Enterprise Mobility and Security Blog

RSS

Hi everybody

As per Carol’s introduction post, she's letting you know what's new and hot in the docs for this month.

Reminders: Follow us on twitter (@TheRMSGuy) and join in our RMS peer community at www.yammer.com/AskIPTeam.

Cheers, 

   Dan (on behalf of the RMS team)


The Documentation Library for Azure Rights Management has been updated on the web and the latest content has Updated: November 1, 2015 (or later) at the top of the page.

Summary of the documentation available: Getting Started with Rights Management | Configuring Rights Management | Using Rights Management | Administering Rights Management by using Windows PowerShell

Plus, the Rights Management sharing application guides (admin guide and user guide) and FAQs (for Windows and mobile platforms).

A recurring theme for this month's doc update is focusing on the heart of Rights Management – the rights themselves, and how to define them.   

We value customer feedback and try to incorporate it when possible.  Although we can't promise to make the docs perfect for everybody, we are committed to continual improvement.  If you have any feedback about the docs for the RMS sharing application or for Azure RMS, email AskIPTeam@Microsoft.com.

 

What's New for the RMS Sharing Application Documentation, November 2015

The only significant documentation change since the last update (August 2015) is to Protect a file on a device (protect in-place), to clarify how the templates display with the Protect with RMS and then Protect in place menu options. If there are more than 10 templates available and you do not see the template that you want, click Company-defined Protection to download and see all the templates.

What's New in the Documentation Library for Azure Rights Management, November 2015

The following information lists the topics that contain significant changes since the last update (October 2015).

Requirements for Azure Rights Management

– Updated the Applications that support Azure RMS section for minor clarifications to the list of Office applications.

How Applications Support Azure Rights Management

– Updated the SharePoint Online and SharePoint Server section, to clarify that Azure RMS applies usage restrictions and data encryption for documents when they are downloaded from SharePoint, and not when the document is first created in SharePoint or uploaded to the library. For information about how documents are protected before they are downloaded, see Data Encryption in OneDrive for Business and SharePoint Online from the SharePoint documentation.

Frequently Asked Questions for Azure Rights Management

– New entry for a question that isn't new or even specific to Azure RMS, but we've been hearing a lot recently:

  • Can Rights Management prevent screen captures?

Migrating from AD RMS to Azure Rights Management

– Updated Step 4. Configure imported templates with instructions if your AD RMS templates included the ANYONE group, with a PowerShell script to help you identify these templates.  Kudos to Jaroslav Zikmund (Premier Field Engineer) and Shantanu Vinze (Support Escalation Engineer) for their PowerShell expertise and contributions to this section.

Configuring Custom Templates for Azure Rights Management

– Removed the reference to adding users from outside the organization by selecting contacts in the Azure portal. Instead, use PowerShell to do this by defining rights definition objects and updating the template with these. Exporting templates before you make updates like this is a good practice so that you can revert to a known, working version, if necessary.

Configuring Usage Rights for Azure Rights Management

– Added 2 new sections:

  • Rights included in permissions levels: Unofficially, we often call the Viewer, Reviewer, Co-Author, and Co-Owner options "bundled rights" or "roles". But the official term for these are permissions levels. While the UI often summarizes the individual rights, it doesn't list all the individual rights. If you need to know these at a granular level, use the information in this section.
  • Rights included in the default templates: Although you can easily see the individual rights for the default templates in the Azure portal, sometimes you just need to know what they are without having to sign in to the portal. You'll find the rights listed in this section. 

Deploying the Azure Rights Management Connector

– Update to the Configuring servers to use the RMS connector section, adding an example of how to run the server configuration tool locally for each of the roles that the RMS connector supports.

 Logging and Analyzing Azure Rights Management Usage

– Updated the How to interpret your Azure Rights Management usage logs section, for the current version 1.1 blob format, and additional entries in the typical request types table.

New-AadrmRightsDefinition

– Added a tip how to define the hidden and automatically created "AllStaff" group, which defines all users in your organization. A new example includes using this group.

Set-AadrmTemplateProperty

– Updated the description with a warning that when you update properties of a custom template (for example, users and rights), the existing settings for those properties will be overwritten without warning, so be sure to specify all the settings that you need for the properties that you are updating. As a best practice, back up the existing template before you run this cmdlet, by using the Export-AadrmTemplate cmdlet. Then, if you need to revert to the original configuration, you can use the Import-AadrmTemplate cmdlet to restore the previous version of the template.

This cmdlet now has two new examples that show how to add users and rights to an existing template. Example 2 creates a rights definition object for new users and rights, a rights definition object for existing users and rights, and then updates the template with these. Example 3 defines the new users and rights as rights definition objects and adds these to the existing users and rights without having to specify the existing users and rights individually. Kudos to Sandor Teglasy (from Customer Support Services) for this final example.