Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning , Microsoft Microsoft Virtual Academy Active Directory Rights Management Services (AD RMS) Module Overview • AD RMS Overview • Understanding AD RMS • Managing AD RMS Lesson 1: AD RMS Overview • Overview of AD RMS • How AD RMS Works • Options for Using AD RMS Overview of AD RMS Active Directory Rights Management Services (AD RMS) is an information protection technology that works with AD RMS-enabled applications to help safeguard digital information from unauthorized use AD RMS can be used to: Restrict access to an organization’s intellectual property Limit the actions users can perform on content Limit the risk of content being exposed outside the organization How AD RMS Works 1 RMS Server 4 5 3 2 Information Author Recipient Options for Using AD RMS Action Application Microsoft® Office: Protect Sensitive Files Features • Word • Set rights (View, Change, Print) • Excel® • Set validity period • PowerPoint® Do-Not-Forward/Print Email Help Safeguard Intranet Content Identity Federation Support Microsoft Office Outlook® • Internet Explorer® • Microsoft Office SharePoint® Services All RMS-enabled applications • Help protect sensitive e-mail from being sent to the Internet • Help protect confidential e-mail from being taken outside of the company Help safeguard intranet content by restricting access to: View  Change  Print  Help safeguard data across AD FS trusts Lesson 2: Understanding AD RMS • AD RMS Components • AD RMS Certificates and Licenses • How AD RMS Secures Content • How AD RMS Restricts Access to Data • Demonstration: How AD RMS Works AD RMS Components SQL Server Active Directory Domain Controller AD RMS Server RMS Enabled Application Information Author Recipient AD RMS Certificates and Licenses AD RMS Certificates and Licenses include: Lockbox Machine certificate Rights account certificate Client licensor certificate Publishing license Use license Revocation list How AD RMS Protects Content SQL Server Active Directory Domain Controller 3 2 AD RMS Server 1 RMS-enabled Application 4 Information Author Recipient How AD RMS Restricts Access to Data 3 Active Directory Domain Controller SQL Server AD RMS Server 2 4 5 RMS-enabled Application Information Author Recipient 1 Demonstration: Installing AD RMS In this demonstration, you will see how to install AD RMS Lesson 3: Managing AD RMS • AD RMS Server Role Installation Overview • Demonstration: AD RMS Management Console • What Are Exclusion Policies? • What Are Rights Policy Templates? AD RMS Server Role Installation Overview Installation Requirements: The server must be a member of the domain Additional Roles required: Web Server (IIS) Windows Process Activation Service (WPAS) Message Queuing Windows Internal Database Service Account Microsoft SQL Server Demonstration: AD RMS Management Console • In this demonstration, you will see the AD RMS Management Console What Are Exclusion Policies? Exclusion policies prevent users, applications, lockboxes, and operating systems from acquiring certificates and licenses from servers in the cluster Exclusion can be enabled by: User ID Public Key String Application by version Lockbox Version Windows Version What Are Rights Policy Templates? Rights policy templates provide a manageable, consistent way for workers to apply predefined policies to information Administrators can use rights policy templates to: Apply expiration policies for content and licenses Set extended policies that: Allow content to be viewed in a browser Disable client-side caching of use licenses Set revocation policies to enable content rights to be revoked Templates are defined for each language to be supported Module Review and Takeaways • Review Questions • Summary of AD RMS Thanks for Watching! ©2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Office, Azure, System Center, Dynamics and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.