The document discusses setting up and enabling Office 365 message encryption in Portugal. It provides an overview of the architecture and requirements for Azure Rights Management. It then outlines the simple 5 step script for activating, installing, configuring and running RMS in Office 365 including verifying the configuration is not already set up, configuring the RMS online key sharing location, importing the trusted publishing domain, verifying the setup, and disabling templates while enabling encryption. It also provides references to Microsoft documentation and blogs on implementing RMS and encryption.
2. Portugal
JOAO LIVIO – SharePoint Specialist & Senior Consultant
Joao Livio have 21 years of IT and Development experience. Now working as SharePoint Specialist at
NOS Portugal and BOLD International as SharePoint Specialist & Senior Consultant.
Was nominated Microsoft MVP since 2002 to 2012. His main action is maintain and developing Hybrid
Systems namely Office 365 and SharePoint using CSOM, JSOM, Custom WCF Services and BCS
Models with KnockoutJS and MVVM Patterns and/or MVC using Auto-Hosted and Provided-Hosted
Apps.
http://sptime.wordpress.com
@jlivio
4. Portugal
ARCHITECTURE and Support
Support for all commonly used devices, not just Windows
computers
1. Windows computers and phones
2. Mac computers
3. iOS tablets and phones
4. Android tablets and phones
Support for business-to-business collaboration
Because Azure RMS is a cloud service, there’s no need to explicitly configure
trusts with other organizations before you can share protected content with them.
If they already have an Office 365 or an Azure AD directory, collaboration across
organizations is automatically supported. If they do not, users can sign up for the
free RMS for individuals subscription.
Support for on-premises services, as well as Office 365
In addition to working seamlessly with Office 365, you can also use Azure RMS
with the following on-premises services when you deploy the RMS connector:
1. Exchange Server
2. SharePoint Server
3. Windows Server running File Classification Infrastructure
5. Portugal
ARM – Introduction
Microsoft Azure Rights Management provides a comprehensive policy-
based enterprise solution to help protect your valuable information, no
matter whom you share it with. For $2.00 per user per month, you get
Information Rights Management capabilities such as Do Not Forward
and Company Confidential, as well as Office 365 Message Encryption,
which allows you send encrypted emails to anyone!
6. Portugal
Requirements for Azure Rights Management
A cloud subscription for RMS && Azure AD directory
To use Azure RMS, you must have at least one of the following subscriptions:
1. Office 365
2. Azure RMS Standalone
3. Enterprise Mobility Suite
4. RMS for individuals
Microsoft Office applications (Word, Excel, PowerPoint, and Outlook) from the following suites:
1. Office 365 ProPlus
2. Office 365 Enterprise E3
3. Office Professional 2013
4. Office Professional 2010
Note:
Specific to Office Professional 2010:
Windows computers must install the Rights Management sharing application for Windows
All Information: https://technet.microsoft.com/en-us/jj585016
Rights Management Services (RMS) is a premium
feature that requires an Enterprise Client Access License
(CAL) or a RMS Online license for each user mailbox
9. Portugal
SIMPLE SCRIPT – No Pain (5 Steps)
#Open PowerShell as Administrator
Set-ExecutionPolicy RemoteSigned
$cred = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $cred -Authentication
Basic –AllowRedirection
Import-PSSession $Session
#Verify your IRM isn’t configured already
Get-IRMConfiguration
#Configure RMS with the online key-sharing location for Exchange Online (European Union)
Set-IRMConfiguration -RMSOnlineKeySharingLocation https://sp-rms.eu.aadrm.com/TenantManagement/ServicePartner.svc
#Import the Trusted Publishing Domain (TPD) from RMS Online
Import-RMSTrustedPublishingDomain -RMSOnline -name "RMS Online"
#Verify successful setup of IRM in Exchange Online
Test-IRMConfiguration –sender joao@titolivio.net
#Disable IRM templates in OWA and Outlook
Set-IRMConfiguration -ClientAccessServerEnabled $false
#Enable IRM for Office 365 Message Encryption
Set-IRMConfiguration -InternalLicensingEnabled $true
#View the IRM Configuration
Get-IRMConfiguration
10. Portugal
Endpoint’s Geolocation
RMS key sharing location Endpoints
North America https://sp-rms.na.aadrm.com/TenantManagement/ServicePartner.svc
European Union https://sp-rms.eu.aadrm.com/TenantManagement/ServicePartner.svc
Asia https://sp-rms.ap.aadrm.com/TenantManagement/ServicePartner.svc
South America https://sp-rms.sa.aadrm.com/TenantManagement/ServicePartner.svc
Office 365 for Government https://sp-rms.govus.aadrm.com/TenantManagement/ServicePartner.svc1
11. Portugal
1. Import Session
2. Verify your IRM isn’t configured already
3. Configure RMS with the online key-sharing location for Exchange Online
4. Import the Trusted Publishing Domain (TPD) from RMS Online
5. Verify successful setup of IRM in Exchange Online
6. Disable IRM templates in OWA and Outlook
7. Enable IRM for Office 365 Message Encryption
12. Portugal
Q&A
I´m not afraid to put my data
in the Cloud. I was attacked
in my house. Fortunally I
could keep my undershorts.
The master has failed more times than the beginner has even tried…