As you may already know, Microsoft has provided Right Management Services capabilities on Office 365 – if you are not aware, check this post to see how to enable and configure RMS for use with Office 365 http://blog.hametbenoit.info/Lists/Posts/Post.aspx?ID=489

In this post, we will see how to manage RMS templates.

An RMS template is a defined rule to automatically protect your document/message with digital rights; by default you only have 3 templates:

  • Restricted / Do not forward – depending if you are using Outlook client or another Office application
  • Confidential
  • Confidential view only

imageimage

If you want to create additional rules, go to the Office 365 administration portal – https://portal.microsoftonline.com – and logon using an administrative account

Then go the Service Settings from the left menu and to the Rights Management tab to click to the Manage link

image

If you already have enabled RMS you should have an Additional Configuration button available

image

If you click on it, you will be redirected to the Microsoft Azure configuration section

NOTE you can also go directly to the RMS configuration on Microsoft Azure from the Microsoft Azure administration portal – https://manage.windowsazure.com – and then to the Active Directory left menu

image

Click on your Active Directory to manage RMS templates

imageimage

From there, you will be able to manage (update) existing RMS templates or create a new one (which could be a copy of an existing one)

NOTE default RMS templates (Confidential and Confidential View Only) can not be updated

Create a new RMS template

If you hit the Create a new rights policy template link (from the Wizard) or the Add button below you will be asked to choose a language, name your template and a description (this field is mandatory)

imageimage

Once your new template has been created, just hit the arrow to go to his configuration

image

From there a wizard will assist you in the configuration

Start by defining users and groups to which the template will apply

image

This will interrogate your Active Directory (which is off course synchronized with Office 365); just select the group(s) and/or user(s); this does not return default users or groups from Active Directory – as All Authenticated Users, Administrator…

image

Then go to Step 2 to define the rights to be used for this template

image

If you choose Custom you will be able to define granular permissions such as save file, view content…

image

Then complete the wizard to get the template created

image

The RMS template is now created and displayed the user(s)/group(s) assigned to this template with their corresponding rights

image

If you hit the Configure link available on top of this list, you will be able to add additional languages, define an expiration period and if the content should be available offline

image

Once you have done all your configur
ation, you MUST publish the template, either from the Configure link (shown earlier) using the Publish button, or from the RMS template list by hitting the Publish button

imageimage

Once the template has been published, your users will have the new template

image

Manage RMS templates

Only custom RMS template can be updated; default ones can only be deleted or archived. An archive RMS template is NOT deleted but no more available to end users.

To update an RMS template, just hit the narrow on the right of the template name. You will be redirected to the template configuration page

imageimage

Refresh the RMS template available on client side

By default, RMS client automatically updates the RMS template available.

To force the download, just open the registry and reach the HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\MSIPC\ key and delete the sub key which contains a GUID (like this one cf5f95ec-5a39-44f6-8900-9205d6405ca5.rms.eu.aadrm.com)

If you want to change the default refresh period, just update the following key HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\MSIPC by adding (if not present) the TemplateUpdateFrequency (DWORD) value; the refresh period is defined by the number of days between downloads