1

Module 14Office 365 Rights Management ServicesPresenter namePresenter role

2

Conditions and Terms of UseMicrosoft ConfidentialThis training package is proprietary and confidential, and is intended only for uses described in the training materials. Content and software is provided to you under a Non-Disclosure Agreement and cannot be distributed. Copying or disclosing all or any portion of the content and/or software included in such packages is strictly prohibited.The contents of this package are for informational and training purposes only and are provided "as is" without warranty of any kind, whether express or implied, including but not limited to the implied warranties of merchantability, fitness for a particular purpose, and non-infringement.Training package content, including URLs and other Internet Web site references, is subject to change without notice. Because Microsoft must respond to changing market conditions, the content should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication. Unless otherwise noted, the companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, e-mail address, logo, person, place, or event is intended or should be inferred.

Copyright and Trademarks © 2014 Microsoft Corporation. All rights reserved.

Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation.

For more information, see Use of Microsoft Copyrighted Content athttp://www.microsoft.com/about/legal/permissions/

Microsoft®, Internet Explorer®, Outlook®, SkyDrive®, Windows Vista®, Zune®, Xbox 360®, DirectX®, Windows Server® and Windows® are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. Other Microsoft products mentioned herein may be either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. All other trademarks are property of their respective owners.

3

Lesson1: Azure Active Directory Rights Management

4

Overview In this module you will learn about the information rights management (IRM) features provided by the Azure Active Directory Rights Management service.

5

Objectives After completing this module, you will be able to:• Use the Azure AD Rights Management module for PowerShell• Activate rights management in Azure Active Directory• Restrict recipient actions such as forwarding or printing a

message by using RMS templates

6

What is Azure Rights Managements and What Does it Provide ?

• Enables the ability to encrypt and assign usage restrictions to content

• Provides the encryption backbone to the new Office 365 Message Encryption service

• Provides the following benefits:• Safeguarded sensitive information• Protection travels with the data• Integrated with Office 2013 and Office 365 services• Default information protection policies

8

Rights Management in Office 365

• Office IRM Integration• Exchange Online IRM Integration• SharePoint Online IRM Integration

9

Azure Rights Management Feature List

• Supports Microsoft online services (ExO, SPO) and on-premises server products, through the installation of an Azure RMS connector

• Content can be easily and safely shared between users within the same organization or across organizational lines with valid users in other Office 365 tenant accounts

• Provides a predefined set of rights policy templates for use

• Supports users of Microsoft Office 2010 and up, OWA, and ActiveSync

• Supports Windows 7, Windows 8 and Mac OS X

 

10

Available Templates

• Confidential: When this template is applied to content, consumers of the content are allowed all rights needed to work with and modify the content but are not permitted to copy and print the content

• Confidential View Only: When this template is applied to content, consumers of the content are enabled to only read or view the content but are not permitted to modify the content in any way from its original published form

• Do Not Forward: When this template is applied only the recipients addressed in the message can decrypt the message. The recipients can't forward the message, copy content from the message, or print the message

Note: Custom templates can be imported into Azure Rights Managements if you have an On-Premises AD RMS server where the template can be created and exported from. You can also create additional RMS templates in Azure AD (free Azure subscription required)

11

Configuration Process

1. Set up your Office 365 account.2. Enable Azure Rights Management for your Office 365 tenant3. Configure Exchange Online to use Azure Rights Managements4. Publish and consume your rights protected content.5. Administer Rights Management for your tenant account as

needed.

13

Azure AD Rights Management module for PowerShell

• Download the Azure AD Rights Management module for PowerShell from http://go.microsoft.com/fwlink/?LinkId=257721

• Launch PowerShell as an Administrator then import the module using the command below• Import-Module AADRM

14

PowerShell Command Matrix

If you need to… …use the following cmdlets

Connect to or disconnect from the Rights Management service.

Connect-AadrmService Disconnect-AadrmService

Disable (or re-enable after disabling) the Rights Management service.

Enable-Aadrm Disable-Aadrm

Manage super users in a Rights Management installation.

Enable–AadrmSuperUserFeature Add–AadrmSuperUser Get–AadrmSuperUser Remove–AadrmSuperUser

Manage users and groups who are authorized to administer your Rights Management installation.

Add–AadrmRoleBasedAdministrator Get–AadrmRoleBasedAdministrator Remove–AadrmRoleBasedAdministrator

Get a log of administrative tasks that have been performed against your Rights Management installation.

Get-AadrmAdminLog

Migrate to an on-premises AD RMS deployment from a Rights Management installation.

Set-AadrmMigrationUrl Get–AadrmMigrationUrl

15

Enable RMS in Exchange Online

• Connect to Exchange Online using PowerShell • Set the key sharing URL depending on your tenant location

North AmericaSet-IRMConfiguration –RMSOnlineKeySharingLocation https://sp-rms.na.aadrm.com/TenantManagement/ServicePartner.svc

European UnionSet-IRMConfiguration –RMSOnlineKeySharingLocation https://sp-rms.eu.aadrm.com/TenantManagement/ServicePartner.svc

AsiaSet-IRMConfiguration –RMSOnlineKeySharingLocation https://sp-rms.ap.aadrm.com/TenantManagement/ServicePartner.svc

South AmericaSet-IRMConfiguration –RMSOnlineKeySharingLocation https://sp-rms.sa.aadrm.com/TenantManagement/ServicePartner.svc

Office 365 for Government (Government Community Cloud)Set-IRMConfiguration –RMSOnlineKeySharingLocation https://sp-rms.govus.aadrm.com/TenantManagement/ServicePartner.svc

• Run the following command to import the trusted publishing domain (TPD):Import-RMSTrustedPublishingDomain -RMSOnline -name "RMS Online“

• Test the configuration by running the following command:Test-IRMConfiguration -RMSOnline

16

Using RMS 1. Using a browser, log in to your Outlook Web App account.2. Start a new e-mail message.3. Click the Ellipse (…).4. Select Set Permissions.5. Select a template to test.6. Send the Message.

17

Lab: Enable and Test RMS with Exchange Online

18

Module Review

1. What is the main purpose of RMS Online ?2. What versions of Office work with RMS Online ?3. Describe the process of enabling RMS Online.4. What are two easy ways to test RMS Online ?

19

Module Review (Answers)

1. What is the main purpose of RMS Online ?• Azure Rights Management enables the ability to encrypt

and assign usage restrictions to content for organizations that subscribe to Microsoft online services

2. What versions of Office work with RMS Online ?• Office 2010 and Office 2013

3. Describe the process of enabling RMS Online.• Download PowerShell module, connect to tenant, enable

RMS. Connect to Exchange Online, Configure RMS4. What are two easy ways to test RMS Online ?

• Use the test cmdlet or use OWA and send a message using the Set Permissions option

20

Module Summary

In this Lesson, you learned:• How to enable and configure RMS in both Azure Rights

Management and Exchange Online• Use RMS to protect sensitive data

© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION

© 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION