By Cathy Dew
Protecting your digital data is more then setting up user permissions
If you are going to establish an effective data governance strategy for your SharePoint and Office 365 environments, you will almost certainly end up using Azure’s rights management features. This technology integrates seamlessly with multiple Microsoft cloud services, ensuring across the board protection for your enterprise and your data. Using this technology will likely mean engaging with both Azure Rights Management Service (Azure RMS) and Azure Information Rights Management (or IRM).
What Is Azure Rights Management?
Before we get to Information Rights Management, it’s essential to have a full understanding of Azure RMS. As the name suggests, the Azure Rights Management Service is part of Microsoft Azure, the cloud computing service. However, as we already mentioned, Azure RMS integrates across many Microsoft services, making it useful for a wide array of applications.
Azure Rights Management is a sub-service of Azure Information Protection, which we already discussed at last in the previous blog post. RMS is the feature within Azure Information Protection that is responsible for setting up encryption and data security policies for documents, emails, and other types of emails.With the Azure Rights Management Service, you can configure policies for different files that will stay with those files throughout your ecosystem of Microsoft software and services. If you implement RMS encryption on a file in one location and then move the document somewhere else, the encryption will follow the file to the new location. The same goes for other policies you implement using Azure RMS, such as identity or authorization requirements.
These policies—and their ability to be recognized and remembered by various Microsoft tools and software programs—go a long way toward grounding your data governance strategies. Say you have a spreadsheet that you are sharing internally with people from several different departments or teams. This document is relevant to multiple parts of your organization, but also includes sensitive data that you don’t want falling into the wrong hands. Using Azure’s rights management feature, you can configure the document so that it can only be opened and read by people in your organization. Even if someone emails outside of the company—whether on accident or to leak confidential enterprise data—the rights management protections will remain intact.
Locking files to those without the necessary authorization is only one of the things you can do with Azure RMS. With this type of information rights management, you can do a lot of the same things that you can do with SharePoint permissions. For instance, you can give users editing privileges or make it so the document is only accessible as read-only text. You can also lock the file so that users cannot print it out, to make sure that no one is carrying critical documents out the door to get around your email blocks.
Azure Rights Management lets you enable the same protections for emails that you do for documents or files. If you send sensitive information in an email, you can lock them so that they cannot be forwarded or prevent users from replying with the “Reply All” feature. In extending data governance to email, Azure RMS is well-matched to the needs of the modern enterprise.
Using Azure Rights Management Service
In most cases, Azure RMS integrates seamlessly with Azure Information Protection. With Azure Information Protection, you can set up labels and classification for different types of files or emails. These classifications specify levels of sensitivity for different data types, which determines the level of security or governance those data types receive. By integrating with this system, Azure RMS ensures that files are being correctly encrypted or locked to certain authorizations or identities.
The integration with Azure Information Protection also makes Azure RMS extremely easy to configure and use. Once enabled and set up, both services can be used side-by-side. Indeed, when you create a label or classification for Azure Information Protection and it includes authorization, identity, or encryption settings, the system will automatically create the appropriate RMS template. While RMS and its templates are technically separate from Azure Information Protection, the two services work so closely and so seamlessly that they sometimes feel like the same program.
Before you can start using Azure Rights Management Service, though, you must activate to software solution.
A few disclaimers before you continue. First, if your organization is already using Active Directory Rights Management Services (or AD RMS), you should not use the Azure Rights Management Service. AD RMS is a previous version of Azure RMS. If you have this feature, you are likely just using an older version of SharePoint or Azure. You already have encryption and trying to enable Azure RMS will only cause issues.
Second, you may not be able to use Azure RMS at all, depending on your organization’s service plan. This feature is not included by default in any SharePoint package. If you have an Azure Information Protection plan and are already using Azure Information Protection features, then you are clear to activate Azure RMS. If your Office 365 licensing plan includes Rights Management protections, you should also have access to Azure RMS. Without one of these service plans, you will not be able to activate Azure Rights Management Service. Of course, you can always upgrade your service plan if you wish to add Rights Management to your plate.
If you have the proper service plan, use this guide to activating Azure RMS to get started. The steps you take to enable the service will vary a bit depending on whether you are using Office 365 or Azure as your home base.
Next week we’ll dive into the Azure Rights Management features and configuration options.
Are you interested in learning more about Azure Rights Management, Information Rights Management, and Office 365 Message Encryption? 2Plus2 is your premiere San Francisco Bay Area SharePoint consultants and we would be thrilled to help you configure these features and learn the ropes of each. Go online to schedule a free consultation with our team or call 510-652-7700 today.