Azure Partner Community: Protecting documents with Azure Rights Management


This is part of a series of blog posts about the enterprise mobility opportunity for partners. Select Enterprise mobility to see the series. Subscribe to this blog by email or RSS.

 by Nick Johnson, PMP

US Partner Technology Strategist

At its core, Microsoft Enterprise Mobility Suite is about protecting company data. It’s data falling into the wrong hands that can cause damage to a company, to that company’s reputation, and to individuals who have entrusted sensitive information to that company. Data breaches are something no one wants to be associated with. They are costly to everyone involved.

So far in this enterprise mobility blog series we’ve looked at three components of Microsoft Enterprise Mobility Suite: how Azure AD helps protect user IDs, how Microsoft Intune protects devices and applications, and how Microsoft Advanced Threat Analytics can be used to monitor for network intrusions. In this post, I’ll talk about Azure Rights Management, which helps secure sensitive data and files wherever they go.

In many companies, it’s common practice to send email with a subject line or note at the top that says something like, “Confidential – for internal use only. Please do not share, copy or forward.” This is certainly not a sound strategy for securing and protecting important information. We all interact daily with documents and files that contain sensitive and important company information. Do we treat those documents and files with the same level of care and protection as we do our devices and applications? Perhaps they are protected on a company’s network, but what if they move outside the users, devices, apps, and network that’s protected?

With Azure Rights Management (Azure RMS), customers can protect an individual file, no matter where it goes or who tries to open it, regardless of the device it’s opened on. The protection travels with the file. For partners, selling Azure RMS to customers allows you to help them protect their data. Customers, regardless of size or industry, need this level of protection.

Azure Rights Management overview

Watch online

 

The data protection customer conversation

In conversations about data loss scenarios, we tend to focus on the outside-in threat, such as someone from the outside gaining access to a network and subsequently stealing data and information. This scenario is addressed by Azure Active Directory and Microsoft Advanced Threat Analytics.

The scenario that isn’t discussed as frequently, but should be, is the inside-out threat. This could be as simple as someone mistakenly sending critical information to the wrong person or people. Or, it can go all the way to an internal resource who, for whatever reason, is seeking to harm a company.

Here are a few questions that will help you start the conversation about the inside-out threat:

  • Do they share more or less data today than they did 5 years ago?
  • What tools are used to produce files and documents in their company (e.g., Microsoft Office)?
  • How often do they share information outside their company?
  • Do they have documents they’d like to ensure are protected?
  • Has a file or document ever fallen into the wrong hands, inside or outside their company?

Then, the conversation can turn to customer-specific scenarios. For example, what if your customer had their marketing plan fall into the hands of their competitors? What if a design spec for a new product, or a file containing customer names and credit card numbers, were leaked? It’s safe to say that the answer to all of these questions is, nothing good.

Download the customer-ready presentation that helps you have this conversation with your customers (sign in as a Microsoft partner for access)

What makes Azure Rights Management unique

You’ll find that data protection can quickly become a compelling conversation focused on Azure RMS. But, what makes Azure Rights Management such a great solution? Start with the power of Azure Active Directory and Microsoft Office.

Combining Azure RMS with Azure AD and Microsoft Office means:

  • Documents are protected individually
  • Ability to track documents
  • Users inside and outside the organization can be granted access to a document
  • Azure Active Directory can authenticate users and verify their level of access
  • Permissions on a document can be set to expire after a specified time
  • Permissions can be set to work offline
  • Azure RMS capabilities are built-in to Word, PowerPoint, Excel, and Outlook across iOS, Android, and Windows
  • Azure RMS works with Adobe Reader and Foxit on iOS and Android
  • The Azure RMS Sharing App and SDK can help protect numerous other files types
  • Integration into the full Microsoft Enterprise Mobility Suite

Out of the above list, the ability to track files and documents is an incredibly powerful feature. You can see who tries to open them, when, and their location in the world. If you see a document meant for someone in New York showing that someone in Seattle attempted to open it, you’ll be able to take action. If it’s protected by Azure RMS, only authorized users will be able to access it.

Learning about Azure Rights Management

How should you get started with building your skills and knowledge about Azure Rights Management? Here are my recommendations:

  • Use it yourself. Microsoft Enterprise Mobility Suite is part of the Internal Use Rights benefit for partners with an Action Pack subscription or competency  
  • Demo it for customers. Use the Microsoft Demo tool to provision Office 365 and Enterprise Mobility Suite demos and sample data
  • Technical training and documentation. Take advantage of technical resources about Azure Rights Management that include articles, videos, training courses, and labs

     

    Level 100 Level 200 Level 300 Stay informed


     

    Cloud Platform University live virtual technical training and hands-on labs

    Register today for Cloud Platform University technical training courses that focus on design, implementation, and deployment. Some help you prepare for Microsoft exams. Specific to EMS, I recommend EEM – Azure Active Directory + Microsoft Intune + RMS (Azure Rights Management), which has course dates at the end of April and throughout May. Space is limited in these multi-day training offerings.

    Online training and technical services for Enterprise Mobility Suite

    Microsoft Partner Network core benefits include access to online training and consultants with deployment and consumption expertise.

    Coming up in this blog series

    In my next post, I’ll take a look at the Microsoft EMS demo tools available to you, and look at how you can start showing the power of Microsoft enterprise mobility solutions to your customers.

    Azure Partner Community resources

    Comments about this blog post, or questions about the topic? Let us know in the Azure Partners Yammer group

  •  

    image     image     image

    Comments (1)

    1. Hi Nick,
      Regarding the inside-out threat, I would also like to add that there should be serious consideration for thumb drives (USB/plug-and-play storage) and mobile devices connected to a Windows computer via a USB cable. Squadra Technologies “security Removable Media Manager” (secRMM) (see http://www.squadratechnologies.com) addresses this enormous security hole. secRMM is completely integrated into the Microsoft technology stack including: BitLocker, RMS, System Center (SCCM, SCOM, Orchestrator), AD GPO, Hyper-V/Azure/RDP/RemoteFx, scripting engines, Office, etc. Thanks for the great blog.

    Skip to main content