Christopher Chapman | MCTContent PM, Microsoft Learning, PDG Planning , Microsoft

Understanding Active Directory

Click to edit Master subtitle style

Microsoft Virtual Academy

Active Directory Rights Management Services (AD RMS)

Module Overview

• AD RMS Overview

• Understanding AD RMS

• Managing AD RMS

Lesson 1: AD RMS Overview

• Overview of AD RMS

• How AD RMS Works

• Options for Using AD RMS

Overview of AD RMS

AD RMS can be used to: Restrict access to an organization’s intellectual property

Active Directory Rights Management Services (AD RMS) is an information protection technology that works with AD RMS-enabled applications to help safeguard digital information from unauthorized use

Active Directory Rights Management Services (AD RMS) is an information protection technology that works with AD RMS-enabled applications to help safeguard digital information from unauthorized use

Limit the actions users can perform on content

Limit the risk of content being exposed outside the organization

How AD RMS Works

RMS Server

Information Author

Recipient

11

22 33

55

44

Options for Using AD RMS

Action Application Features

Protect Sensitive Files

Microsoft® Office:• Word• Excel® • PowerPoint®

• Set rights (View, Change, Print)• Set validity period

Do-Not-Forward/Print E-mail

Microsoft Office Outlook®

• Help protect sensitive e-mail from being sent to the Internet

• Help protect confidential e-mail from being taken outside of the company

Help Safeguard Intranet Content

• Internet Explorer®

• Microsoft Office SharePoint® Services

Help safeguard intranet content by restricting access to:

View Change Print

Identity Federation Support

All RMS-enabled applications

Help safeguard data across AD FS trusts

Lesson 2: Understanding AD RMS

• AD RMS Components

• AD RMS Certificates and Licenses

• How AD RMS Secures Content

• How AD RMS Restricts Access to Data

• Demonstration: How AD RMS Works

AD RMS Components

AD RMS Server

Recipient

Active Directory Domain Controller

SQL Server

Information Author

RMS Enabled Application

AD RMS Certificates and Licenses

AD RMS Certificates and Licenses include: Lockbox

Machine certificate

Rights account certificate

Client licensor certificate

Publishing license

Use license

Revocation list

How AD RMS Protects Content

AD RMS Server

Information Author

Recipient

SQL Server

RMS-enabled Application

Active Directory Domain Controller

33

11

44

22

How AD RMS Restricts Access to Data

AD RMS Server

Information Author

Recipient

SQL Server

33

1155

22

44

Active Directory Domain Controller

RMS-enabled Application

Demonstration: Installing AD RMS

In this demonstration, you will see how to install AD RMS

Lesson 3: Managing AD RMS

• AD RMS Server Role Installation Overview

• Demonstration: AD RMS Management Console

• What Are Exclusion Policies?

• What Are Rights Policy Templates?

AD RMS Server Role Installation Overview

Installation Requirements:

Additional Roles required:Web Server (IIS)

Windows Process Activation Service (WPAS)

Message Queuing

Windows Internal Database

Service Account

Microsoft SQL Server

The server must be a member of the domain

Demonstration: AD RMS Management Console• In this demonstration, you will see the AD RMS

Management Console

What Are Exclusion Policies?

Exclusion can be enabled by: User ID

Public Key String

Application by version

Lockbox Version

Windows Version

Exclusion policies prevent users, applications, lockboxes, and operating systems from acquiring certificates and licenses from servers in the cluster

Exclusion policies prevent users, applications, lockboxes, and operating systems from acquiring certificates and licenses from servers in the cluster

What Are Rights Policy Templates?

Administrators can use rights policy templates to:

Templates are defined for each language to be supported

Rights policy templates provide a manageable, consistent way for workers to apply predefined policies to informationRights policy templates provide a manageable, consistent way for workers to apply predefined policies to information

Apply expiration policies for content and licenses

Set extended policies that:Allow content to be viewed in a browser

Disable client-side caching of use licenses

Set revocation policies to enable content rights to be revoked

Module Review and Takeaways

• Review Questions

• Summary of AD RMS

Thanks for Watching!

©2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Office, Azure, System Center, Dynamics and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.