Hello everyone,
We’ve got lots of exciting news today. Earlier this year, we announced the preview of Document Tracking feature at Ignite conference. Today we are excited to announce the world-wide, general availability of this feature. We’re equally excited to release Multi-Factor Authentication support and announce the release of Outlook on Android supporting RMS. Lastly, by popular request, the team has worked overtime to create a public preview of RMS sharing app that enables non-admin users – those who are not administrators on their machine – to install the applications too.
Below you will find the details on each one of them. Our team are already hard at work at the next wave of news and software… both of which are sure to delight!
Reminders: Follow us on twitter ( @TheRMSGuy ) and join in our community on Yammer .
Azure RMS Document Tracking General Availability
As we explained in our preview blog , we’ve extended our base document protection promise to now be these 4 core points:
The last two promises are now in General Availability (GA) while the first two are the Azure RMS offers that have been in market for a while. These promises give our users immense control over their documents. The scenarios are easy, and quick to implement. Check out the preview blog for a step-by-step guide on how to try out the scenario.
So what’s new with the GA?
And what’s coming?
Multi-factor authentication in Rights Management clients
Next, we want to share with you some great news about modern authentication update in RMS applications that enable you to use stronger authentication with Azure RMS.
We heard a lot of feedback from customers who need additional assurance in the identity of recipients of their RMS-protected documents. Multi-factor authentication (MFA) is a method of authentication that requires the use of more than one verification method and adds a critical second layer of security when users sign-in. It is one of important cloud security controls . MFA usually works by requiring any two or more of the following verification methods:
You can learn more about what is MFA, how it works, and available methods from our friends in the Azure MFA team by reading What is Azure Multi-Factor Authentication . And now you can use all these different modern authentication methods like Azure MFA service or server, smart cards, or compatible One Time Password on-premises solution with your Rights Management applications that support modern authentication .
Today we’re announcing the support for Rights Management with modern authentication for the following clients:
The typical user experience will look similar to this:
Sign-in in the Right Management application on Windows
If MFA is enforced for the user, this flow will now challenge the user to enter or use their second factor. This screen will vary widely based on what the organization choses to do : Azure MFA, smart card, etc.. What you see here is the Azure MFA version from Azure AD Premium:
Text message as the second factor in the Right Management application on Windows
2. In this particular case, the user must enter the code that they receive in the text message on their phone, access is granted, and they can then open the RMS-protected document.
This modern authentication update enables the following new authentication scenarios with Azure RMS:
With the new ADAL-based modern authentication in our Rights Management client applications, your users can sign in using true multi-factor authentication. The second factor of authentication the user must provide is dependent on the configuration by your IT administrator: this could be a phone call or text message from Azure MFA , or one-time password (OTP) from a supported MFA solution integrated with your on-premises AD FS or 3 rd party federation server .
2. SAML-based third-party identity provider sign-in
Now, with the modern ADAL-based authentication flow, users can sign in to RMS client applications even when using an identity provider that uses SAML-P 2.0 – for example, one of 3 rd party federation server s.
3. Smart card and certificate-based authentication
If you have deployed Active Directory Federation Services (AD FS) on-premises, you may elect to configure users to sign in with smart card/certificate-based authentication. In this configuration, your users are not required to enter their user name and password. Instead, they use smart cards (physical or virtual) for authentication.
Note however that support for smart cards is challenging on mobile devices running iOS or Android.
How to get the update
With this announcement we released an updated version ( 1.0.1908 ) of the Rights Management sharing application for Windows. This version onwards supports modern authentication.
Our partners in the Office team blogged about their support for modern authentication . You should install the most current version of Office clients ( June update or later in Office on Windows).
Getting started with MFA
You can learn more about MFA requirements for Azure RMS and client requirements in the Rights Management sharing application administrator guide .
We recommend you learn more about Azure MFA and how it works . For customers that use Microsoft-managed tenants, it is really easy to configure Azure MFA for your users. But you can always use it on-premises too, with Azure MFA server – the following article can help you to choose the right solution for your environment.
If you are specifically interested in modern authentication with Office 365 services, please refer to Plan for multi-factor authentication for Office 365 deployments .
MFA support on iOS
On iOS, MFA support on Office applications and RMS sharing application works only with PhoneFactor MFA application (this is the previous version of Azure Authenticator). We have found a bug with the new iOS Azure Authenticator app and RMS. We are actively working to fix this. Expect an update in the next few weeks. In the meantime, you can try out MFA with RMS on all other platforms.
Outlook Android with RMS support
If you install the latest version of Outlook app on your Android device, you will find that this app now supports opening and replying to RMS protected emails. Our friends at Office are working incredibly hard to make Outlook the app of choice on all mobile platforms, and the RMS feature further helps with the mission. Here’s the latest screenshot showing this support:
RMS sharing app Public Preview for ‘non-admin’ users
Our customers love Secure B2B collaboration support via RMS sharing app. The Share Protected add-in in Office apps is one of the most common ways to share documents outside the company. With easy sign up for recipients via RMS for individuals , users can send the document any business account in the world.
A critical piece of feedback we have received from customers is that they want their recipients who are not admins on their PC to be able to install the RMS sharing app. We’ve listened and are pleased to announce a Preview release of the RMS sharing app that non-admin users can install.
We made the required architectural changes to bring this functionality to life and we now invite you to experience the scenario of deploying the RMS sharing app when you are not an admin on your PC! Below are the instructions to try out the preview build:
[NOTE: If you receive an error, you haven’t registered on Microsoft Connect. To register: go to www.connect.microsoft.com , sign in with your Microsoft Account > Directory> 'View Connect products currently not accepting feedback' > Search for Rights Management Services > Join.]
In Summary
We have had an incredible year with many new innovations, but we are not done yet. If you have any questions or feedback, please post it below. Also, you can write to us at askipteam@microsoft.com .
Thanks,
Dan on behalf of our incredibly dedicated RMS team
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.