Share via


Azure Rights Management: Data protection

Introduction

Today I will show you what is Azure Rights Management, today 80% of users of organizations use their own device to work at home or anywhere, sharing emails and documents. As mobility is stronger every day, how to treat the security of important documents and confidential information.

With the Microsoft Rights Management you can protect sensitive information of the company aimed at several scenarios. It uses an encryption policy, identity and authorization for securing your files and emails. Is compatible with cell phones, tablets and computers.

An example: "the developer of the company has configured e-mails and shared documents in your own cell phone and the cell phone is stolen, no matter how much someone else try to open the file it will be encrypted, so the information inside the documents will not be displayed."

Rights Management activation in the Azure portal

To make activation of the RMS on the Azure portal, go to Active Directory Rights Management > Select your account > Enable

https://4.bp.blogspot.com/-Eg7EtWtS3Cc/VZb7PBHA19I/AAAAAAAAQTM/wykNTxnvLw4/s640/01.jpg

Creating Security Policies

You can create as many policies that are required for your organization.

To create policies select your account and click models > Add

https://1.bp.blogspot.com/-L94yeq0dROs/VZb8vP7Q_AI/AAAAAAAAQTg/1f7R7etdbvA/s640/02.jpg

In Add, now choose the language that the policy will be created, then put the policy name and description and click Create

https://2.bp.blogspot.com/-23OWB6MHZ10/VZb-QCfo56I/AAAAAAAAQTs/FL_z0NgGOtA/s400/03.jpg

Now click the Policy created to edit

https://1.bp.blogspot.com/-V5tZrvrMeRs/VZcBY9geTqI/AAAAAAAAQUI/HHkbMevTU3w/s640/04.jpg

Within each policy we have the following options:

  • Rights: Specify which users or groups will use the content protected with this template. Some RMS-enabled applications may not support all permissions.
  • Scope: Specify users or groups who can apply this model. By default, all users and groups in your organization can apply this model.
  • Configure: specify the status of politics, language change of policy, set expiration settings for the content protected by this model and set the duration in the user can access the content offline.

In rights, click Add

https://3.bp.blogspot.com/-BBCnrpyJBAU/VZch2MCK1PI/AAAAAAAAQUs/IT2-lOfDlUs/s640/05.jpg

Let's choose the user that will use the protection with this policy, and then click Next

https://4.bp.blogspot.com/-An2SNEYBQnc/VZcIqX7kacI/AAAAAAAAQU0/bsebAbo0ceQ/s640/06.jpg

Now let's get the type of permission for the user and click Finish

https://4.bp.blogspot.com/-084pw_RwVS8/VZcJorvliVI/AAAAAAAAQU8/-ibtDrUkd64/s640/07.jpg

In scope, click Add

https://4.bp.blogspot.com/-CdVc7xrJDuY/VZqSZqu5jaI/AAAAAAAAQVU/rL6kHb2Vlqc/s640/08.jpg

Now let's add the user

https://2.bp.blogspot.com/-H6PJB4_-zKo/VZqTn2-0CQI/AAAAAAAAQVg/9MAvTuQgQgs/s640/09.jpg

In Configure, add the following settings:

1-Status = click Publish.

2-Name and Description = Select the language and then choose the name for your policy, and other languages.

3-Content Expiration = choose how and when he can begin to protect your data.

4-Access Offline = choose how will data protection.

https://3.bp.blogspot.com/-K67t87Xj2CE/VZqg4L33GVI/AAAAAAAAQVw/h_kGAhegN04/s640/10.jpg

Ready your policy is configured and ready to be applied.

Installation of the RMS client

Remembering that the Azure makes always a RMS user validation to open the document, the client makes this validation bridging between the device and the Azure. If the user loses his device or be stolen, other people will not be able to access the data within the files.

For data protection we're installing the client, go to the website https://portal.aadrm.com, with your email account.

https://1.bp.blogspot.com/-dt8vX94S98k/VaVeh9wh6YI/AAAAAAAAQWk/C1NCklOfwxE/s640/11.jpg

Now let's choose the platform you want to install, in this article I am installing the client for Windows.

https://4.bp.blogspot.com/-eRlPZOCBiDM/VaVe7ISKJ8I/AAAAAAAAQWs/rftb--Q-hBc/s640/12.jpg

After downloading, run RMSSetup.exe and click Next

https://2.bp.blogspot.com/-QJ-jL0F2QXs/VaVflWuVxGI/AAAAAAAAQW4/mLLmjB-YEnA/s1600/13.jpg

Wait for the end of the installation, and then click Close

https://2.bp.blogspot.com/-73OFNfS9IjQ/VaVfweEGodI/AAAAAAAAQXA/snMHfZTmXhU/s1600/14.jpg

https://3.bp.blogspot.com/-pFu3BANV4ew/VaVfwe2qc8I/AAAAAAAAQXE/G0-k2uJ3VP8/s1600/15.jpg

Configuring the policy documents

After installing the Client, let's check if document protection is enabled. Open the Word or other Office product and verify that the "Shared Protected RMS" is enabled.

https://4.bp.blogspot.com/-knSLJ35CzGU/VaVjbbC5bbI/AAAAAAAAQXU/hYC8x4Xz8hk/s640/18.jpg

With the enabled protection he has identified that your user has permission to create and open the document.

Go to Files > Protect Document > Restrict Acess > Rights Management servers Connect and get templates.

https://4.bp.blogspot.com/-m9li03b4uOY/VaVn8m7Wm8I/AAAAAAAAQXc/YKDImepGTTg/s640/16.jpg

Then select the policy you created in the beginning of the article.

https://2.bp.blogspot.com/-JaZ3ItjjEOI/VaVoRlpe0RI/AAAAAAAAQXk/uJt-MjgRYOg/s640/17.jpg

When you select the policy, this document will be automatically protected

https://4.bp.blogspot.com/-rdikf8fKCS0/VaVpJphe1dI/AAAAAAAAQXw/AiC9OsQYzeA/s640/19.jpg

He will warn that this document is protected and what permissions they have on him.

https://3.bp.blogspot.com/-kQ9N_5dzPc8/VaVp1lPjlKI/AAAAAAAAQX4/LP0FJmmrkV8/s640/20.jpg

https://1.bp.blogspot.com/-tHtrTdalqI8/VaVqUQegUSI/AAAAAAAAQYA/GMbYbuVxqq0/s640/21.jpg

Now let's try to open this file with another user who does not have the Client installed and the permission on the file, it returns the following error. 

https://3.bp.blogspot.com/-7Yiv8wwm7TA/VaVs394i_7I/AAAAAAAAQYM/rPXALotYunI/s400/22.jpg

The Azure RMS also protects the following extensions txt and pdf. It changes the extension of the document to ptxt and ppdf this means that the documents are protected by Azure RMS.

https://4.bp.blogspot.com/-daSE6ah99tw/VaV3LfUAz_I/AAAAAAAAQYc/AIroEN04WhU/s400/23.jpg

After we give permission to others to access the document. Right-click the Protect document > Protect in-place > Custom Permissions

https://3.bp.blogspot.com/-SFj9TuW1mrg/VaV4y221ALI/AAAAAAAAQYo/SjUqXDar6NU/s640/24.jpg

Select the user and then assign the permission he will have in the document.

1-You can assign a date for the document expires;

2-Send an email when someone tries to open those documents;

3-Allow me to revoke immediately the access to these documents.

https://2.bp.blogspot.com/-cRqhJztClnk/VaV7gyaRjYI/AAAAAAAAQY0/FFlULDdOegs/s640/25.jpg

Ready your files are safe even outside of your organization.

Credits:

This document was originally published as http://www.micheljatoba.com.br/2015/07/protecao-de-dados-com-microsoft-azure.html and has been reproduced here to allow the community to correct any inaccuracies or provide other improvements until you update the original version of this topic.

Back to Top