cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Azure RMS best practices for auditing

alphadeltaromeo
Copper Contributor

‎Sep 13 2017 12:58 AM - last edited on ‎May 24 2021 03:11 PM by

‎Sep 13 2017 12:58 AM - last edited on ‎May 24 2021 03:11 PM by

Azure RMS best practices for auditing

 

Hi,

I'm having difficulty trying to implement this where the o365 global admins (and who do not have read access to the file), would be the ones using the auditing tool.

 

I'm assuming I would only install the Track and Revoke AIP tool on the admin PCs, but grant them 'special' rights'? 

 

...and also just to confirm, if a user has the following rights:

View Content, Export Content (Save As), Save File, Edit Content

If they were to save as...'NewFile.docx', how would that impact the auting? (it seems to keep the same Policy and Tracking info regardless of the filename)

It also appears users with these RMS permisisons are able to remove the RMS protection (inc Tracking) from the original file.

 

To clarify, I am trying to acheive the following:

[POLICY1]

-ADMIN
Read: Yes
Audit and Tracking: Yes

-End-User:
Read: Yes
Edit/Save: Yes
Remove/Change RMS Protection: No


[POLICY2]

-ADMIN
Read: No
Audit and Tracking: Yes

-End-User:
Read: Yes
Edit/Save: Yes
Remove/Change RMS Protection: No

 

I'm not sure if this is possible, but any suggestions would be great!

 

Thanks

 

 

1,697 Views
0 Likes
1 Reply
Reply
1 Reply
alphadeltaromeo

‎Sep 21 2017 04:35 AM - edited ‎Oct 02 2017 02:48 AM

‎Sep 21 2017 04:35 AM - edited ‎Oct 02 2017 02:48 AM

Re: Azure RMS best practices for auditing

This is basically what I am trying to achieve.

Could someone clarify the Owners and Authors? ie. from the Azure Classic Portal; Authors has FULL Control. When configuring the RMS protection in the new Azure Portal Co-Owners do not have FULL Control.

Are Owners/Authors (Co-Owners/Co-Authors) the users that creates the document?

 

Drawing2.jpg

In addition, is it possible to have a group of users manage auditing?

For example, HR Dept. has a confidential document and wants to track and audit it. Is it possible fo the HR dept to use the track and audit portal  and what access would they need?

I understand the AIP Client must be installed on the computer they are auditing from..

0 Likes
Reply