Update on new Microsoft Cloud Technology

Thomas CollierTechnical Pre-Sales

Azure Rights Management Services

PCs, tablets, mobile

Office 365 DLPWindows Information Protection

& BitLocker for Windows 10

Azure Rights Management Services

Exchange Online, SharePoint Online & OneDrive for Business

Highly regulated

Intune MDM & MAM for iOS & Android

Microsoft Cloud App Security

Office 365 Advanced Data Governance

Datacenters, file shares

Azure 3rd-Party SaaS

O F F I C E 3 6 5D E V I C E S C L O U D S E R V I C E S , S A A S A P P S & O N - P R E M I S E S

Azure Information Protection

The perimeter is moving…

Mobile workforces, BYOD, personal apps, etc.

We need data to be born encrypted and to maintain a

persistent protection

Encryption peering is not practical or scalable

There has to be a better way

Data privacy is importantand is often mandated

With GDPR, you want to know what happens with your data

Azure RMS

AZURE RIGHTS MANAGEMENT

WHY AZURE RMS

BYOKLow entry

configurationCompatibility

Office Integration

Identify, Classify & Tag Share &Protect Usage Tracking Revoke Access

Enhance on-prem DLP

EXO DLP (in motion)

Cloud DLP (at rest)

Encryption

Access Control

Permissions

Global access tracking

Who / Where / When

Grant / Denied

Revoke Document Identify

Classify

Tag

File access tracking

Who / Where / When

Make private

Quarantine

Encryption / RMS Path

DLP Path

AZURE RIGHTS MANAGEMENT

Policy

Unprotectedcontent

Policy is applied, whichcontains usage rights

and content key is applied to the

document

Content is protected by an

unique encryptionkey per tenant.

Document canonly be decryptedby an authorized

user

Rights Management

Authenticationand authorization

Content key andrights

Content of the document does not move to Azure RMS, only the policy, authenticationand authorization rules are stored.

CUSTOM TEMPLATES

The author of a protected document always has Full Control rights.

Scope

Language

Offline Access

Expiration

Defines which users can see the template. This creates a departmental template.

Localize the Name and Description

The amount of time you can access the content without a new authentication request

Set the date or the amount of days after protection the document is available for access

Target the Users or Groups that can open the protected document.Defines the rights or roles which applies when protecting files.

Rights

AZURE RIGHTS MANAGEMENT

Native Protection

Genericallyprotected

• Apps with build-in protection. – Enlightend Apps• Word, Excel, PowerPoint, Text, Images and PDF.• 3rd Party apps that use the Azure RMS API

• Files are fully encrypted and can be accessed within their native app• Usage rights and policies are fully enforced.

• Encapsulate genereric files using the .pfile• Authentication is needed to “unwrap” the protected file.• Content itself is not protected, only when encapsulated.• Usage rights are not enforced (Do-not-print, Do-not-forward, etc)

RMS APPLICATION

CLOUD READY

CLOUD ACCEPTING

AD RMS (CLOUD RELUCTANT)

eploy AAD Connect or AD FS for single sign-on.

• (optional) Bring your own Key (BYOK)

• Customize templates & labels

• Configure applications and services

• Deploy RMS Connector (Optional)Deplo

DOCUMENT TRACKING

• Through the RMS Portal• https://portal.azurerms.com

• Tracking includes:• Dashboard with statistics on open, rejected and activity.• Chronologic list of all actions on your documents• Timeline of document usage.• Provides a geographic mapview of access attempts• E-Mail Notifications

• Premium Feature

REVOCATION

Expired Content

Manually Revocation

Instant Revocation

APPLICATION SUPPORT

Exchange Online

Exchange OnPremise

SharePoint Online

SharePoint OnPremise

File Server using File

Classification

DEMO

End-UserExperience

AdminConsole

Tracking & Revoking

Connectors & Office 365

AZURE RIGHTS MANAGEMENT

Feature RMS for Office 365

Azure InformationProtection P1

Azure InformationProtection P2

Manual document classification and consumption of classified documents Yes Yes

Automated data classification and administrative support for automated rule sets YesHold Your Own Key (HYOK) that spans Azure RMS and Active Directory RMS for highly regulated scenarios

YesProtection for Microsoft Exchange Online, Microsoft SharePoint Online, and Microsoft OneDrive for Business content

Yes Yes Yes

Bring Your Own Key (BYOK) for customer-managed key provisioning life cycle2 Yes Yes Yes

Custom templates, including departmental templates Yes Yes YesProtection for on-premises Exchange and SharePoint content via Rights Management Services (RMS) connector

Yes Yes YesRMS software developer kit for all platforms: Windows, Windows Mobile, iOS, Mac OSX, and Android

Yes Yes YesRMS connector with on-premises Windows Server file shares by using the File Classification Infrastructure (FCI) connector

Yes Yes

Document tracking and revocation Yes YesProtection for non-Microsoft Office file formats, including PTXT, PJPG, and PFILE (generic protection)

Yes Yes YesRMS content consumption by using work or school accounts from RMS policy-aware apps and services

Yes Yes Yes

RMS content creation by using work or school accounts Yes Yes Yes

Office 365 Message Encryption (OME) Yes Yes Yes

Administrative control Yes Yes Yes

RESOURCES

• Yammer:

– aka.ms/aipyammer

• FastTrack

– fasttrack.microsoft.com

OFFICE 365 UPDATES

• Microsoft Teams will replace Skype for Business Online• Skype for Business OnPremise will be released

• AADSync Passthrough Authentication is General Available (GA)• Office 365 adoption content pack in Power BI• First Release = Targeted Release• ATP: Expanded to SharePoint (Also Teams, OneDrive & Groups)• Microservices Launched

• Whiteboard in Preview• Business Center is GA

• Microsoft Connections• Outlook Customer Manager• Microsoft Listings• Microsoft Bookings• Microsoft Invoicing• MileIQ

• Microsoft To-Do is GA