Enterprise Mobility and Security Blog

RSS

Hi everybody

As per Carol’s introduction post, she's letting you know what's new and hot in the docs for this month.

Reminders: Follow us on twitter (@TheRMSGuy) and join in our RMS peer community at www.yammer.com/AskIPTeam.

Cheers, 

   Dan (on behalf of the RMS team)


The Documentation Library for Azure Rights Management has been updated on the web and the latest content has Updated: September 1, 2015 (or later) at the top of the page.

Summary of the documentation available: Getting Started with Rights Management | Configuring Rights Management | Using Rights Management | Administering Rights Management by using Windows PowerShell

Plus, the Rights Management sharing application guides (admin guide and user guide) and FAQs (for Windows and mobile platforms).

In addition to responding to customer feedback, this month sees lots of updates throughout the documentation for new versions and new support statements. We listed the most relevant article rather than all of them, but for example, you'll now see references to Windows 10 and Office 2016 throughout the documentation. Of course, the Requirements page, and especially the client device capabilities table is the one to bookmark for the latest support statements!

We value customer feedback and try to incorporate it when possible.  Although we can't promise to make the docs perfect for everybody, we are committed to continual improvement.  If you have any feedback about the docs for the RMS sharing application or for Azure RMS, or additional PowerShell examples that you want to share, email AskIPTeam@Microsoft.com.

 

What's New for the RMS Sharing Application Documentation, September 2015

The following information lists the topics that contain significant changes to this documentation set since the last update.

Rights Management sharing application: Version release history

– New section for the September release, which introduces support for MFA and modern authentication (ADAL).

Rights Management sharing application administrator guide

– Updated for the following:

  • Removed references to the Sign In Assistant for the deployment instructions, when clients support modern authentication (ADAL).
  • New section, Azure RMS only: Configuring document tracking, which contains information about the new cmdlets that support document tracking and the required URLs.

Rights Management sharing application user guide

– Updated throughout to include Windows 10 in the Applies To: list at the top of each page.

 

What's New in the Documentation Library for Azure Rights Management, September 2015

The following information lists the topics that contain significant changes since the last update (August 2015).

Requirements for Azure Rights Management

Updated for the following:

  • The Cloud subscriptions that support Azure RMS section now references Azure Rights Management Premium, the new subscription name for Azure RMS Standalone. It also clarifies that a paid Rights Management subscription is needed only to protect content (files and emails), not to consume protected content.
  • The Azure AD directory section has new information about Azure multi-factor authentication (MFA) support.
  • Updated the Client device capabilities section, to clarify that Windows 10 apps are view-only and for Azure RMS only. Mobile devices that support ActiveSync are now moved to this table for platform-specific information. SecureIslands IQProtector is added for email, for iOS and Android.
  • In the Applications that support Azure RMS section, Office 2016 is added as supported. XPS Viewer is added as not supported. The restriction that Windows 10 is not supported with the RMS sharing application is removed (supported with the latest version).

Migrating from AD RMS to Azure Rights Management

– Updated Step 2, to revise the instructions for the HSM-protected key to HSM-protected key migration scenario. For this configuration, you do not transfer your HSM key to Azure RMS by using the Add-Aadrmkey command, as you would do for a software-protected key to HSM-protected key migration. Instead, you transfer your HSM key when you upload your exported trusted publishing domain, by using the Import-AadrmTpd command.

Administering Azure Rights Management by Using Windows PowerShell

– Updated the tasks table to include a new entry to disable or enable the document tracking site for Azure Rights Management, with links to the new cmdlets Disable-AadrmDocumentTrackingFeature, Enable-AadrmDocumentTrackingFeature, and Get-AadrmDocumentTrackingFeature.

Get-AadrmTemplateProperty

– Updated for the following:

  • Removed the references to getting the rights for specified users or specified locales because not currently implemented.
  • Added a description of the -ReadOnly parameter (denotes whether a default template, or a custom template).
  • Added a new example: For all templates, get the name, the usage rights, whether a default template, and whether published or archived Kudos to Sandor Teglasy in CSS, for this helpful example.

about_RMSProtection_AzureRMS

– Updated for workaround instructions (prerequisite 3) if your Azure region is not in North America.

Get-RMSFileStatus

– Updated the detailed description to clarify the difference between a status of Protected and Protected(Custom). Also added a new example: List the protection status for all files in a folder and any subfolders. This cmdlet supports getting the protection status of a single file only, but you can use PowerShell commands to return the status of all files in a folder. Kudos to Eddie Bowers in CSS, for this really helpful tip!

Protect-RMSFile

– Updated for the following:

  • Clarified that this cmdlet reprotects files if they are already protected by Rights Management. This action lets changes in templates or an ad-hoc license take effect.
  • How to change the default levels of protection is now linked to the correct File API configuration reference on MSDN instead of the instructions in the RMS sharing application administrator guide. Although the instructions are very similar, they use their own registry key and both can be in use on the same computer.
  • Added information about the -OwnerEmail parameter, which includes the recommendation to always use this parameter if you use Azure RMS because in this context, the "owner" is the service principal account rather than your own account. In addition, because this email address is displayed to users for generically protected files and if they do not have permissions to access the content, consider using a group address, such as your help desk.
  • Added a new example: Protected files with a specific file name extension in a folder by using a template. Although this cmdlet does not natively support wildcards, you can use PowerShell commands to achieve the same result. We applied Eddie's tip from his Get-RMSFileStatus to this cmdlet, as well.