Your SlideShare is downloading. ×
Use AADRM (Right Management Services) with Office 365
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Introducing the official SlideShare app

Stunning, full-screen experience for iPhone and Android

Text the download link to your phone

Standard text messaging rates apply

Use AADRM (Right Management Services) with Office 365

2,447
views

Published on

Presentation on how to enable and use Azure Active Directory Right Management (AADRM) on Office 365 …

Presentation on how to enable and use Azure Active Directory Right Management (AADRM) on Office 365

Presentation held at Microsoft MVP ANZ event on June 2013

Published in: Technology

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
2,447
On Slideshare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
66
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Use ADDRM with Office365Benoit HAMETSydney, June 5th 2013Microsoft MVPJune 2013 EventThis work is licensed under aCreative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported License.
  • 2. The information contained in this presentation is proprietary.© 2012 Capgemini. All rights reserved.Who am IBenoit HAMETManager – Microsoft Technologies Specialist at CapgeminiMVP Office 365http://blog.hametbenoit.infohttp://www.linkedin.com/in/benoithamethttp://twitter.com/benoit_hamet
  • 3. 3Copyright © Capgemini 2013. All Rights ReservedMicrosoft MVP EventUse AADRM with Office 365 | June-13AgendaTerminology and DefinitionInformation Protection Requirements & ApproachWhat is Right Management and how it works?RMS in Office 365Integration with Exchange, Office and SharePoint
  • 4. 4Copyright © Capgemini 2013. All Rights ReservedMicrosoft MVP EventUse AADRM with Office 365 | June-13GlossaryIRM: Information Rights ManagementDRM: Digital Rights ManagementRMS: Right Management ServerRMS Online (AADRM): Cloud based Right Management ServicePublishing License: the license a document is published withUsage License: the license to use the documentAD: Active directoryADFS: Active Directory Federation Services
  • 5. 5Copyright © Capgemini 2013. All Rights ReservedMicrosoft MVP EventUse AADRM with Office 365 | June-13Terminology and Definition Protection: Encryption + Policy + Policyenforcement Encryption: Targets securing data in transit or atrest but only until consumed Policy: Definition of who (identity) can do what(conditions) on a protected item Policy Enforcement: Application specific code toenforce common, standardized behaviors Windows Azure AD Rights Management : Anoffering that is a part of Office 365 RMS: Right Management Services IRM: Information Rights Managementinterchangeable with Rights Management ERM/DRM: Enterprise or Digital RightsManagement Content-Aware Data Leakage Protection (DLP):Relies on „agents‟ to apply Protection (encryption+ policy) to contentEnterprise DRMServicesContentProtectionPoliciesSoftwareresponsible toprotect contentPeopleresponsible toprotect content
  • 6. 6Copyright © Capgemini 2013. All Rights ReservedMicrosoft MVP EventUse AADRM with Office 365 | June-13Information Protection Requirements Data is protected at the source Modern apps save directly to „foreign storage‟ so they must encrypt before data leaves the app Data is protected in „usable chunks‟ Use patterns are at the document level; not at the full drive level (e.g.: BitLocker) Especially true on constrained-resource mobile devices; on shared cloud-based storage Very strong encryption at rest is required; pretty good protection in apps is fine Assume the data is exposed to adversaries when at rest (pre-authorization) Presume the user is “trustworthy but possibly absent minded” (post-authorization) Flexible model to support offline use or online authorization; ITPro decides Per-app policies and customization(s) to increase usability (reduce friction) Per-application optimizations (Outlook vs. Word); App Context Matters
  • 7. 7Copyright © Capgemini 2013. All Rights ReservedMicrosoft MVP EventUse AADRM with Office 365 | June-13Information Protection Approach Protect files with EFS Everyday Metaphor: Locking bike rack – useful at that particular location but nowhere else. Once a good idea but not very useful in modern times… who has only one device? Lock up personal data stores with BitLocker / BitLocker to Go Everyday Metaphor: Lock on the front door of your home. Good, but once open, everyone gets in. Great way to protect against lost laptops and other assets but not at a granular level Rights Management on-premises, in the cloud, across „tenants‟ and to guests Everyday Metaphor: Certified mail that, when closed, requires re-certification before reuse. Protection for data „in the wild‟ with flexible terms-of-use, and transport agnostic Generic file protection using „Rights Protected Folders‟ SharePoint „Secure Libraries‟ Everyday Metaphor: A well run public Library who‟s librarian actually asks to see your identity Great way to host data that can be centralized; data that leaves is protected Pro-active protection (aka DLP) via Exchange, FOPE, FCI, ISV offers, etc. Everyday Metaphor: A persistent yard caretaker for your „digital landscape‟ Volunteer application of RM will only get you so far  DLP offers at strategic points does wonders!Combined, these offers give you protection of lost assets, data in repositories, data in flight (user protected or not), and IT controlled*auditing of data usage.
  • 8. 8Copyright © Capgemini 2013. All Rights ReservedMicrosoft MVP EventUse AADRM with Office 365 | June-13What is Rights Management?Information Protection technology Protection is persisted with the data, content can travel anywhere (desktops, file shares,USB keys, network and devices)Combines encryption, access controls and policy expression andenforcement Prevent the accidental disclosure of sensitive data by applying usage polices (cannot forward,cannot print, read-only)Simple to use Authors just select a policy option, consumers just open documents Securely share data with individuals within and outside of your organization.
  • 9. 9Copyright © Capgemini 2013. All Rights ReservedMicrosoft MVP EventUse AADRM with Office 365 | June-13How RMS works?Galactic Empire Confidential – You cannot copy, print or export thisinformation in unprotected form to droids of any class.User certificates Use LicenseGalactic Empire Confidential – You cannot copy, print or export thisinformation in unprotected form to droids of any class.PublishingLicense +keys
  • 10. 10Copyright © Capgemini 2013. All Rights ReservedMicrosoft MVP EventUse AADRM with Office 365 | June-13AADRM in Office 365 AADRM: Azure Active Directory Rights ManagementAADRM is only available to Office 365 EnterpriseplansEasy to setup and useStart protecting data within minutes of when you subscribe toOffice 365, no on-premises infrastructure required.Integrated within Exchange Online, SharePoint Online andOffice, users will use applications and services they arealready familiar with today.Additional controls available in Exchange Online andSharePoint Online to meet your business requirements.
  • 11. 11Copyright © Capgemini 2013. All Rights ReservedMicrosoft MVP EventUse AADRM with Office 365 | June-13RMS in Office 365CapabilitiesSimple mechanism to enable Rights management capabilitiesacross applications and services.Once Rights Management is enabled, Exchange and Officeintegration is also enabled including IRM in Office, OWA andEAS.Provides default templates for to apply common usagerightsSimple templates to restrict access to users within acompany.Will assess usage policies during preview timeframe to gatherfeedback to add or tune policies.“Do Not Forward” and Ad-hoc Policies are also available.
  • 12. DemoEnable RMS in Office 365
  • 13. 14Copyright © Capgemini 2013. All Rights ReservedMicrosoft MVP EventUse AADRM with Office 365 | June-13Office 2010 and 2013 IntegrationInformation Worker Applications are already familiar to users, just learn File, Protect, Restrict Permissions Policy Templates available to easily apply protection Users can create ad-hoc policy to provide an addition level of control. Office IRM integration supports Outlook, Word, Excel, PowerPoint and InfoPathInformation Control Integrated with Exchange and SharePoint Online (more in a few minutes) Word, Excel, PowerPoint integrated with SharePoint Document Libraries Outlook works with Exchange IRM integrated features Outlook 2013 is integrated with DLP and can use IRM to apply protection Protection persisted independent of how the data is stored Desktop, USB Drive, File Share, SkyDrive etc…
  • 14. 15Copyright © Capgemini 2013. All Rights ReservedMicrosoft MVP EventUse AADRM with Office 365 | June-13Exchange Online IntegrationInformation Worker Outlook Web App – IRM messages can be created and consumed in Outlook Web App Exchange Active Sync – IRM messages can be consumed in EAS based clients thathave enabled Rights Management including Windows Phone 7.5 and Touchdown forAndroid. Supports collaboration across organizationsInformation Control Journaling- Creates an unprotected copy of messages for compliance purposes Exchange Transport Rules – Enables automatic protection of content by complementingthe DLP capabilities in Exchange Online Decryption – Can decrypt content for Malware scanning and the additions of disclaimersto messages.
  • 15. 16Copyright © Capgemini 2013. All Rights ReservedMicrosoft MVP EventUse AADRM with Office 365 | June-13SharePoint Online IntegrationInformation Worker Protection is applied when documents are downloaded from a document library, userswill not observe a difference. Provides view only capabilities for Web Access Companion ApplicationsInformation Control Great for a centralized repository of documents.• When documents are downloaded from SharePoint protection is applied which resides with thedocument no matter where it goes. Supports all IRM functionality for policy definition• Can define usage restrictions, policy renewal, and distribution groups on per document librarybasis. Supports collaboration scenarios across organizations• Can set access policies to enable users from other organizations to access your document libraryand stay in control of your data.
  • 16. DemoIntegration with ExchangeOnline and SharePoint Online
  • 17. 23Copyright © Capgemini 2013. All Rights ReservedMicrosoft MVP EventUse AADRM with Office 365 | June-13Take AwayData can flow anywhere anytime Access based control does not protect content once it has been accessed. Rights Management provides encryption that is persisted with the content. Enables rich policy to be associated with content to prevent accidental disclosure ofcontent.Rights Management is now integrated within the Office 365 Does not require any additional on-premise infrastructure and takes a few minutes toconfigure. Available as a part of the Office 365 Enterprise. Deep Integration with Office 2013, SharePoint Online and Exchange Online.