locked
RMS & Azure Requirement RRS feed

  • Question

  • Hi,

    I would like to understand if the new RMS can be deployed on premise or service provider space as a standalone product/solution without using or dependent on the online Microsoft Azure services? I could not find any info on this. Thanks.

    Thursday, August 21, 2014 1:22 PM

Answers

  • Hi knssub,

    There are two kind of RMS: Cloud based - Azure AD RMS (AADRMS)  and installed on premise - AD RMS (ADRMS). Both versions are independent to each other. However you can force your Exchange, SharePoint and FCI onpremise to work with Azure ADRMS. You cannot do this the other way round (force Office365 to use your onpremisie ADRMS).

    Azure ADRMS is available (as for now) only in E3 and E4 plans. In E1 and K1, Azure RMS is NOT included, but can be purchased as a separate add-on service.

    ADRMS is a role of Windows Server that can be installed in your datacenter, on your servers. The newest version of ADRMS is included inWindows Server 2012 R2. 

    As I said, ADRMS does not rely on Azure ADRMS and the other way round. Of course, there are some pros and cons of having one or another solution - depending on what scenario you want to achieve, if you have O365 licences already bought, etc.

    As a matter of fact I have written a series of articles on this matter and you may find it interesting to follow and read. New article parts are already planned and will be available soon: http://kazmierczak.eu/itblog/2014/08/18/azure-rms-templates-1-intro-and-overview/ 


    Did my post help you or make you laugh? Don't forget to click the Helpful vote :) If I answered your question please mark my post as an Answer.

    • Marked as answer by jey9915 Sunday, August 24, 2014 2:28 AM
    Saturday, August 23, 2014 7:16 PM
  • I assume you have RMS Sharing App in your mind. If correct, then yes - you can use right click protect any file using either ADRSM or Azure ADRMS. IMHO it is well documented, f.e.:

    • FAQ - http://technet.microsoft.com/en-us/dn467883
    • Administrator guide - http://technet.microsoft.com/library/d9992e30-f3d1-48d5-aedc-4e721f7d7c25
    • User guide - http://technet.microsoft.com/library/dn339006.aspx

    There are 2 important things you should be aware:

    1. RMS Sharing App for PC is working with onprem and/or cloud RMS. RMS Sharing App can also be used on mobile devices. To get RMS Sharing App on mobile device working with your ADRMS on prem you need to additional configuration in your environment: deploy ADFS 3.0 and Mobile Device Extension. With Azure ADRMS RMS Sharing App on devices works OOB.

    2. Protecting any kind of file is kind of tricky - once you protect non standard file type with RMS Sharing App it will become a .pfile. This file is like a password protected zip file. So once you "unzip" it (to do this you need to open it in RMS Sharing App) you can view this file in a native viewer, but no RMS policies are applied - still you can do whatever you want with this file - print, copy, forward, etc. 

    Hope I could help.


    Did my post help you or make you laugh? Don't forget to click the Helpful vote :) If I answered your question please mark my post as an Answer.

    • Marked as answer by jey9915 Monday, August 25, 2014 9:09 AM
    Sunday, August 24, 2014 11:53 AM

All replies

  • Hi knssub,

    There are two kind of RMS: Cloud based - Azure AD RMS (AADRMS)  and installed on premise - AD RMS (ADRMS). Both versions are independent to each other. However you can force your Exchange, SharePoint and FCI onpremise to work with Azure ADRMS. You cannot do this the other way round (force Office365 to use your onpremisie ADRMS).

    Azure ADRMS is available (as for now) only in E3 and E4 plans. In E1 and K1, Azure RMS is NOT included, but can be purchased as a separate add-on service.

    ADRMS is a role of Windows Server that can be installed in your datacenter, on your servers. The newest version of ADRMS is included inWindows Server 2012 R2. 

    As I said, ADRMS does not rely on Azure ADRMS and the other way round. Of course, there are some pros and cons of having one or another solution - depending on what scenario you want to achieve, if you have O365 licences already bought, etc.

    As a matter of fact I have written a series of articles on this matter and you may find it interesting to follow and read. New article parts are already planned and will be available soon: http://kazmierczak.eu/itblog/2014/08/18/azure-rms-templates-1-intro-and-overview/ 


    Did my post help you or make you laugh? Don't forget to click the Helpful vote :) If I answered your question please mark my post as an Answer.

    • Marked as answer by jey9915 Sunday, August 24, 2014 2:28 AM
    Saturday, August 23, 2014 7:16 PM
  • Thanks Andrzej for the helpful response. Will I be able to get all the new ADRMS features such as right click protect various documents even when I use ADRMS on-premise? None of the existing documentation make it clear and give an impression that one would need ADRMS to make these features work.
    Sunday, August 24, 2014 2:28 AM
  • I assume you have RMS Sharing App in your mind. If correct, then yes - you can use right click protect any file using either ADRSM or Azure ADRMS. IMHO it is well documented, f.e.:

    • FAQ - http://technet.microsoft.com/en-us/dn467883
    • Administrator guide - http://technet.microsoft.com/library/d9992e30-f3d1-48d5-aedc-4e721f7d7c25
    • User guide - http://technet.microsoft.com/library/dn339006.aspx

    There are 2 important things you should be aware:

    1. RMS Sharing App for PC is working with onprem and/or cloud RMS. RMS Sharing App can also be used on mobile devices. To get RMS Sharing App on mobile device working with your ADRMS on prem you need to additional configuration in your environment: deploy ADFS 3.0 and Mobile Device Extension. With Azure ADRMS RMS Sharing App on devices works OOB.

    2. Protecting any kind of file is kind of tricky - once you protect non standard file type with RMS Sharing App it will become a .pfile. This file is like a password protected zip file. So once you "unzip" it (to do this you need to open it in RMS Sharing App) you can view this file in a native viewer, but no RMS policies are applied - still you can do whatever you want with this file - print, copy, forward, etc. 

    Hope I could help.


    Did my post help you or make you laugh? Don't forget to click the Helpful vote :) If I answered your question please mark my post as an Answer.

    • Marked as answer by jey9915 Monday, August 25, 2014 9:09 AM
    Sunday, August 24, 2014 11:53 AM
  • Thanks again Andrzej. Excellent inputs. Much appreciated.
    Monday, August 25, 2014 9:10 AM