You don't need to know how Azure Rights Management (RMS) works, because it takes care of all that for you. But people obviously like to know, for peace of mind, for curiosity, to help them understand the technology better, to be able to answer questions from their security team.
How Azure RMS works isn't that much different from AD RMS, except that the pieces that happened on premises (on the AD RMS servers) now happen in the cloud. But there are some nuances and new pieces since we've documented this previously, such as the simplified process for mobile devices that don't go through the bootstrap sequence, how .pfile and .ppdf protection works, the role of the connector.
This new documentation is designed answer these questions at a 200 level, to help demystify the process and dispel any misconceptions. For example, a common concern we hear is that your data is sent to the cloud to be encrypted and decrypted, and this doesn't happen.