The addition of Azure Rights Management features to the Office 365 service makes accessible something that was previously complex. With Rights Management Services you can protect your documents and decide, and enforce, what others can do with them, even after they have left your possession.
Rights Management Service, or RMS, works with Microsoft Office documents including Word, Excel, PowerPoint and even email within Outlook. You can use RMS to set restrictions, such as not allowing a document to be printed or preventing an email from being forwarded by the recipient.
In the past RMS had a potential single point of failure – an organization’s own RMS server. If that server was down then there would be issues with opening RMS-protected documents produced by the organization’s staff. Now the role of the RMS server is played by the Office 365 service, which provides a much more robust infrastructure that removes that single point of failure. Rights Management Services is now ready for popular use.
To activate RMS in Office 365, logon as administrator and go to Service Settings in the Office 365 admin area and select Rights Management. You’ll see an “activate” button like the one shown below. Click Activate and within a short time Rights Management functionality will be available on your Office 365 tenancy.
You should be aware that using RMS could impact your communications with others. For example, if you send an RMS protected email to a Gmail account then the recipient will not be able to open it using the browser-based Gmail interface. Instead they will see an error that reads: “This message uses Microsoft Information Protection solutions. Open this item using an email application that supports protected messages, such as Microsoft Outlook.”
Therefore I would recommend that you test RMS first within your organization before you consider using it in communications with 3rd-party organizations. There are several ways that RMS could be useful within an organization. For example, there is much benefit to be derived from the “Confidential” feature which is designed for documents intended only for internal use. With this feature applied to a document, if someone accidentally emails it outside of the organization then it simply will not open for an external party. You would apply this feature by applying either the “Confidential” or “Confidential View Only” template to the document or email. Both of those templates will restrict access to people who have accounts in your Office 365 tenancy. In MS Word, for example, you get to the area shown in the following screenshot by using the File menu and selecting the Info area, there you will see the Protect Document button shown in the picture below. Then if you click on the Restrict Access option you are given the list of default templates to choose from. (The phrase “Day Training” in the template names is just the name of the company used in this example).
The other template shown above, Restricted Access, allows you to assign other people “read-only” or “edit” permissions to the document based on their email address. You can input multiple email addresses, or you can choose the option to grant read access to anyone who has a copy of the document. However, you need to remember that the people to whom you have granted permissions can only open the file using software that understands RMS-protected documents, e.g. Microsoft Office.
In a later post we will look at creating custom RMS templates, which will allow you to make more granular security choices.