Microsoft Releases Azure Rights Management Service Preview
- By Kurt Mackie
- September 04, 2013
A preview release of Microsoft's Windows Azure Rights Management Service (RMS), which provides organizational control over shared file access, is now available.
Since late 2012, RMS has been available commercially with Office 365 services as Azure RMS for Office 365. For other implementations, however, Azure RMS was released as a preview either on July 29, according to a "Microsoft Rights Management" whitepaper, or last week, according to a Microsoft Active Directory RMS team blog post. It's not clear which account is correct.
The Azure RMS preview is only available by request, however. Microsoft's blog post contains an e-mail link for organizations if they want to request trying the preview. Microsoft is recommending the preview just for organizations that don't already have Active Directory RMS deployed. Azure RMS is a cloud-based service and it differs in various ways from Microsoft's Windows Server Active Directory RMS solution.
The Azure RMS preview can now be tested with so-called "cloud accepting" or "cloud hesitant" architectures, in Microsoft's parlance. Microsoft is planning to release a commercial Azure RMS solution for such architectures in "early October," according to the whitepaper. In contrast, Microsoft considers its own Office 365 services to be "cloud ready," and hence the Azure RMS service is already available for organizations using those services. Office 365 subscribers can currently purchase the Azure RMS service at a cost of $2 per user per month. It's available either as an add-on to Office 365 service offerings or it's included with E3, E4, A3 and A4 Office 365 service plans.
Microsoft is also offering a free option, which is called "RMS for Individuals." This free option is also one way that files can be shared with people who haven't paid for an Azure RMS subscription. RMS for Individuals depends on using a free RMS sharing application. Users can read and share RMS-protected content using the free service, which isn't managed by IT departments. However, Microsoft's white paper claims that it will be easy for IT pros to later convert these free accounts into licensed users, which enables account management. The free accounts have to be validated each month by users, which seems to be the only restriction on using the service. Microsoft currently allows the use of the free account for sharing files among business users, but it plans to expand Azure RMS file sharing capabilities for individual users if they have Microsoft account sign-ins or Google IDs sometime next year.
Azure RMS allows organizations to protect "any file type" on various devices. Microsoft claims that no data get shared with Microsoft when using the Azure RMS service. The files can be stored on premises or in a cloud-based storage, or even on a thumb drive, and still be protected, according to Microsoft. Users activate protection on a document by clicking a "share protected" button within an application, which gives the user the ability to specify viewing and editing privileges, as well as a sharing expiration date. Microsoft claims that Azure RMS can be used securely with consumer storage services such as DropBox, GDrive and SkyDrive.
New Azure RMS Components
Last week, Microsoft released various components of Azure RMS, including five software development kits (SDKs), a new RMS sharing application for Windows, a "bring your own key" capability, an RMS Connector for on-premises Exchange and SharePoint servers, and the RMS for Individuals solution.
The new SDKs are designed for developers using Windows, Windows Phone, Android and iOS platforms. Microsoft plans to release a preview of a Mac OS X SDK on the Microsoft Connect portal in October. The RESTful APIs are still to come. Microsoft isn't building SDKs for Linux or BlackBerry Web platforms and so recommends using RESTful APIs for those platforms.
While the Azure RMS sharing application is now available on the Windows platform, Microsoft has already built sharing applications for other platforms, such as Windows Phone, Android, iOS and Mac OS X. Those sharing applications aren't publicly available for those other platforms because store approvals are still pending, according to Microsoft.
The bring-your-own-key capability lets IT organizations set their own compliance policies. It works with Thales' HSM solution in Microsoft's datacenters. Microsoft plans to add the capability to push keys to the datacenter every two hours -- a capability called "key rejuvenation" -- which will be available in preview form in September. Currently, the bring-your-own-key capability isn't supported on Exchange Online.
In addition to Azure RMS working with Office 365 solutions, Microsoft's whitepaper indicates that it works with the Microsoft Outlook 2013 and Exchange 2013 combination on premises "out of the box" for automatic protection of files. Azure RMS is supported on Office 2010 and Office 2013, too, but it's not supported currently on Microsoft Office for Mac.
This fall, Microsoft plans to offer Azure RMS as a standalone service. It will be available via enterprise volume licensing programs or by subscription.
Kurt Mackie is senior news producer for the 1105 Enterprise Computing Group.