Organizations that are interested in taking advantage of the Rights Management features available in volume licensed versions of Microsoft Office have a new deployment option available:
Windows Azure AD Rights Management (AADRM).
AADRM is already available through the Office 365 portal for organizations that are already using Online Services such as Exchange Online and SharePoint Online. The Office 365 E3 SKU is required, and the Office Professional Plus SKU must be used to right-protect content with RMS.
AADRM “stand-alone” is expected to be generally available in the early fall of 2013 and will enable organizations to deploy a highly available RMS infrastructure without the infrastructure or implementation costs of standing it up on premise. It will feature a connector that allows you to connect it with on-premise Exchange and SharePoint servers even if you do not use any other Office 365 service.
Here is a hypothetical design showing the connector software running on two load balanced on-premise servers, allowing on-premises Exchange and SharePoint servers to use AADRM.
Pricing is set at $2/user/month for users who need the ability to protect content. It is free to view content that has been RMS protected.
There are at least two major benefits that I can tell from AADRM:
1) Organizational sharing is implied among all Office 365 tenants. If you use RMS to protect a document and you send it to another organization who also uses Office 365, they can view that document. This is an advantage over on-premise RMS which requires an ADFS trust. Eventually, AADRM will allow you to share with Google IDs (CY14).
2) At GA release in the fall of 2013, AADRM will allow for any type of document to be protected by RMS, not just Office documents.
AADRM will not be a perfect fit for all organizations.
- Companies that still have Windows XP, Vista, or versions of Office prior to 2010 will need to use AD RMS on-premises and then perhaps migrate to Azure RMS later when their clients have been upgraded.
- AADRM is limited to two templates that cannot be customized (“Company Confidential” and “Company Confidential Read Only”). If you need to create custom templates, you need to deploy AD RMS on-premises.
In any case, whether you deploy to the cloud or on-premise, all scenarios require a volume licensed copy of Office. The OEM SKU (“professional”) that comes bundled from the hardware manufacturer cannot create RMS content.
Mobile Client Support
- Windows 7.5 and 8 devices natively support RMS
- Android and iOS devices can support RMS through Nitrodesk Touchdown 7.3
- Blackberry devices can view RMS content with RMS Viewer
Max OSX v10.5 (Leopard) or later and Office for Mac 2011 Volume License. Non-volume license copies can read RMS but cannot protect content.
RMS Whitepaper (July 2013)
Azure RMS Pricing
RMS Team Blog
Azure RMS on Technet
How RMS protects documents
RMS Best Practices Guide
IRM Deployment Guide in Office for Mac 2011
RMS Troubleshooting Guide