locked
Azure RMS reporting existing RMS protected documents in the tanent and dissabling Azure RMS license peruser RRS feed

  • Question

  • We have office E3 lic with premium Azure, RMS is turned on, We find users are already license activated for RMS and protecting documents. this is not a desirable situation for us.

    Question1 is there a way to report all documents which are protected?

    2 if a users' Azure Rights management license component is disabled in Suit of E3 licenses, will it disable user to further protect documents? what will happen to existing protected documents by the user and for those who consume these protected documents??
    thanks  


    NSW DECC

    • Moved by Md Shihab Thursday, August 3, 2017 4:46 AM Better suited in Microsoft RMS (Cloud)
    Thursday, August 3, 2017 3:43 AM

All replies

  • Birla,

    Document tracking is limited with the Azure RMS service due to how much goes on via the client side. For example, you can create a protected document offline, after you've connected (Bootstrapped) to the Azure RMS service. Your certificate will most likely last for a year, depending on the configuration of your environment. Could be 30/60/90 days.

    As for your question about blocking users from creating protected documents, my suggestion is to setup an onboarding control policy.

    https://docs.microsoft.com/en-us/powershell/module/aadrm/set-aadrmonboardingcontrolpolicy?view=azureipps

    Running the following command will give you the effect you're looking for -->

    Set-AadrmOnboardingControlPolicy -UseRmsUserLicense $True -Scope All

    As for the protected documents, even with the OBC in place the protected document will still have access based on the template used on protecting the document. The only difference is the users will no longer be able to create protected documents ( After their certificates expire, if you're wanting to delete them they're located in %localappdata%\microsoft\msipc)

    Just to say it one more time, incase it was lost in that information. The OBC doesn't block the consumption of protected documents. The office client or the AIP client will be the one checking if the account logged in has rights. The OBC blocks the ability to protect new content.

    Hopefully this helps,

    Friday, December 22, 2017 8:24 PM