This document discusses Azure Rights Management (RMS) and how it can be used to protect documents and files. It provides an overview of RMS and how it combines encryption with usage policies. It then describes how to activate and configure RMS in Azure, SharePoint Online, and Exchange Online. It also covers topics like installing RMS sharing apps, using default or custom tenant keys, creating RMS templates, and integrating RMS with on-premises file shares. The document aims to explain the complete Azure RMS fabric and how information rights management works.
3. Tweet: #GlobalAzure | http://singapore.azurebootcamp.net/
Participate with us and stand a chance to win prizes!
Survey:
http://j.mp/abcsg-2016
Tweet Tag:
#GlobalAzure #GABSG
3
4. Tweet: #GlobalAzure | http://singapore.azurebootcamp.net/
Agenda
• Why we need Rights Management?
• Different between traditional protection and rights management
• Managing Azure RMS
• Demo
4
5. Tweet: #GlobalAzure | http://singapore.azurebootcamp.net/
Connect with Me
http://blog.libinuko.com
@cakriwut
http://www.youtube.com/user/cakriwut/
Riwut Libinuko
Microsoft Office Server Service MVP, Master
degree in Computer System Engineering, with
more than 15 years in IT industry.
Active contributors to MSDN Forum, Code Sample
Gallery, Curah, Nuget, Codeplex and many more.
6. Tweet: #GlobalAzure | http://singapore.azurebootcamp.net/
Introduction
6
“The Panama Papers are a leaked set of 11.5 million confidential documents that provide detailed
information about more than 214,000 offshore companies listed by the Panamanian corporate service
provider Mossack Fonseca,..”
(Source: Wikipedia, https://en.wikipedia.org/wiki/Panama_Papers)
The Ponemon study found “..the average consolidated total cost of a data breach is $3.8 million
representing a 23% increase since 2013. The study also reports that the cost incurred for each lost
or stolen record containing sensitive and confidential information increased six percent from a
consolidated average of $145 to $154.”
(Source: IBM, Ponemon , http://www-03.ibm.com/security/data-breach/)
7. Tweet: #GlobalAzure | http://singapore.azurebootcamp.net/
Introduction
7
1. 74% report loss of customers
2. 59% faced potential litigation
3. 33% faced potential fines
4. 32% declined in share value
(Source: http://www.scottandscottllp.com/main/business_impact_of_data_breach.aspx)
(Source: https://en.wikipedia.org/wiki/Data_breach#2015)
•In October 2015, the British telecommuncations provider TalkTalk suffered a data
breach when a group of 15-years old hackers stole information on its 4 million
customers. The stock price of the company fell substantially due to the issue –
around 12% – owing largely to the bad publicity surrounding the leak.[11]
•In July 2015, adult website Ashley Madison suffered a data breach when a hacker
group stole information on its 37 million users. The hackers threatened to reveal
user names and specifics if Ashley Madison and a fellow site, EstablishedMen.com,
did not shut down permanently.[12]
•In February 2015, Anthem suffered a data breach of nearly 80 million records,
including personal information such as names, Social Security numbers, dates of
birth, and other sensitive details.[13]
•In June 2015, The Office of Personnel Management of the U.S. government
suffered a data breach in which the records of 4 million current and former federal
employees of the United States were hacked and stolen.
Major incident in 2015
Business Impact
9. Tweet: #GlobalAzure | http://singapore.azurebootcamp.net/
Information Rights Management
• Information Protection technology
– Protection is persisted with the data, content can travel anywhere (desktops, file shares, USB keys,
cloud drives, network and devices)
• Combines encryption and usage restrictions
– Prevent accidental disclosure of sensitive data by applying usage polices (cannot forward, cannot
print, read-only)
• Simple to use
– Authors just select a policy option, consumers just open documents
– Administrators can configure policies to protect content automatically
– Securely share data with individuals within organization
Source: https://mva.microsoft.com/en-
US/training-courses/encryption-in-office-365-
8404
12. Tweet: #GlobalAzure | http://singapore.azurebootcamp.net/
Activate Azure RMS
• Using Office 365 Admin center , if you
have O365 with RMS subscription
(E3,E4,ES,A3,A4,AS,G3,G4)
• Using Azure Classic Portal site
15. Tweet: #GlobalAzure | http://singapore.azurebootcamp.net/
Azure RMS Key (Default)
15
Source : https://technet.microsoft.com/en-
us/library/dn440580.aspx
By default, Microsoft will generate your tenant
key and manage it. In this case you don’t need
to do any configuration.
16. Tweet: #GlobalAzure | http://singapore.azurebootcamp.net/
Azure RMS Key (BYOK)
16
Source : https://technet.microsoft.com/en-
us/library/dn440580.aspx
Azure RMS also support tenant’s
managed key by Thales HSM.
However BYOK is not compatible with
Exchange Online.
17. Tweet: #GlobalAzure | http://singapore.azurebootcamp.net/
Protect data with Rights Management
Source : https://mva.microsoft.com/en-
US/training-courses/azure-rights-
management-services-core-skills-10500