PCs, tablets, mobile
Office 365 DLPWindows Information Protection
& BitLocker for Windows 10
Azure Rights Management Services
Exchange Online, SharePoint Online & OneDrive for Business
Highly regulated
Intune MDM & MAM for iOS & Android
Microsoft Cloud App Security
Office 365 Advanced Data Governance
Datacenters, file shares
Azure 3rd-Party SaaS
O F F I C E 3 6 5D E V I C E S C L O U D S E R V I C E S , S A A S A P P S & O N - P R E M I S E S
Azure Information Protection
The perimeter is moving…
Mobile workforces, BYOD, personal apps, etc.
We need data to be born encrypted and to maintain a
persistent protection
Encryption peering is not practical or scalable
There has to be a better way
Data privacy is importantand is often mandated
With GDPR, you want to know what happens with your data
Azure RMS
AZURE RIGHTS MANAGEMENT
Identify, Classify & Tag Share &Protect Usage Tracking Revoke Access
Enhance on-prem DLP
EXO DLP (in motion)
Cloud DLP (at rest)
Encryption
Access Control
Permissions
Global access tracking
Who / Where / When
Grant / Denied
Revoke Document Identify
Classify
Tag
File access tracking
Who / Where / When
Make private
Quarantine
Encryption / RMS Path
DLP Path
AZURE RIGHTS MANAGEMENT
Policy
Unprotectedcontent
Policy is applied, whichcontains usage rights
and content key is applied to the
document
Content is protected by an
unique encryptionkey per tenant.
Document canonly be decryptedby an authorized
user
Rights Management
Authenticationand authorization
Content key andrights
Content of the document does not move to Azure RMS, only the policy, authenticationand authorization rules are stored.
CUSTOM TEMPLATES
The author of a protected document always has Full Control rights.
Scope
Language
Offline Access
Expiration
Defines which users can see the template. This creates a departmental template.
Localize the Name and Description
The amount of time you can access the content without a new authentication request
Set the date or the amount of days after protection the document is available for access
Target the Users or Groups that can open the protected document.Defines the rights or roles which applies when protecting files.
Rights
AZURE RIGHTS MANAGEMENT
Native Protection
Genericallyprotected
• Apps with build-in protection. – Enlightend Apps• Word, Excel, PowerPoint, Text, Images and PDF.• 3rd Party apps that use the Azure RMS API
• Files are fully encrypted and can be accessed within their native app• Usage rights and policies are fully enforced.
• Encapsulate genereric files using the .pfile• Authentication is needed to “unwrap” the protected file.• Content itself is not protected, only when encapsulated.• Usage rights are not enforced (Do-not-print, Do-not-forward, etc)
eploy AAD Connect or AD FS for single sign-on.
• (optional) Bring your own Key (BYOK)
• Customize templates & labels
• Configure applications and services
• Deploy RMS Connector (Optional)Deplo
DOCUMENT TRACKING
• Through the RMS Portal• https://portal.azurerms.com
• Tracking includes:• Dashboard with statistics on open, rejected and activity.• Chronologic list of all actions on your documents• Timeline of document usage.• Provides a geographic mapview of access attempts• E-Mail Notifications
• Premium Feature
APPLICATION SUPPORT
Exchange Online
Exchange OnPremise
SharePoint Online
SharePoint OnPremise
File Server using File
Classification
AZURE RIGHTS MANAGEMENT
Feature RMS for Office 365
Azure InformationProtection P1
Azure InformationProtection P2
Manual document classification and consumption of classified documents Yes Yes
Automated data classification and administrative support for automated rule sets YesHold Your Own Key (HYOK) that spans Azure RMS and Active Directory RMS for highly regulated scenarios
YesProtection for Microsoft Exchange Online, Microsoft SharePoint Online, and Microsoft OneDrive for Business content
Yes Yes Yes
Bring Your Own Key (BYOK) for customer-managed key provisioning life cycle2 Yes Yes Yes
Custom templates, including departmental templates Yes Yes YesProtection for on-premises Exchange and SharePoint content via Rights Management Services (RMS) connector
Yes Yes YesRMS software developer kit for all platforms: Windows, Windows Mobile, iOS, Mac OSX, and Android
Yes Yes YesRMS connector with on-premises Windows Server file shares by using the File Classification Infrastructure (FCI) connector
Yes Yes
Document tracking and revocation Yes YesProtection for non-Microsoft Office file formats, including PTXT, PJPG, and PFILE (generic protection)
Yes Yes YesRMS content consumption by using work or school accounts from RMS policy-aware apps and services
Yes Yes Yes
RMS content creation by using work or school accounts Yes Yes Yes
Office 365 Message Encryption (OME) Yes Yes Yes
Administrative control Yes Yes Yes
OFFICE 365 UPDATES
• Microsoft Teams will replace Skype for Business Online• Skype for Business OnPremise will be released
• AADSync Passthrough Authentication is General Available (GA)• Office 365 adoption content pack in Power BI• First Release = Targeted Release• ATP: Expanded to SharePoint (Also Teams, OneDrive & Groups)• Microservices Launched
• Whiteboard in Preview• Business Center is GA
• Microsoft Connections• Outlook Customer Manager• Microsoft Listings• Microsoft Bookings• Microsoft Invoicing• MileIQ
• Microsoft To-Do is GA