other forms of encryption based on Public Key Infrastructure (PKI) technologies

Azure RMS Gives Authors ControlDocument Author can define who do the following:View documentEdit documentPrint documentCopy/Paste

What is Azure Rights Management Services?

How Azure RMS Works

Azure RMS vs. AD RMSAzure RMS supports significantly more features and services, including but not limited to:Built-in Mobile Device SupportDefault TemplatesDocument tracking, revocation, and email notificationKey difference with Azure RMS vs. AD RMS is ease of setup and long term maintenance - AD RMS requires complex hardware configuration 2x front-end2x SQL back-endSPNs published in ADExternal reverse proxy connectionsFederationComplex config on SharePoint On-Premises and Exchange On-PremisesMicrosoft offers a migration path from AD RMS to Azure RMS (

Azure RMS Components

Azure RMS OptionsExchange Online/On-PremisesDo not forward, Confidential, and Confidential View Only default policiesCustom organizational policies and DLP PoliciesSharePoint Online/On-PremisesIRM policies defined per document libraryOffice Client (Word, Excel, PowerPoint)Per-document policies applied to individual documents and enabled directly from the clientWindows Server 2012/2016 File Classification InfrastructureFile-server level policies that stay with the documents even if they are movedOffice 365 Message Encryption

Office 365 Message Encryption

Transparent message encryption setup at Exchange Online levelIncluded in RMS licenseAllows sending encrypted messages to external or internal accounts

Office 365 Message EncryptionUsers on the outside get custom messageSimple process to allow them to validate their accountCan be enforced in Exchange Online with mail flow rules

Windows Server 2012/2016 File Classification Infrastructure

Exchange Online Data Loss Prevention (DLP) PoliciesDLP Policies can be created in Exchange that automatically protect content based on certain criteriaOne example would be protecting emails that have SSNs in them

Azure RMS Effective Permissions in SharePoint Online

Enabling RMS in Office 365

Enabling RMS in Exchange Online

Enabling RMS in SharePoint Online

Azure RMS Licensing

Azure RMS in Office 365PlanRMS Included?Office 365 Business EssentialsNoOffice 365 Business PremiumNoOffice 365 E1/A1NoOffice 365 K1NoSharePoint Online Plan 1/2NoExchange Online Plan 1/2NoOffice 365 E3/A3/G3YesOffice 365 E4/A4/G4YesOffice 365 E5/A5Yes

Azure RMS is included only in specific SKUs of Office 365Organizations that do not include licenses can purchase standalone licenses of Office 365List pricing is $2.00 USD per user per month for standalone Azure RMS licenses

Azure RMS LicensingFeatureRMS for Office 365Azure RMS PremiumUsers can create and consume protected content by using Windows clients and Office applicationsXXUsers can create and consume protected content by using mobile devicesXXIntegrates with Exchange Online, SharePoint Online, and OneDrive for BusinessXXIntegrates with Exchange Server 2013/Exchange Server 2010 and SharePoint Server 2013/SharePoint Server 2010 on-premises via the RMS connectorXXAdministrators can create departmental templatesXXOrganizations can create and manage their own RMS tenant key in a hardware security module (the Bring Your Own Key solution)XXSupports non-Office file formats: Text and image files are natively protected; other files are generically protectedXXRMS SDK for all platforms: Windows, Windows Phone, iOS, Mac OSX, and AndroidXXIntegrates with Windows file servers for automatic protection with FCI via the RMS connectorXUsers can track usage of their documentsXUsers can revoke access to their documentsX

Using Azure Rights Management Services


[email protected]

thank youquestions?live ratings

View more