Enterprise Mobility and Security Blog


We are excited to announce the upcoming changes to our Azure RMS usage logging features. Starting February 22nd 2016, Azure RMS usage logs will be automatically enabled for all our customers (existing and new), for free, and without any additional steps.

Previously, to enable usage logging, customers were required create & manage an Azure storage account and enable usage logging through Azure RMS PowerShell cmdlets. This was both time-consuming, expensive and cumbersome.

Based on your feedback, we have rolled out an improvement which does not require you to go through additional workflows or payments to enable & use your Azure RMS usage logs.

Our TechNet documentation @ https://technet.microsoft.com/en-us/library/dn529121.aspx provides fantastic guidance on the end to end experience and this blog articles covers the salient points in a FAQ format.

Q1: How is usage logging enabled?

A1: Usage logging is enabled by default for all our customers – irrespective of whether:

– You have enabled usage logging in the past
– (or) Never enable usage logging in the past
– (or) You are a new Azure RMS customer.

There is no action required from you to enable usage logging.

Q2: Do I need to create an Azure storage account (like the previous workflow)?

A2: No. The usage logs are stored in the Microsoft managed storage and you do not have to create an additional storage account.

Q3: How do I access the usage logs from the Microsoft managed storage?

A3: Download the new Azure Rights Management PowerShell module from https://www.microsoft.com/en-us/download/details.aspx?id=30339. Follow the steps mentioned in the TechNet article @ https://technet.microsoft.com/en-us/library/dn529121.aspx, for using the new cmdlet Get-AadrmUserLog to access your usage logs.

Q4: I had previously enabled usage logging manually and logs were being written to my Azure storage account. Going forward, will the Azure RMS usage logs be written to both the Microsoft managed storage and my Azure storage account?

A4: No. From February 22nd 2016, Azure RMS usage logs will be written only to the Microsoft managed storage.

Q5: I had previously enabled logging manually and logs were being written to my Azure storage account., Will Microsoft migrate the logs as part of this change? How do I access them going forward?

A5: The logs which were previously generated in your storage account will continue to remain there. Microsoft will not migrate the logs to the new Microsoft managed storage. You can continue to access the old-logs using the Get-AadrmUsageLog cmdlet. This is covered in TechNet documentation @ https://technet.microsoft.com/en-us/library/dn529121.aspx

Q6: Has the log schema changed? Do I need to rewrite any of the parsing logic?

A6: The log schema has not changed and any previously written parsing logic will continue to work.

Q7: How do I disable usage logging?

A7: We strongly believe that usage logging is critical for every organization as it helps you monitor the system. We have not exposed any workflow to disable logging and would love to hear from you if you think otherwise.

Q8: I have additional feedback on this capability, how do I get in touch with Microsoft.

A8: We would love to hear your feedback, you can reach us at askipteam@microsoft.com