Excel on Mac opens ADRMS-protected documents with expired Rights Templates RRS feed

  • Question

  • We have ADRMS ( deployed to Active Directory, which allows us to protect Office documents with Rights Templates. Rights Templates define permissions for protected documents (like Print, Edit, etc.), and also allow to specify an Expiration Date. Documents protected with a Rights Templates that has Expiration Date in the past, do not open, and instead Excel shows a message "Your permission to view this document has expired."

    Out of the box, ADRMS only works for Office on Windows. To make it work for Office on Mac, additional component "Active Directory Rights Management Services Mobile Device Extension" ( needs to be installed. We have installed the component, and now we can open protected Excel files on Mac, but finding that Excel on Mac opens the documents even when the Rights Template has expired.

    Using a man-in-the-middle proxy, I looked at the responses returned by the ADRMS server to Excel on Windows and Excel on Mac when they open a protected document, and found the following:

    - Excel on Windows gets a XML response, which among other things contains the Expiration Date which I set in the Rights Template. That, I presume, allows Excel to decide whether to open the document or to display the message "permission has expired".

    - Excel on Mac gets a JSON response, which does NOT contain the Rights Template Expiration Date. It contains two date properties called ContentValidUntil and LicenseValidUntil. From my observations, the first one is always null and the second one is always the current UTC date. I don't know whether one of these dates is supposed to be the Rights Template Expiration Date or whether the Expiration Date is missing from the response, but the end result is that Excel on Mac opens protected documents with expired Rights Templates.

    I'm using Excel 16.21.1 on macOS Mojave.

    Monday, February 4, 2019 10:41 PM

All replies

  • Microsoft please reply. We cannot turn on Office security for our Mac users because of this issue.
    Wednesday, February 6, 2019 7:15 AM
  • Hi Microsoft, the lack of response here is unacceptable. I managed to get on a Slack channel used by "Office for Mac" developers, one of them was kind enough to go speak with the ADRMS developers for me. Apparently this is a known issue in ADRMS, bug tracking number is VSO ONE:3988676. Here's a link to it which I obviously cannot access: None of the MS support teams I tried to speak with can see this bug either, it's probably internal to the ADRMS dev team. How can I get visibility on this bug? What is going on with it?

    • Edited by Andrew-72 Monday, April 1, 2019 12:39 AM
    Monday, April 1, 2019 12:34 AM