1 / 17

Use ADDRM with Office 365

Microsoft MVP June 2013 Event. Use ADDRM with Office 365. Benoit HAMET Sydney, June 5 th 2013. This work is licensed under a Creative Commons Attribution- NonCommercial - ShareAlike 3.0 Unported License . Who am I. Benoit HAMET Manager – Microsoft Technologies Specialist at Capgemini

larya
Download Presentation

Use ADDRM with Office 365

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Microsoft MVP June 2013 Event Use ADDRM with Office 365 Benoit HAMET Sydney, June 5th 2013 This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported License.

  2. Who am I Benoit HAMET Manager – Microsoft Technologies Specialist at Capgemini MVP Office 365 http://blog.hametbenoit.info http://www.linkedin.com/in/benoithamet http://twitter.com/benoit_hamet

  3. Agenda • Terminology and Definition • Information Protection Requirements & Approach • What is Right Management and how it works? • RMS in Office 365 • Integration with Exchange, Office and SharePoint

  4. Glossary • IRM: Information Rights Management • DRM: Digital Rights Management • RMS: Right Management Server • RMS Online (AADRM): Cloud based Right Management Service • Publishing License: the license a document is published with • Usage License: the license to use the document • AD: Active directory • ADFS: Active Directory Federation Services

  5. Terminology and Definition • Protection: Encryption + Policy + Policy enforcement • Encryption: Targets securing data in transit or at rest but only until consumed • Policy: Definition of who (identity) can do what (conditions) on a protected item • Policy Enforcement: Application specific code to enforce common, standardized behaviors • Windows Azure AD Rights Management : An offering that is a part of Office 365 • RMS: Right Management Services • IRM: Information Rights Management interchangeable with Rights Management • ERM/DRM: Enterprise or Digital Rights Management • Content-Aware Data Leakage Protection (DLP): Relies on ‘agents’ to apply Protection (encryption + policy) to content Content Protection Policies Enterprise DRM Services Software responsible to protect content People responsible to protect content

  6. Information Protection Requirements • Data is protected at the source • Modern apps save directly to ‘foreign storage’ so they must encrypt before data leaves the app • Data is protected in ‘usable chunks’ • Use patterns are at the document level; not at the full drive level (e.g.: BitLocker) • Especially true on constrained-resource mobile devices; on shared cloud-based storage • Very strong encryption at rest is required; pretty good protection in apps is fine • Assume the data is exposed to adversaries when at rest (pre-authorization) • Presume the user is “trustworthy but possibly absent minded” (post-authorization) • Flexible model to support offline use or online authorization; ITPro decides • Per-app policies and customization(s) to increase usability (reduce friction) • Per-application optimizations (Outlook vs. Word); App Context Matters

  7. Information Protection Approach • Protect files with EFS • Everyday Metaphor: Locking bike rack – useful at that particular location but nowhere else. • Once a good idea but not very useful in modern times… who has only one device? • Lock up personal data stores with BitLocker / BitLocker to Go • Everyday Metaphor: Lock on the front door of your home. Good, but once open, everyone gets in. • Great way to protect against lost laptops and other assets but not at a granular level • Rights Management on-premises, in the cloud, across ‘tenants’ and to guests • Everyday Metaphor: Certified mail that, when closed, requires re-certification before reuse. • Protection for data ‘in the wild’ with flexible terms-of-use, and transport agnostic • Generic file protection using ‘Rights Protected Folders’ • SharePoint ‘Secure Libraries’ • Everyday Metaphor: A well run public Library who’s librarian actually asks to see your identity • Great way to host data that can be centralized; data that leaves is protected • Pro-active protection (aka DLP) via Exchange, FOPE, FCI, ISV offers, etc. • Everyday Metaphor: A persistent yard caretaker for your ‘digital landscape’ • Volunteer application of RM will only get you so far  DLP offers at strategic points does wonders! Combined, these offers give you protection of lost assets, data in repositories, data in flight (user protected or not), and IT controlled* auditing of data usage.

  8. What is Rights Management? • Information Protection technology • Protection is persisted with the data, content can travel anywhere (desktops, file shares, USB keys, network and devices) • Combines encryption, access controls and policy expression and enforcement • Prevent the accidental disclosure of sensitive data by applying usage polices (cannot forward, cannot print, read-only) • Simple to use • Authors just select a policy option, consumers just open documents • Securely share data with individuals within and outside of your organization.

  9. How RMS works? • Galactic Empire Confidential – You cannot copy, print or export this information in unprotected form to droids of any class. • Galactic Empire Confidential – You cannot copy, print or export this information in unprotected form to droids of any class. Use License User certificates Publishing License + keys

  10. AADRM in Office 365 • AADRM: Azure Active Directory Rights Management • AADRM is only available to Office 365 Enterprise plans • Easy to setup and use • Start protecting data within minutes of when you subscribe to Office 365, no on-premises infrastructure required. • Integrated within Exchange Online, SharePoint Online and Office, users will use applications and services they are already familiar with today. • Additional controls available in Exchange Online and SharePoint Online to meet your business requirements.

  11. RMS in Office 365 • Capabilities • Simple mechanism to enable Rights management capabilities across applications and services. • Once Rights Management is enabled, Exchange and Office integration is also enabled including IRM in Office, OWA and EAS. • Provides default templates for to apply common usage rights • Simple templates to restrict access to users within a company. • Will assess usage policies during preview timeframe to gather feedback to add or tune policies. • “Do Not Forward” and Ad-hoc Policies are also available.

  12. Demo Enable RMS in Office 365

  13. Office 2010 and 2013 Integration • Information Worker • Applications are already familiar to users, just learn File, Protect, Restrict Permissions • Policy Templates available to easily apply protection • Users can create ad-hoc policy to provide an addition level of control. • Office IRM integration supports Outlook, Word, Excel, PowerPoint and InfoPath • Information Control • Integrated with Exchange and SharePoint Online (more in a few minutes) • Word, Excel, PowerPoint integrated with SharePoint Document Libraries • Outlook works with Exchange IRM integrated features • Outlook 2013 is integrated with DLP and can use IRM to apply protection • Protection persisted independent of how the data is stored • Desktop, USB Drive, File Share, SkyDrive etc…

  14. Exchange Online Integration • Information Worker • Outlook Web App – IRM messages can be created and consumed in Outlook Web App • Exchange Active Sync – IRM messages can be consumed in EAS based clients that have enabled Rights Management including Windows Phone 7.5 and Touchdown for Android. • Supports collaboration across organizations • Information Control • Journaling- Creates an unprotected copy of messages for compliance purposes • Exchange Transport Rules – Enables automatic protection of content by complementing the DLP capabilities in Exchange Online • Decryption – Can decrypt content for Malware scanning and the additions of disclaimers to messages.

  15. SharePoint Online Integration • Information Worker • Protection is applied when documents are downloaded from a document library, users will not observe a difference. • Provides view only capabilities for Web Access Companion Applications • Information Control • Great for a centralized repository of documents. • When documents are downloaded from SharePoint protection is applied which resides with the document no matter where it goes. • Supports all IRM functionality for policy definition • Can define usage restrictions, policy renewal, and distribution groups on per document library basis. • Supports collaboration scenarios across organizations • Can set access policies to enable users from other organizations to access your document library and stay in control of your data.

  16. Demo Integration with Exchange Online and SharePoint Online

  17. Take Away • Data can flow anywhere anytime • Access based control does not protect content once it has been accessed. • Rights Management provides encryption that is persisted with the content. • Enables rich policy to be associated with content to prevent accidental disclosure of content. • Rights Management is now integrated within the Office 365 • Does not require any additional on-premise infrastructure and takes a few minutes to configure. • Available as a part of the Office 365 Enterprise. • Deep Integration with Office 2013, SharePoint Online and Exchange Online.

More Related