By Cathy Dew
As the Data Governance Story Ends, Information Rights Management takes Center Stage
Data governance is a large story that your company needs to build, tell, and revise – governance itself has a life cycle just like a software development project. And we’ve spent the last set of articles defining a data governance policy and discussed many phases of building a data governance policy and a data protection plan using current tools available via Microsoft Office 365 and Microsoft Azure. Last week we introduced the Microsoft’s Azure Information Rights Management solution and how Azure Rights Management fits into your company’s internal digital document life cycle story. Today we’ll dive into the Azure RMS features, key configuration points, and discuss the information rights management options available.
Azure RMS Features and Configurations
When you activate Azure RMS, a few things will happen instantly. First, your users will immediately be able to protect files with Rights Management features. This ability applies to all your users, so you will have to configure things if you want to be a bit more targeted with RMS admin-like procedures. Secondly, RMS immediately creates two templates for your users to utilize. These templates are primarily meant to restrict the access and use of information to people within your organization. If you want to be a bit more advanced with your RMS applications—and you probably will be, to gain the full data governance and security potential of the feature—you will need to create your own templates.
To restrict the user groups who can protect files with Azure RMS, go back to the link above (the one about activating the Rights Management Service) and scroll down to the section that reads “Configuring onboarding controls for a phased deployment.” This section will explain how you can use a PowerShell command to configure onboarding policies for RMS
In order to start setting up custom templates for your Azure RMS platform, you’ll have a somewhat more straightforward process. You don’t need to figure out PowerShell commands to configure actual uses for the RMS technology. In fact, you hardly even need to engage with the RMS feature directly. As we discussed above, the Rights Management Service integrates seamlessly with the Azure Information Protection service, to the point where creating a new label or classification for the Information Protection service will create a corresponding RMS template.
What About Information Rights Management (IRM)?
Now that we’ve had a thorough discussion about the Azure Rights Management Service, you’re probably starting to wonder: what is Information Rights Management and how does it figure into the conversation.
Azure RMS includes two separate features: Information Rights Management (IRM) and Office 365 Message Encryption. Rights management in Office 365, SharePoint, or Microsoft Exchange can be confusing because the terms “RMS” and “IRM” are often used interchangeably. However, IRM is a feature included within RMS—one that accounts for the bulk of what RMS does. When you activate RMS, in other words, you are mostly enabling Azure Information Rights Management.
IRM brings most of the benefits we’ve already mentioned or hinted at in this article. It lets you apply protections to documents or emails that renders them inaccessible to unauthorized individuals. It enables you to set up permissions for your documents—including your document libraries within SharePoint—to control who can access, read, or edit individual files. It applies rights management policies across all Office documents, allowing you to protect your data whether it appears in a Word file, a PowerPoint presentation, or an Excel spreadsheet. It also activates protections that persist whether your files are online or offline.
While IRM is responsible for the identity and authorization sides of RMS, Office 365 Message Encryption takes care of email encryption. This feature makes encrypted email easy and user-friendly. It can encrypt entire email threads, even if some recipients are not part of your network and therefore not part of your service plan. It also makes the process of encrypting conversations easy for your end users, so that no one must go out of their way to ensure your data security.
As you might imagine, these features are extremely powerful and will go a long way toward maximizing the power of your organization’s data governance policies. Azure Information Rights Management, in particular, makes it possible to protect and govern every file in your enterprise—even if it leaves the company
Are you interested in learning more about Azure Rights Management, Information Rights Management, and Office 365 Message Encryption? 2Plus2 is your premiere San Francisco Bay Area SharePoint consultants and we would be thrilled to help you configure these features and learn the ropes of each. Go online to schedule a free consultation with our team or call 510-652-7700 today.