none
what is the use of RMS intergration with SharePoint i have done that and i cant see the benifits RRS feed

  • Question

  • Hi

    i am not able to see any benefit after integrating my SP 2013 library with RMS connector

    i have reviewed the below link, it is good but doesn't really handle this question perfectly or clearly

    like how does it work? will the SP pull the policies from the Azure RMS. why are the restrictions so limited?

    will the restrictions , example - don't allow viewers to print apply on all files once they are downloaded? does the user need to have viewer only on the share point library to be restricted and generally what take presence the rms polices or the share point permissions?

    https://support.office.com/en-us/article/Apply-Information-Rights-Management-to-a-list-or-library-3bdb5c4e-94fc-4741-b02f-4e7cc3c54aa1

    Friday, December 30, 2016 10:40 AM

All replies

  • Have a look at https://docs.microsoft.com/en-us/information-protection/understand-explore/office-apps-services-support#sharepoint-online-and-sharepoint-server for an explanation of how this protection works with SharePoint.

    We usually advise that you don't go overboard on the restriction options - just restricting the document to authorized users offers a simple but very powerful way to help prevent documents leaking (accidentally or intentionally) from your organization. For example, a user saves a copy of a document on a laptop or USB stick that is lost or stolen, saves a copy to cloud storage that isn't under your control, emails a copy to a competitor or accidentally to the wrong person, or even uses their own email provider that then gets hacked.  In all these scenarios, only people who are authorized to edit documents on your SharePoint library will be able to read the document.

    Although you've gone through the configuration, you might find it useful to skim through this high-level walkthrough (the concepts also apply to SharePoint Server with the connector): https://docs.microsoft.com/en-us/information-protection/understand-explore/what-admins-users-see#automatically-protecting-files-with-sharepoint-online-and-protected-libraries

    And these instructions (for the admin and end users), where the recommendation is to use the default configuration with only one optional setting: https://docs.microsoft.com/en-us/information-protection/get-started/scenario-sharepoint

    Sunday, January 1, 2017 7:27 PM
  • thank you Carol, great links but still i have some dark spots

    now i understand that the restrictions will apply once the file is DOWNLOADED, which was not clear in any of the links i checked before

    unfortunately it seems that documentations on this topic assumes that one have dome previous knowledge about SharePoint and RMS, which is not the case here :)

    to prove that i will ask the following question;

    what is meant by when i user *download* a file? does it means he opens a word file and safe it on his machine? in my case when a user does that no restrictions can be seen on the file

    additionally you did not address a very important point in my thread, that is the SP level permissions, do they affect the RMS policy on the library?

    your answer is great but i really need to understand this in a better way to be able to fix my current issue

    *user A will upload a file to an IRM protected library on an on premise SP 2013 server integrated with azure RMS connector, user B access the same library and saves the file on his machine & no restrictions on the file*

    Monday, January 2, 2017 10:04 PM
  • when a user downloads a file that is in a protected library the policy is not applied, i ran the analyzer tool on the SP server and i get the below error

    2017-01-03 11:32:05 INFO     Checking SharePoint IRM property:  IRMEnabled
    2017-01-03 11:32:05 INFO     Value expected for property:  True
    2017-01-03 11:32:05 INFO     Value set for property:  True
    2017-01-03 11:32:05 INFO     Property passed:  IRMEnabled
    2017-01-03 11:32:05 INFO     Checking SharePoint IRM property:  UseActiveDirectoryDiscovery
    2017-01-03 11:32:05 INFO     Value expected for property:  False
    2017-01-03 11:32:05 ERROR    The task exceeded the allowed timeout and was aborted.
    2017-01-03 11:32:06 INFO     --- Diagnostic tests completed ---

    Tuesday, January 3, 2017 12:49 PM
  • Yes, from your previous description it sounded as though your SharePoint IRM policy wasn't being applied to your documents - you should see an information banner at the top of the document, similar to the screenshot in the walkthrough example link (see https://docs.microsoft.com/en-us/information-protection/media/azrms_storyboardspo_small3.png).  So I think you have a configuration issue.  The RMS permissions are inherited from the SharePoint library (users and level of access).

    I'm wondering from the "UseActiveDirectoryDiscovery" value you saw whether SharePoint is configured correctly. This sounds like it might be the setting "Use the default RMS server specified in Active Directory" rather than the "Use this RMS server" option, which is required for the connector. It should look similar to this configuration: https://docs.microsoft.com/en-us/information-protection/media/azrms_sharepointconnector.png

    If you still have a problem after checking the preqs and configuration instructions (https://docs.microsoft.com/en-us/information-protection/deploy-use/deploy-rms-connector), the event log on one of the connector servers might provide additional information to help identify the problem.  Most of the event log entries are self-explanatory but there is additional information in https://docs.microsoft.com/en-us/information-protection/deploy-use/monitor-rms-connector#application-event-log-entries

    Tuesday, January 3, 2017 3:12 PM