Azure Rights Management Service

With business trending toward “bring your own device”, file level security today is paramount. Because of the consumerization and externalization of IT, Social Enterprise, and data stored in locations out of your control, we need to take measures to ensure our data, whether it is personal or business related, is protected. With the next couple blog posts, I plan to talk about how you can protect your information using Microsoft technology. Microsoft recognizes that we are a more mobile society, and that sensitive information is being consumed on a number of different type devices.

With the advent of the cloud and Microsoft’s commitment to be “All In” with cloud technology, data security is at the top of their priority list. That is why Microsoft pledges with file level security to:

  1. Protect any file type including non-Microsoft files like PDF files and images,

  2. Provide the ability to consume protected files on any important devices (Apple, Android, and all Windows Operating systems),

  3. Share files with anyone,

  4. Share files with any business user,

  5. Share files with any individual (Live ID/GMAIL ID) using a free Rights Management Software tool,

  6. Keep data on-premise as opposed to in the cloud,

  7. Control Rights Management Software ‘tenant key’ from on-premise,

  8. Provide full transparency with how protected data is consumed by others.

To meet this pledge, Microsoft recently released Azure Rights Management Services (Azure RMS). Azure RMS is very similar to Active Directory Rights Management Services (AD RMS). It is built on the same features in AD RMS, and can be a replacement for AD RMS. There are connectors available to connect Azure RMS to your on-premise Exchange and SharePoint environments. However, there may be circumstances within your business that require AD RMS. In this case, Azure RMS can coexist alongside AD RMS using Windows Server 2012, rather than being a straight-up replacement. To help explain the differences I have provided a table that compare the two products. From this, you can see Azure RMS offers a very compelling service. There are two areas that are worth noting:

Companies that still have Windows XP, Vista, or versions of Office prior to 2010 will need to use AD RMS and then perhaps migrate to Azure RMS later when their clients have been upgraded.

Azure RMS is limited to two templates that cannot be customized (“Company Confidential” and “Company Confidential Read Only”). If you need to create custom templates, you need to deploy AD RMS.

Differences between Azure RMS and Active Directory RMS


Customers that have either an E3, E4, A3, or A4 subscription with Office 365 have rights to use Azure RMS. Azure RMS can also be purchased individually from the Office 365 Portal for a monthly cost of $2 / user.