Azure Rights Management: Data protection
Introduction
Today I will show you what is Azure Rights Management, today 80% of users of organizations use their own device to work at home or anywhere, sharing emails and documents. As mobility is stronger every day, how to treat the security of important documents and confidential information.
With the Microsoft Rights Management you can protect sensitive information of the company aimed at several scenarios. It uses an encryption policy, identity and authorization for securing your files and emails. Is compatible with cell phones, tablets and computers.
An example: "the developer of the company has configured e-mails and shared documents in your own cell phone and the cell phone is stolen, no matter how much someone else try to open the file it will be encrypted, so the information inside the documents will not be displayed."
Rights Management activation in the Azure portal
To make activation of the RMS on the Azure portal, go to Active Directory Rights Management > Select your account > Enable
https://4.bp.blogspot.com/-Eg7EtWtS3Cc/VZb7PBHA19I/AAAAAAAAQTM/wykNTxnvLw4/s640/01.jpg
Creating Security Policies
You can create as many policies that are required for your organization.
To create policies select your account and click models > Add
https://1.bp.blogspot.com/-L94yeq0dROs/VZb8vP7Q_AI/AAAAAAAAQTg/1f7R7etdbvA/s640/02.jpg
In Add, now choose the language that the policy will be created, then put the policy name and description and click Create
https://2.bp.blogspot.com/-23OWB6MHZ10/VZb-QCfo56I/AAAAAAAAQTs/FL_z0NgGOtA/s400/03.jpg
Now click the Policy created to edit
https://1.bp.blogspot.com/-V5tZrvrMeRs/VZcBY9geTqI/AAAAAAAAQUI/HHkbMevTU3w/s640/04.jpg
Within each policy we have the following options:
- Rights: Specify which users or groups will use the content protected with this template. Some RMS-enabled applications may not support all permissions.
- Scope: Specify users or groups who can apply this model. By default, all users and groups in your organization can apply this model.
- Configure: specify the status of politics, language change of policy, set expiration settings for the content protected by this model and set the duration in the user can access the content offline.
In rights, click Add
https://3.bp.blogspot.com/-BBCnrpyJBAU/VZch2MCK1PI/AAAAAAAAQUs/IT2-lOfDlUs/s640/05.jpg
Let's choose the user that will use the protection with this policy, and then click Next
https://4.bp.blogspot.com/-An2SNEYBQnc/VZcIqX7kacI/AAAAAAAAQU0/bsebAbo0ceQ/s640/06.jpg
Now let's get the type of permission for the user and click Finish
https://4.bp.blogspot.com/-084pw_RwVS8/VZcJorvliVI/AAAAAAAAQU8/-ibtDrUkd64/s640/07.jpg
In scope, click Add
https://4.bp.blogspot.com/-CdVc7xrJDuY/VZqSZqu5jaI/AAAAAAAAQVU/rL6kHb2Vlqc/s640/08.jpg
Now let's add the user
https://2.bp.blogspot.com/-H6PJB4_-zKo/VZqTn2-0CQI/AAAAAAAAQVg/9MAvTuQgQgs/s640/09.jpg
In Configure, add the following settings:
1-Status = click Publish.
2-Name and Description = Select the language and then choose the name for your policy, and other languages.
3-Content Expiration = choose how and when he can begin to protect your data.
4-Access Offline = choose how will data protection.
https://3.bp.blogspot.com/-K67t87Xj2CE/VZqg4L33GVI/AAAAAAAAQVw/h_kGAhegN04/s640/10.jpg
Ready your policy is configured and ready to be applied.
Installation of the RMS client
Remembering that the Azure makes always a RMS user validation to open the document, the client makes this validation bridging between the device and the Azure. If the user loses his device or be stolen, other people will not be able to access the data within the files.
For data protection we're installing the client, go to the website https://portal.aadrm.com, with your email account.
https://1.bp.blogspot.com/-dt8vX94S98k/VaVeh9wh6YI/AAAAAAAAQWk/C1NCklOfwxE/s640/11.jpg
Now let's choose the platform you want to install, in this article I am installing the client for Windows.
https://4.bp.blogspot.com/-eRlPZOCBiDM/VaVe7ISKJ8I/AAAAAAAAQWs/rftb--Q-hBc/s640/12.jpg
After downloading, run RMSSetup.exe and click Next
https://2.bp.blogspot.com/-QJ-jL0F2QXs/VaVflWuVxGI/AAAAAAAAQW4/mLLmjB-YEnA/s1600/13.jpg
Wait for the end of the installation, and then click Close
https://2.bp.blogspot.com/-73OFNfS9IjQ/VaVfweEGodI/AAAAAAAAQXA/snMHfZTmXhU/s1600/14.jpg
https://3.bp.blogspot.com/-pFu3BANV4ew/VaVfwe2qc8I/AAAAAAAAQXE/G0-k2uJ3VP8/s1600/15.jpg
Configuring the policy documents
After installing the Client, let's check if document protection is enabled. Open the Word or other Office product and verify that the "Shared Protected RMS" is enabled.
https://4.bp.blogspot.com/-knSLJ35CzGU/VaVjbbC5bbI/AAAAAAAAQXU/hYC8x4Xz8hk/s640/18.jpg
With the enabled protection he has identified that your user has permission to create and open the document.
Go to Files > Protect Document > Restrict Acess > Rights Management servers Connect and get templates.
https://4.bp.blogspot.com/-m9li03b4uOY/VaVn8m7Wm8I/AAAAAAAAQXc/YKDImepGTTg/s640/16.jpg
Then select the policy you created in the beginning of the article.
https://2.bp.blogspot.com/-JaZ3ItjjEOI/VaVoRlpe0RI/AAAAAAAAQXk/uJt-MjgRYOg/s640/17.jpg
When you select the policy, this document will be automatically protected
https://4.bp.blogspot.com/-rdikf8fKCS0/VaVpJphe1dI/AAAAAAAAQXw/AiC9OsQYzeA/s640/19.jpg
He will warn that this document is protected and what permissions they have on him.
https://3.bp.blogspot.com/-kQ9N_5dzPc8/VaVp1lPjlKI/AAAAAAAAQX4/LP0FJmmrkV8/s640/20.jpg
https://1.bp.blogspot.com/-tHtrTdalqI8/VaVqUQegUSI/AAAAAAAAQYA/GMbYbuVxqq0/s640/21.jpg
Now let's try to open this file with another user who does not have the Client installed and the permission on the file, it returns the following error.
https://3.bp.blogspot.com/-7Yiv8wwm7TA/VaVs394i_7I/AAAAAAAAQYM/rPXALotYunI/s400/22.jpg
The Azure RMS also protects the following extensions txt and pdf. It changes the extension of the document to ptxt and ppdf this means that the documents are protected by Azure RMS.
https://4.bp.blogspot.com/-daSE6ah99tw/VaV3LfUAz_I/AAAAAAAAQYc/AIroEN04WhU/s400/23.jpg
After we give permission to others to access the document. Right-click the Protect document > Protect in-place > Custom Permissions
https://3.bp.blogspot.com/-SFj9TuW1mrg/VaV4y221ALI/AAAAAAAAQYo/SjUqXDar6NU/s640/24.jpg
Select the user and then assign the permission he will have in the document.
1-You can assign a date for the document expires;
2-Send an email when someone tries to open those documents;
3-Allow me to revoke immediately the access to these documents.
https://2.bp.blogspot.com/-cRqhJztClnk/VaV7gyaRjYI/AAAAAAAAQY0/FFlULDdOegs/s640/25.jpg
Ready your files are safe even outside of your organization.
Credits:
This document was originally published as http://www.micheljatoba.com.br/2015/07/protecao-de-dados-com-microsoft-azure.html and has been reproduced here to allow the community to correct any inaccuracies or provide other improvements until you update the original version of this topic.