Thanks Chris. So if i have this understood, and please correct me if i dont. I am trying to take my office 365 (70-347) exam and up until now i have been doing alright with the studying. but OME *.* really has me confused. 

 

1) For any Version of OME to work, you had to enable IRM (exchange side) and Either AD RMS (Old On Prem way) or Azure RMS ? Is that Right? What is the difference between Azure RMS and AIP's RMS? (didn't even see that) (I know that AD RMS is on Prem)

 

2) As you said, i think you are correct, if you enable OME now you only have the option of using the NEW OME, if you previously had it enabled then you could use either the OLD OME or the NEW OME (such as my tenant) 

 

3) Am i correct in assuming that the ANY of the OMEs require some version of AD RMS, Azure RMS, or AIP? that would be where they get their templates from right ?

 

Thanks and sorry to hit you with so many questions, but the more i read the more i seem to get confused. 

 

Robert

Thanks Robert,

I took 347 last year as part of the MCSA Office 365 too. I hope that I can clarify this to you to support a successful exam. It is a confusing element. This is probably the best article that I can find (I did an extensive search this morning)

https://docs.microsoft.com/en-gb/azure/information-protection/aka

I would use it together with

https://docs.microsoft.com/en-us/office365/securitycompliance/ome-faq

To answer your questions

1.) This is technically a no. IRM (rights protection) is different from OME (encryption). As the article states IRM was the Office implementation of the technology that supported AD RMS (on premise) and Azure RMS (cloud) - in other words it protected what you could do with documents (I.e. download them, forward them) and, as people are more familiar, templates. Back in the day, when you had AD RMS/Azure RMS and before AIP came out, IRM was included so you typically set them up to work with encryption. Today, IRM (rights protection), like OME (encryption), is a part of the RMS technology which AIP is built on so again you typically set them up together. However, there was a period where OME could be applied when IRM wasn't in AIP, and technically, you can implement encryption for email without having to implement rights protection for documents. To answer your sub question, there should be no difference between Azure RMS and AIP RMS: they are synonymous. I don't really know why Microsoft persists on keeping both names and I imagine they will be phased out in the future.

2.) That is correct, if you add AIP now you have the new capabilities automatically. Legacy OME from older implementations of AIP's should have been upgraded and if you had an old AD RMS on premise SKU then you would migrate it to AIP in order to be able to use the new functionalities or keep it and have the older functionalities.

3.) The templates are referring to are the rights protection of documents which is IRM within RMS, not the OME aspect of RMS. To have IRM on the Microsoft platform and have the ability to control what happens to documents you need AIP, and previously Azure RMS or AD RMS (if on premise) because these are the only services which offer the rights protection of documents and where they got their templates from (I.e. confidential, highly confidential).

Hope that helps to clarify and answer your questions.

Best, Chris