Enterprise Mobility and Security Blog

RSS

Hi everybody

As per Carol’s introduction post, she's letting you know what's new and hot in the docs for this month.

Reminders: Follow us on twitter (@TheRMSGuy) and join in our RMS peer community at www.yammer.com/AskIPTeam.

Cheers, 

   Dan (on behalf of the RMS team)


The Documentation Library for Azure Rights Management has been updated on the web and the latest content has Updated: October 1, 2015 (or later) at the top of the page.

Summary of the documentation available: Getting Started with Rights Management | Configuring Rights Management | Using Rights Management | Administering Rights Management by using Windows PowerShell

Plus, the Rights Management sharing application guides (admin guide and user guide) and FAQs (for Windows and mobile platforms).

Windows PowerShell seems to be a recurring theme again this month, helping to deliver key business benefits when you integrate Rights Management with other solutions. Specifically, protecting all file types on Windows Server with FCI, an easy administrator configuration to enable IRM on all users' OneDrive for Business if you have SharePoint Online, and adding Office apps support for mobile devices:

  • RMS Protection with Windows Server File Classification Infrastructure (FCI):   This new article steps you through configuring Windows Server File Server Resource Manager FCI with an easy-to-edit script that uses the RMS Protection cmdlets. We couldn't have got these tried and tested instructions and script to you without the help of Frank Pahler from Microsoft Consulting Services and Sandor Teglasy from Customer Support Services. Not to mention many internal runs and tests that Enrique Saggese and I did ourselves to ensure a robust set of instructions with troubleshooting tips, so that you would be spared the mistakes and assumptions we made!
  • SharePoint Online and OneDrive for Business: IRM Configuration:   Expand this existing section of the docs to see newly added instructions for OneDrive for Business. Previously we had instructions for users only, because administrators can't enable IRM for users' OneDrive for Business by using the UI – only users can do this. But thanks to Joe Rodgers (Premier Field Engineer) and his SharePoint and PowerShell expertise, you now have a script to do this where you can enable and configure settings for one or a few users' OneDrive for Business libraries, or import a .CSV file to do this in bulk. To help with the latter, there's an addition script to retrieve the URLs you will need to enable this setting, which saves the entries to a .CSV file that you can then feed into the first script. There's a third script if you need to disable IRM on these personal libraries. I've heard many requests to enable IRM for OneDrive for Business instead of relying on users to do this themselves, so I'm sure this is going to be a very useful resource.
  • Active Directory Rights Management Services Mobile Device Extension:   Updated for new PowerShell commands to support the latest Office apps. Quick call out here for Eric Huang (Customer Support Services) for his help with this.

There are no updates to the RMS sharing application documentation this month.

We value customer feedback and try to incorporate it when possible.  Although we can't promise to make the docs perfect for everybody, we are committed to continual improvement.  If you have any feedback about these docs or any other docs for Azure RMS, email AskIPTeam@Microsoft.com.

 

What's New in the Documentation Library for Azure Rights Management, October 2015

The following information lists the topics that contain significant changes since the last update (September 2015).

Requirements for Azure Rights Management

– Updated the Client device capabilities table for minor clarifications (no new entries).

Comparing Azure Rights Management and AD RMS

– Updated the migration row with links and removed references to Windows Server 2003, now that this operating system is out of support. Added a new row that differentiates the licensing requirements because Azure RMS, unlike AD RMS, doesn't require a user license to consume protected content.

Migrating from AD RMS to Azure Rights Management

– Updated Step 2, to revise the instructions (all configurations) for importing multiple TPDs. Previously, the instructions said to import all files as Active, whereas only the TPD you want to use to protect content by using Azure RMS should be set to Active.

Configuring Applications for Azure Rights Management

– Updated the SharePoint Online and OneDrive for Business: IRM Configuration section, with extensive instructions and supporting scripts for admins to configure OneDrive for Business for users. The introduction to this post has more details.

Deploying the Azure Rights Management Connector

– Update to the Authorizing servers to use the RMS connector section, for SharePoint servers configuration, which now covers service accounts (recommended) as well as Local System accounts.

about_RMSProtection_AzureRMS

– Updated the workaround instructions (prerequisite 3) to clarify that you must run Set-RMSServerAuthentication after editing the registry if yourAzure region is outside North America. For example, if you successfully ran Set-RMSServerAuthentication before editing the registry, edit the registry and then immediately run Get-RMSTemplate, the templates won't download until you run Set-RMSServerAuthentication again. The error message that you'll typically see is "The system cannot find the file specified. HRESULT: 0x80070002".

Get-RMSFileStatus

– Added a new example from Eddie Bowers in CSS: Create a .CSV file with the protection status for all files in a folder and any subfolders. This example builds on the previous example Eddie provided, but outputs the results to a .CSV file so that you can easily sort and order the information.