locked
AD RMS and Mobile RRS feed

  • General discussion

  • Hello

    I'm trying to understand how AD RMS will work on a mobile client. I know there are MS solutions for mobile (EMS) along with 3rd party vendors (e.g Blackberry), but this is conceptual.

    Let's say I have AD RMS implemented in my environment. I send a mail that includes an RMS-protected document to an external friend at john@hotmail.com. The protections I have chosen are to disable copy, forwarding and printing.

    John opens the mail on his iPhone 7 Mail client.

    Whilst John is online, my understanding is that:

    1. When opening the attachment, the mail client must connect to an RMS server which confirms the controls

    2. Whenever an action is performed on the file (forward, copy for example), the mail client checks with the RMS server

    Question 1: Is the RMS client in built to all mail clients (e.g. Apple's native one). How about Outlook for iOS?

    Apart from my question above, this all makes sense. But (Question 2), how does this apply if the phone has no signal and the user accesses the file, which is now cached in the mail client, when offline? How can these permissions be checked?

    Question 3 - He wants to edit the file using the native MS Word application on iOS. Assuming that I have allowed Edit permissions, is this possible, but when the file is with MS Word, John still cannot forward/copy/print it? That is, whatever client the document is with, the AD RMS protection still exists?

    Hope someone can help!

    Saturday, April 1, 2017 4:58 PM

All replies

  • This is from my testing. Hope this helps:

    Question 1:

    For your Hotmail example, the account needs Azure Information Protection license, or a free license to view the file. Hotmail can't be registered. See https://docs.microsoft.com/en-us/information-protection/understand-explore/rms-for-individuals

    iOS Native Mail App - It is not built in. For iOS you need the Azure Information Protection viewer app from the App Store. In the native iOS mail app you can open the attached message.rpmsg in the Azure Information Protection app. You need to be signed in to the App to verify permissions. See the email section here - https://docs.microsoft.com/en-us/information-protection/get-started/requirements-applications#footnote-5

    Question 2:

    If there is no data or wifi signal and the AIP app has been closed and it isn't cached, then you can't access the file. Ie, if I open a protected email in the AIP app, sign in and view it, then later close the application and turn off data, and wifi, then access the file again in the AIP, it can't sign in so its blocked. From my testing with Outlook, as long as the email and document have been cached, it can be open if the mobile device is offline.

    Question 3: If you have applied "Do not Forward" template in Outlook when you sent the email and have a non-protected Word document, the Word document is still protected when you open it up from Outlook in iOS then into Word for iOS. You can see a message saying "Restricted Access" and Disallowed: Copy, Share, Print


    Sunday, April 2, 2017 12:56 AM