Azure RMS: A Functional Walktrough

Hi all,

It has been some time since I last posted. I am building my EMS lab and this takes some time. You'll read lots about it in a future post.

One of the hidden gems of Microsoft is RMS. A technology that has been a bit slow in adoption, because it was rather hard to set up and of limited use when it could not be used outside of the company.
This is changing with Azure RMS as you get all the tough stuff as a service!

Once all that is set up with a couple of clicks, you can start using it. In this post I want to elaborate a bit on how that looks.

Step 1: The setup

You need to set things up on the machine you will be doing the demo on.

  1. Visit the Microsoft Rights Management portal where you can download the client: https://portal.aadrm.com/home/download

    1. NOTE: if you installed a previous version, best is to reinstall it if you find that some features described below are missing
  2. After installing, you should have the following button in your Office applications – tadaa!

Step 2: Sending protected stuff

  1. Choose an Office document to your liking (NOTE: this also works with PDFs)

  2. Click on the “Share Protected” button you just added

  3. Type in the email address of your customer

    1. NOTE that @gmail.com and @outlook.com addresses are not yet supported, this is coming soon. My @telenet.be address was supported.

  • Choose between allowing consumption on all devices (this is less secure as some devices cannot properly store certificates in a secure place) or
    Enforcing usage restrictions (viewer/reviewer/co-author/co-owner).

    Optionally, set an expiry date (the content will not be accessible after that date) and set auditing (you'll get an email when somebody opens your document)

    NOTE: even Chuck Norris will not be able to copy or print the document in the above setting (*)

  • Click “Send”. Your favorite email client will now open and send an the encrypted file.

Step 3: Receiving protected stuff

1. Your addressee will receive the email message with the attachment and the following message

The attached file(s) are protected using Microsoft Rights Management.
Sign up here. Get the app here. Need help? Click here.

    1. If he is already set up, he’s good to go :)

    2. If he is not set up, click “Sign up here”. He needs to register his email address:

      1. Click on the “sign up here” link

      2. Enter his email address

      3. He will receive a new email on that address, prompting to verify (this is ‘two factor authentication’)

      4. Click the ‘verify’ link in the email he just got, fill in additional details, and click next.

        NOTE: while this approach may seem insecure, this is a demo and if the domain is a registered one in Azure Active Directory, the account will already be verified.

      5. He is now set up for the free Azure RMS capabilities!

2. In case you decided to send an Office document, open it using the normal Office. The document will have a yellow ribbon on top:

3. In case you decided to send another document you need to download the Azure RMS client and an application that can ‘understand’ rights protected files.

 

 

(*) Of course Chuck Norris would be able to copy or print the document. He breaks RSA keys in his sleep.