Tag Archives: AD RMS

AD RMS (Rights Management Services) for Office 365

Note: This guide is deprecated.  AD RMS is now supersceeded by Azure Information Protection.  If you have previously used this guide, review the following guide on Migrating from AD RMS to Azure Information Protection.


Those that have the following tiers of Office 365 are entitled to use Microsoft's AD Rights Management Service to help secure their documents:

  • SharePoint Online Enterprise (E1),
  • SharePoint Online Enterprise (E3 & E4),
  • SharePoint Online Midsized Business

Here is a list of compiled questions I wanted to know when trying AD RMS for Office 365.

What is AD Rights Management Services?

Active Directory Rights Management Services (AD RMS) is an information protection technology that works with AD RMS-enabled applications to help safeguard digital information from unauthorized use. Content owners can define who can open, modify, print, forward, or take other actions with the information.

Are their any examples of using AD Rights Management Services?

Office 365 did a pretty good job covering the concept of using AD RMS as well as how to use AD RMS.  You can find the full tutorial here, however their official YouTube video covering this has been embedded below:

How do I deploy or enable AD Rights Management Services for Office 365?

  1. Login to your Office 365 Administration Portal
    1. https://portal.microsoftonline.com/
  2. Select service settings on the left side navigation
    Office 365 Admin Portal - Service Settings
  3. Select the rights management tab and click on the Manage link
    Office 365 Admin Portal - Service Settings - rights management
  4. The Manage link should redirect you over to activedirectory.windowsazure.com and present you a big activate button.  Click the activate button.
    Activate Office 365 RMS
  5. Click activate on the Do you want to activate Rights Management? prompt
    Do you want to activate Rights Management
  6. After clicking the activate button, you should now see Rights management is activated on the windowsazure.com page
    Rights management is activated

How do I create more policy templates for AD RMS using Office 365 or Windows Azure?

As pointed out in the following Office 365 forum article: http://community.office365.com/en-us/forums/148/t/177332.aspx

By default, in a pure Office 365 environment, we can get 3 RMS Templates in Windows Azure Rights Management. If we have an on-premises server running Active Directory Rights Management Services (AD RMS), we can get more via import a trusted publishing domain (TPD). So, without on premise server, we just can get default 3 Templates.

I enabled AD RMS for Office 365, but I don't see any options in Office 2010.  How do I get Office 2010 to use AD RMS?

Since you are more than likely on the E4 tier, I would highly recommend downloading Office 2013 from your Office 365 portal and installing that.  Office 2013 from the Office 365 portal comes preconfigured to work more fluidly with AD RMS.  However, if you need to use Office 2010, you can complete the following steps as documented on the following technet article: http://technet.microsoft.com/en-us/library/jj585031.aspx#sectionSection1

Can people outside my organization open protected documents with AD RMS (not apart of my domain)?

Short answer, Yes.  Long answer, they are required to create a Microsoft account using their email address (Gmail, AOL, Yahoo, etc) to authenticate themselves.  Below are some screenshots of the registration process; I have copied them from the following technet article for archival purposes: http://blogs.technet.com/b/rms/archive/2013/08/29/the-new-microsoft-rms-is-live-in-preview.aspx

RMS Login


RMS Login 2

RMS Login 3

How can an Office 365 customer purchase Microsoft Rights Management Services (RMS)?

Active Directory RMS is already included in the Office 365 Enterprise E3, and E4 plans and the Education A3 and A4 plans. RMS is also available as an add-on in the E1 and A2 plans. Consumption of rights-protected content is free. A license is required to protect content.