With the new Office 365, Microsoft has introduced a new functionality to secure document sharing: Right Management Services.
This service is (should be) well know as this is available since Windows Server 2003 as additional component for internal deployment.
See http://technet.microsoft.com/en-us/library/cc771234(v=ws.10).aspx for more details about RMS.
So, going back to Office 365 and Windows Azure Rights Management (as this is the commercial name of RMS on the cloud).
Windows Azure Rights Management (AADRM) is available through the Enterprise E3 Office 365 plan.
By default, Windows Azure RMS is not activated.
To enable AADRM, connect with an Office 365 administrator account to the administration portal and go to Service Settings section (on the left)
Then hit the Rights Management tab and finally hit the Manage link
Once you have reached the Rights Management administration page, click on the Enable button and confirm the activation
Wait few minutes while AADRM is being activated
You are now redirected to the AADRM page which now is showing that RMS is activated; since this has been activated, you have the ability to disable it also from this page
NOTE Windows Azure RMS can also be activated using PowerShell
To do so, you must have installed Office 365 Modules for PowerShell and RMS Modules for PowerShell (http://www.microsoft.com/en-us/download/details.aspx?id=30339), then run the following commands:
Once RMS has been activated, you will be able to secure your mail exchange.
To secure your emails with RMS, you must set a Mail flow rule (recommended). Doing so, your end-user will don’t have to think about RMS.
From the Exchange Online administration portal (Exchange Admin Center, which can be reached from the Office 365 administration portal, open the submenu just below Admin on the right side of your name and select Exchange.
Go to the Mail Flow section (from the left menu)
Then go to Rules section and create a new rule to apply RMS
Define the rule settings et voilà your email will be protected by RMS automatically.
Launch a PowerShell command prompt (you must have install Office 365 Modules for PowerShell as well as RMS Modules for PowerShell http://www.microsoft.com/en-us/download/details.aspx?id=30339)
Run the following commands:
NOTE You may receive an error message saying this command is not required because your organization is already enabled for customization
This operation is not required. Organization is already enabled for customization. + CategoryInfo : NotSpecified: (:) [Enable-OrganizationCustomizat ion], InvalidOperationException + FullyQualifiedErrorId : F977D53F,Microsoft.Exchange.Management.Deploymen t.EnableOrganizationCustomizationTask + PSComputerName : pod51031psh.outlook.com
You may have to wait a little bit before the options for Outlook Web Access appear.
Connect to your mailbox using your web browser (https://mail.office365.com)
Create a new email and go to Set Permission
With Exchange 2013, there is no more need to download attachments secured by RMS; this is now fully integrated with Exchange
When using Outlook, go to the Options tab when writing email
Once RMS has been activated, you can now use it to secure your document stored on SharePoint Online.
However, even if you have activated RMS from the Office 365 administration portal, this doesn’t mean this has been also activated for SharePoint Online.
To enable RMS for SharePoint, connect to the SharePoint Online Administration site (From the Office 365 administration portal, open the submenu just below Admin on the right side of your name and select SharePoint)
Then, from the SharePoint Online administration portal, reach the Settings section from the left menu and enable RMS for SharePoint
Finally, connect to your SharePoint site and browse to the document library you want to secure with RMS. Only ONE RMS policy can be applied on a document library.
Open the library settings using the ribbon
A new option has appears called Information Rights Management just below the Permission and Management section
When you open this option, you can enable RMS for the document library and define the RMS policy to be applied; this mean your end users will not have to think about RMS before uploading document onto the library
You have lot of option to define your RMS policy:
If this settings is enabled, end-users will have an error message explaining the document format they are trying to upload is not compatible with RMS and so can not be secured
If this settings is NOT enabled, the Office document will be opened with the web browser. End user will see a yellow information bar explaining the document is protected by RMS (the RMS policy name is shown).
When saving document using your Office client on SharePoint Online, to protect your document go to the Office backstage (screenshots done with Office 2013)
This blog is using tracking code for analytics purpose.
No personal data are stored and maintained.