Microsoft Rights Management Service Hits General Availability
- By Kurt Mackie
- November 19, 2013
Previously available as part of Office 365, Microsoft's Rights Management Service (RMS) is now available commercially, including for premises-based installations.
RMS reached the "general availability" stage last week, announced Dan Plastina, a leader of the Microsoft RMS team, in a blog post last Friday. The file protection service was already available from Office 365 services last year, but now it can be used with premises-based Exchange Server or SharePoint Server.
RMS uses the Windows Azure Active Directory Service to enforce access restrictions on files. RMS was available as a preview in September for testing purposes. Now, most of the components are commercially available, with just a few exceptions.
One of the more important components for organizations wanting to use RMS with their local Exchange Server or SharePoint Server environments is the availability of the Microsoft Rights Management connector, which can now be downloaded here. The connector is a relay that works with local servers and the Windows Azure Active Directory service to enable RMS file protections.
Microsoft claims that it never has access to the contents of files protected by RMS. IT pros set the user access restrictions through Active Directory groups, and so that's how the file access is controlled. All of the data can be kept on premises, if wanted, according to Microsoft. IT pros control access using an RMS tenant key, which can be controlled on premises, according to Microsoft's description.
IT pros looking for an explanation for how Microsoft's Information Rights Management system works across Exchange and SharePoint libraries can see a recently posted Microsoft Channel 9 discussion by Tejas Patel, a Microsoft senior program manager. He explains that anyone with access to a SharePoint library can access a file when that library gets RMS protection. The service creates a publishing key and a rights account certificate, and sends the key to the recipient to unlock content. IT pros can use PowerShell to configure these document libraries. They also get the ability to see a log of all RMS transactions for investigation purposes.
Also newly released this month is a software development kit (SDK) for Mac OS X. Other SDKs were already available back in September, such as those for Windows, Windows Phone, Android and iOS.
Microsoft also broadened the availability of sharing applications for the RMS service with this general availability release. Sharing applications are used by end users to receive RMS-protected documents. Previously, only a Windows sharing application was available. Now Microsoft has released sharing applications for Windows Phone 8, iOS and Android as well. A sharing application for Mac OS X apparently is still yet to come, with an unknown arrival date.
RMS works with any file type across multiple devices, according to Microsoft. Typically, the service might be used to share Microsoft Office files, such as those used for Word, Excel and PowerPoint. Those applications in Office 365, Office 2013 and Office 2010 have a "Share Protected" button that appears on the ribbon menu. When the Share Protected button is clicked, it adds RMS protection to a file. However, the Microsoft Office product suite isn't yet available across all platforms. For instance, it's not available yet for Android and iOS systems. Consequently, in the meantime, Microsoft has an "allow consumption on all devices" RMS option that can be used. That option saves the document in the PFILE format, which is a generic format that currently lacks all of Microsoft's RMS protection options. However, the PFILE format enforces user authentication, file expiration dates and enables auditing, according to Microsoft's blog post.
Microsoft claims that RMS-protected files can be shared with anyone authorized if they have signed up for a Microsoft account. In addition, Microsoft is planning to add RMS file sharing for end users with Google accounts. Support for Google account holders is planned for calendar-year 2014, according to Microsoft's announcement.
End users get RMS file access for free. They also can create RMS-protected content during a free evaluation period. Otherwise, Microsoft charges organizations for creating content with RMS protection.
The cost to use RMS for organizations is $2 per user per month. It can be bought as an add-on to Office 365 plan or it's included in Office 365 E3, E4, A3 and A4 plans. Microsoft describes more about the service in this July whitepaper (Word .DOC).
Kurt Mackie is senior news producer for the 1105 Enterprise Computing Group.