Enterprise Mobility and Security Blog

RSS

Hi everybody

As per Carol’s introduction post, she’s letting you know what’s new and hot in the docs for this month.

Reminders: Follow us on twitter (@TheRMSGuy) and join in our RMS peer community at www.yammer.com/AskIPTeam.

   Dan (on behalf of the RMS team)


The Documentation Library for Azure Rights Management has been updated on the web and the latest content has Updated: February1, 2016 (or later) at the top of the page.

Summary of the documentation available: Getting Started with Rights Management | Configuring Rights Management | Using Rights Management | Administering Rights Management by using Windows PowerShell | Rapid Deployment Guide for Azure Rights Management

Plus, the Rights Management sharing application guides (admin guide and user guide) and FAQs (for Windows and mobile platforms).

There were no significant doc updates for January, 2016, and no significant updates for the RMS sharing application this month.

We value customer feedback and try to incorporate it when possible.  Although we can’t promise to make the docs perfect for everybody, we are committed to continual improvement.  If you have any feedback about the docs for the RMS sharing application or for Azure RMS, email AskIPTeam@Microsoft.com.

What’s New in the Documentation Library for Azure Rights Management, February 2016

The following information lists the articles that have significant changes since the last update (December 2015).

What is Azure Rights Management?

– Updates for the following:

Requirements for Azure Rights Management

– Updates for the following:

  • Clarified the infrastructure requirement for web proxies, that these are supported if configured to use integrated Windows authentication with the user’s Active Directory logon credentials.
  • In the Cloud subscriptions that support Azure RMS section, added a reference to the newly published Licensing FAQ for Azure Rights Management on the Azure Rights Management Purchasing page. If you have questions about licensing Azure RMS (and we know many of you do!), check this section first and then the FAQs.
  • In the Mobile devices section, removed Windows RT 8.0 now that it’s out of support (Windows RT 8.1 remains supported).
  • In the On-premises servers that support Azure RMS section, added Exchange 2016 as a supported version for the Rights Management connector.

Frequently Asked Questions for Azure Rights Management

– Updated the answer for “Can Rights Management prevent screen captures?” to clarify that it’s the Copy usage right that allows or blocks screen captures when this is honored by applications that are enlightened for Rights Management.  But also included some well-known exceptions where Rights Management can’t prevent screen captures because it’s prevented by the underlying operating system or applications. For example, iOS and Mac devices do not allow any app to prevent screen captures, and browsers (for example, when used with Outlook Web App and Office Online) also cannot prevent screen captures.

Some new entries, based on recent questions we’ve been hearing:

  • Do files have to be in the cloud to be protected by Azure RMS?
  • Are there step-by-step instructions to configure Exchange Online to use Azure RMS?
  • Does Azure RMS work with dynamic groups in Azure AD?

Migrating from AD RMS to Azure Rights Management

– Updated to clarify that the instruction for HSM-protected key to HSM-protected key migration assume your AD RMS key is module-protected, which is typically the case.  If your AD RMS key is OCS-protected, please contact AskIPTeam@microsoft.com before following the migration instructions.

Planning and Implementing Your Azure Rights Management Tenant Key

– Updates for the following:

  • In the Prequisites for BYOK section, removed the (optional) entry for an Azure subscription and Azure storage if you want to log how your BYOK Azure RMS tenant key is used. With the new logging changes this month, no additional subscription or purchased storage is necessary.
  • Added clarification for the protect=module parameter and value, to clarify that the protect value must be specified because the BYOK toolset does not support OCS-protected keys.
  • Added clarification for the appname=simple parameter and value, when importing your key to CNG. If you used our previous instructions in this page to create a new key, we used the value of simple, which we then repeated in subsequent commands. However, if you are migrating an existing HSM-protected key for an AD RMS migration to Azure RMS, you will need to specify your existing name in this command and the commands that follow when they also use the appname parameter.

Activating Azure Rights Management

– Updates for the following:

Configuring Custom Templates for Azure Rights Management

– Added link to new video: How to Create RMS custom templates

Configuring Applications for Azure Rights Management

– Updated the Exchange Online: IRM Configuration section, to clarify that you specify the location of the Azure RMS tenant key, according to where your organization’s tenant was created (which might not necessarily be where you or your organization is located).

Configuring Usage Rights for Azure Rights Management

– Updated the Usage Rights and Descriptions table to clarify that the Copy (common name) / EXTRACT (encoding in policy) usage right includes screen captures.

Configuring Super Users for Azure Rights Management and Discovery Services or Data Recovery

– Updated for the newly added support for a super user group, which you specify by using the Set-AadrmSuperUserGroup cmdlet from the 2.4.0.0 version of the Azure Rights Management PowerShell module.

Deploying the Azure Rights Management Connector

– Updated the Step 2: Entering credentials section, for example syntax to sign in and document that some special characters are not supported in the password, which can result in the error message “That user name and password combination is not correct”, even though you can successfully sign in using this account and password for other scenarios. The Exchange section is also updated for Exchange 2016.

Logging and Analyzing Azure Rights Management Usage

– Updated for the new logging change that occurred Feb 22. Miss this excitement enhancement?  Read about it on the Micrsoft RMS team blog: Announcement: Azure RMS usage logs are now automatically enabled with free storage

Administering Azure Rights Management by Using Windows PowerShell

– Updated for links to the new PowerShell cmdlets for the super user group and new usage logging: