Microsoft Azure Rights Management


Microsoft Azure Rights Management

Azure Rights Management (Azure RMS) is a cloud-based protection technology used by Azure information protection. It is a great part of Microsoft Mobility suite (EMS). This cloud -based service uses encryption, identity and authorization policies to help secure your files, email and works across multiple devices.

In other words, it’s more of a document- level security, enabling safe sharing of sensitive information within and around your organisation.

You’ll be able to block people based on the company, employment status, date of review etc, in summary, only authorized users can read and inspect the data that Azure RMS protects.

So, How Does It Work?

In the most basic, non-technical, explanation, Azure makes sure that data in a document is not easily readable to any users and services who are not authorized to read it.

The data is encrypted at the application level and includes a policy defining the authorised use for that document. Only when the data is access by an authorised user, the document is decrypted and rights in the policy are enforced.

Azure can be used with multiple cloud subscriptions, supports many features and devices such as Windows, Mac OS, iOS, Android and Windows Phone.
Throughout the protection process, Azure encrypts and enforces restriction, but when used by a legitimate user, the data on the document decrypts and authorises as the rights in the policy are enforced.

The image below illustrates a very technical process of how Azure works through its protection process:

A document containing the sensitive information is protected and opened successfully by an authorised user. The document is protected by a content key (green key in the image) and is unique for each document. It is placed in the file where it’s then protected by Azure information protection tenant root key (the red key).

Great, but what problems does RMS solve?

• Protection of multiple files.

• Easy Activation.

• Ability to scale across the organisation.

• Ability to create simple and flexible policies

Provide quick and easy solutions with customised protection templates for administrators to create policies with the correct level of protection on each document and give authority on who can access it.

Protection of files anywhere.

The protected files stay protected, when its saved or copied to storage without the control of IT like Cloud storage service.

Share information safely.

As your file is protected, it is safe to share this file others. For example, as an email attachment or a link on SharePoint. You may also attach a protected file to an email that is not encrypted.
Auditing and Monitoring.
When files leave your organisations boundaries, you can still audit and manage your protected files.
For example, if you’re working on a joint project with some people in another company, you can email protected documents and restrict to a read-only.

RMS will be able to provide you with the following information:
– If the document has been opened and when.
– If the document has been attempted (and failed) to be opened, printed or changed by non-authorised users.

Support for used devices.
Supported devise include Windows phones and computers, Mac computers, iOS tablets and phones and Android tablets and phones.

Supports B2B collaboration.
Collaboration across organisations is automatically supported if they already have office 365 or an Azure AD Directory.

Supports on-premise services.
In addition to working impeccably with office 365, You can use MRS with Exchange server, SharePoint and Windows server running file classification infrastructure.

Broad Application Support.
RMS has tight integration with all Microsoft applications and services.

IT maintain control of data.
– Choose to manage your own tenant key.
– Support for auditing and usage logging to analyse business insights, monitor abuse and perform forensic analysis.
– Delegate access to ensure that IT can always access protected content.
– Synchronize directory attributes that Azure needs to help support common identity.
– Single sign-on without replicating passwords to cloud.
– You always have the choice to stop using Azure RMS without losing access to content that was protected.

Final advice

We are partners of Microsoft, so if you need more information about Azure RMS or any other Microsoft product, contact us for free a consultation! – We can also give you Microsoft products at a discounted prices.


Lucidica is the IT support team for London businesses