Module 14

Office 365 Rights

Management
Services
Presenter name
Presenter role

Conditions and Terms of Use

Microsoft Confidential

This training package is proprietary and confidential, and is intended only for uses described in the training materials. Content and software is provided
to you under a Non-Disclosure Agreement and cannot be distributed. Copying or disclosing all or any portion of the content and/or software included in
such packages is strictly prohibited.
The contents of this package are for informational and training purposes only and are provided "as is" without warranty of any kind, whether express or
implied, including but not limited to the implied warranties of merchantability, fitness for a particular purpose, and non-infringement.
Training package content, including URLs and other Internet Web site references, is subject to change without notice. Because Microsoft must respond
to changing market conditions, the content should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the
accuracy of any information presented after the date of publication. Unless otherwise noted, the companies, organizations, products, domain names, email addresses, logos, people, places, and events depicted herein are fictitious, and no association with any real company, organization, product,
domain name, e-mail address, logo, person, place, or event is intended or should be inferred.

Copyright and Trademarks

2014 Microsoft Corporation. All rights reserved.

Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject
matter in this document. Except as expressly provided in written license agreement from Microsoft, the furnishing of this
document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.
Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of
this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means
(electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of
Microsoft Corporation.
For more information, see Use of Microsoft Copyrighted Content at
http://www.microsoft.com/about/legal/permissions/
Microsoft, Internet Explorer, Outlook, SkyDrive, Windows Vista, Zune, Xbox 360, DirectX, Windows Server and
Windows are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.
Other Microsoft products mentioned herein may be either registered trademarks or trademarks of Microsoft Corporation in the
United States and/or other countries. All other trademarks are property of their respective owners.
2

Lesson1: Azure
Active Directory
Rights
Management

Overview

In this module you will learn about the information rights

management (IRM) features provided by the Azure Active
Directory Rights Management service.

Objectives

After completing this module, you will be able to:

Use the Azure AD Rights Management module for PowerShell
Activate rights management in Azure Active Directory
Restrict recipient actions such as forwarding or printing a
message by using RMS templates

What is
Azure Rights
Management
s and What
Does it
Provide ?

Enables the ability to encrypt and assign usage restrictions to

content
Provides the encryption backbone to the new Office 365
Message Encryption service
Provides the following benefits:
Safeguarded sensitive information
Protection travels with the data
Integrated with Office 2013 and Office 365 services
Default information protection policies

Rights
Manageme
nt in Office
365

Office IRM Integration

Exchange Online IRM Integration
SharePoint Online IRM Integration

Azure
Rights
Manageme
nt Feature
List

Supports Microsoft online services (ExO, SPO) and onpremises server products, through the installation of an Azure
RMS connector

Content can be easily and safely shared between users within

the same organization or across organizational lines with valid
users in other Office 365 tenant accounts

Provides a predefined set of rights policy templates for use

Supports users of MicrosoftOffice2010 and up, OWA, and

ActiveSync

Supports Windows7, Windows8 and Mac OS X

Available
Templates

Confidential: When this template is applied to content, consumers of the

content are allowed all rights needed to work with and modify the content
but are not permitted to copy and print the content

Confidential View Only: When this template is applied to content,

consumers of the content are enabled to only read or view the content
but are not permitted to modify the content in any way from its original
published form

Do Not Forward: When this template is applied only the recipients

addressed in the message can decrypt the message. The recipients can't
forward the message, copy content from the message, or print the
message

Note: Custom templates can be imported into Azure Rights Managements if

you have an On-Premises AD RMS server where the template can be created
and exported from. You can also create additional RMS templates in Azure AD
(free Azure subscription required)

10

Configurati
on Process

1.
2.
3.
4.
5.

Set up your Office365 account.

Enable Azure Rights Management for your Office 365 tenant
Configure Exchange Online to use Azure Rights Managements
Publish and consume your rights protected content.
Administer Rights Management for your tenant account as
needed.

11

Azure AD
Rights
Managemen
t module for
PowerShell

Download the Azure AD Rights Management module for

PowerShell from
http://go.microsoft.com/fwlink/?LinkId=257721
Launch PowerShell as an Administrator then import the
module using the command below
Import-Module AADRM

13

PowerShell
Command
Matrix

If you need to

use the following cmdlets

Connect to or disconnect from the Rights

Management service.

Connect-AadrmService
Disconnect-AadrmService

Disable (or re-enable after disabling) the Rights

Management service.

Enable-Aadrm
Disable-Aadrm

Manage super users in a Rights Management

installation.

EnableAadrmSuperUserFeature
AddAadrmSuperUser
GetAadrmSuperUser
RemoveAadrmSuperUser

Manage users and groups who are authorized to

administer your Rights Management installation.

AddAadrmRoleBasedAdministrator
GetAadrmRoleBasedAdministrator
RemoveAadrmRoleBasedAdministrator

Get a log of administrative tasks that have been

performed against your Rights Management
installation.

Get-AadrmAdminLog

Migrate to an on-premises AD RMS deployment from Set-AadrmMigrationUrl

a Rights Management installation.
GetAadrmMigrationUrl

14

Enable RMS
in
Exchange
Online

Connect to Exchange Online using PowerShell

Set the key sharing URL depending on your tenant location
North America
Set-IRMConfiguration RMSOnlineKeySharingLocation https://sprms.na.aadrm.com/TenantManagement/ServicePartner.svc

European Union
Set-IRMConfiguration RMSOnlineKeySharingLocation https://sprms.eu.aadrm.com/TenantManagement/ServicePartner.svc

Asia
Set-IRMConfiguration RMSOnlineKeySharingLocation https://sprms.ap.aadrm.com/TenantManagement/ServicePartner.svc

South America
Set-IRMConfiguration RMSOnlineKeySharingLocation https://sprms.sa.aadrm.com/TenantManagement/ServicePartner.svc

Office 365 for Government (Government Community Cloud)

Set-IRMConfiguration RMSOnlineKeySharingLocation https://sprms.govus.aadrm.com/TenantManagement/ServicePartner.svc

Run the following command to import the trusted publishing domain (TPD):
Import-RMSTrustedPublishingDomain -RMSOnline -name "RMS Online
Test the configuration by running the following command:
Test-IRMConfiguration -RMSOnline
15

Using RMS

1.
2.
3.
4.
5.
6.

Using a browser, log in to your Outlook Web App account.

Start a new e-mail message.
Click the Ellipse ().
Select Set Permissions.
Select a template to test.
Send the Message.

16

Lab: Enable and

Test RMS with
Exchange Online

17

Module
Review

1.
2.
3.
4.

What is the main purpose of RMS Online ?

What versions of Office work with RMS Online ?
Describe the process of enabling RMS Online.
What are two easy ways to test RMS Online ?

18

Module
Review
(Answers)

1. What is the main purpose of RMS Online ?

. Azure Rights Management enables the ability to encrypt
and assign usage restrictions to content for organizations
that subscribe to Microsoft online services
2. What versions of Office work with RMS Online ?
. Office 2010 and Office 2013
3. Describe the process of enabling RMS Online.
. Download PowerShell module, connect to tenant, enable
RMS. Connect to Exchange Online, Configure RMS
4. What are two easy ways to test RMS Online ?
. Use the test cmdlet or use OWA and send a message
using the Set Permissions option

19

Module
Summary

In this Lesson, you learned:

How to enable and configure RMS in both Azure Rights
Management and Exchange Online
Use RMS to protect sensitive data

20

 2013
2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks
in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of
this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and
Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation.MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR
STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION