Announcement: Azure RMS Documentation Library Update for February 2016

Copper Contributor

Sep 08, 2018

First published on CloudBlogs on Feb 29, 2016
Hi everybody As per Carol’s introduction post , she's letting you know what's new and hot in the docs for this month. Reminders: Follow us on twitter ( https://twitter.com/TheRMSGuy ) and join in our RMS peer community at http://www.yammer.com/AskIPTeam . Dan (on behalf of the RMS team) The https://technet.microsoft.com/en-us/library/jj585024.aspx has been updated on the web and the latest content has Updated: February1, 2016 (or later) at the top of the page.

Summary of the documentation available: https://technet.microsoft.com/en-us/library/jj585016.aspx | https://technet.microsoft.com/en-us/library/jj585002.aspx | https://technet.microsoft.com/en-us/library/jj585006.aspx | https://technet.microsoft.com/en-us/library/jj585027.aspx | https://technet.microsoft.com/en-us/library/mt634662.aspx

Plus, the Rights Management sharing application guides ( https://technet.microsoft.com/en-us/library/dn339003.aspx and https://technet.microsoft.com/en-us/library/dn339006.aspx ) and FAQs (for http://technet.microsoft.com/en-us/dn467883 and http://technet.microsoft.com/en-us/dn451248 ).

There were no significant doc updates for January, 2016, and no significant updates for the RMS sharing application this month. We value customer feedback and try to incorporate it when possible. Although we can't promise to make the docs perfect for everybody, we are committed to continual improvement. If you have any feedback about the docs for the RMS sharing application or for Azure RMS, email mailto:askipteam@microsoft.com?subject=Documentation%20feedback .

What's New in the Documentation Library for Azure Rights Management, February 2016

The following information lists the articles that have significant changes since the last update (December 2015). https://technet.microsoft.com/en-us/library/jj585026.aspx - Updates for the following:

The https://technet.microsoft.com/en-us/library/jj585026.aspx#BKMK_Example_DLP section to clarify that the DLP rule configuration is done from the Exchange admin center (and not the Azure portal).
The https://technet.microsoft.com/en-us/library/jj585026.aspx#BKMK_RMScrytographics section, to explain how the cryptographic keys are stored and secured.

https://technet.microsoft.com/en-us/library/dn655136.aspx - Updates for the following:

Clarified the infrastructure requirement for web proxies, that these are supported if configured to use integrated Windows authentication with the user’s Active Directory logon credentials.
In the https://technet.microsoft.com/en-us/library/dn655136.aspx#BKMK_SupportedSubscriptions section, added a reference to the newly published Licensing FAQ for Azure Rights Management on the https://www.microsoft.com/en-us/server-cloud/products/azure-rights-management/Purchasing.aspx page. If you have questions about licensing Azure RMS (and we know many of you do!), check this section first and then the FAQs.
In the https://technet.microsoft.com/en-us/library/dn655136.aspx#BKMK_RMSSupportedMobileDevices section, removed Windows RT 8.0 now that it's out of support (Windows RT 8.1 remains supported).
In the https://technet.microsoft.com/en-us/library/dn655136.aspx#BKMK_SupportedServers section, added Exchange 2016 as a supported version for the Rights Management connector.

https://technet.microsoft.com/en-us/library/dn750853.aspx - Updated the answer for "Can Rights Management prevent screen captures?" to clarify that it's the Copy usage right that allows or blocks screen captures when this is honored by applications that are enlightened for Rights Management. But also included some well-known exceptions where Rights Management can't prevent screen captures because it's prevented by the underlying operating system or applications. For example, iOS and Mac devices do not allow any app to prevent screen captures, and browsers (for example, when used with Outlook Web App and Office Online) also cannot prevent screen captures. Some new entries, based on recent questions we've been hearing:

Do files have to be in the cloud to be protected by Azure RMS?
Are there step-by-step instructions to configure Exchange Online to use Azure RMS?
Does Azure RMS work with dynamic groups in Azure AD?

https://technet.microsoft.com/en-us/library/dn858447.aspx - Updated to clarify that the instruction for HSM-protected key to HSM-protected key migration assume your AD RMS key is module-protected, which is typically the case. If your AD RMS key is OCS-protected, please contact mailto:%20askipteam@microsoft.com?subject=AD%20RMS%20migration%20with%20OCS-protected%20key before following the migration instructions. https://technet.microsoft.com/en-us/library/dn440580.aspx - Updates for the following:

In the Prequisites for BYOK section, removed the (optional) entry for an Azure subscription and Azure storage if you want to log how your BYOK Azure RMS tenant key is used. With the new logging changes this month, no additional subscription or purchased storage is necessary.
Added clarification for the protect=module parameter and value, to clarify that the protect value must be specified because the BYOK toolset does not support OCS-protected keys.
Added clarification for the appname=simple parameter and value, when importing your key to CNG. If you used our previous instructions in this page to create a new key, we used the value of simple, which we then repeated in subsequent commands. However, if you are migrating an existing HSM-protected key for an AD RMS migration to Azure RMS, you will need to specify your existing name in this command and the commands that follow when they also use the appname parameter.

https://technet.microsoft.com/en-us/library/jj658941.aspx - Updates for the following:

Added a link to a new video, that shows activation from the Azure classic portal: https://channel9.msdn.com/series/pit-stop-enterprise-mobility-suite/activate-azure-rms .
Updated the https://technet.microsoft.com/en-us/library/jj658941.aspx#BKMK_OnboardingControls section to clarify that user onboarding controls are not enabled by default, so if you do not configure these, all users will be able to protect documents and emails after you activate Azure RMS.

https://technet.microsoft.com/en-us/library/dn642472.aspx - Added link to new video: https://channel9.msdn.com/series/pit-stop-enterprise-mobility-suite/create-rms-custom-template https://technet.microsoft.com/en-us/library/jj585031.aspx - Updated the https://technet.microsoft.com/en-us/library/jj585031.aspx#BKMK_ExchangeOnline section, to clarify that you specify the location of the Azure RMS tenant key, according to where your organization's tenant was created (which might not necessarily be where you or your organization is located). https://technet.microsoft.com/en-us/library/mt169423.aspx - Updated the Usage Rights and Descriptions table to clarify that the Copy (common name) / EXTRACT (encoding in policy) usage right includes screen captures. https://technet.microsoft.com/en-us/library/mt147272.aspx - Updated for the newly added support for a super user group, which you specify by using the https://msdn.microsoft.com/library/azure/mt653943.aspx cmdlet from the 2.4.0.0 version of the Azure Rights Management PowerShell module. https://technet.microsoft.com/en-us/library/dn375964.aspx - Updated the Step 2: https://technet.microsoft.com/en-us/library/dn375964.aspx#EnteringCredentials section, for example syntax to sign in and document that some special characters are not supported in the password, which can result in the error message "That user name and password combination is not correct", even though you can successfully sign in using this account and password for other scenarios. The Exchange section is also updated for Exchange 2016. https://technet.microsoft.com/en-us/library/dn529121.aspx - Updated for the new logging change that occurred Feb 22. Miss this excitement enhancement? Read about it on the Micrsoft RMS team blog: Announcement: Azure RMS usage logs are now automatically enabled with free storage https://technet.microsoft.com/en-us/library/jj585027.aspx - Updated for links to the new PowerShell cmdlets for the super user group and new usage logging: