Sharing Documents with External Users
Applies To: Windows Server 2008, Windows Server 2008 R2
AD RMS uses each user’s email address for identification. Normally, access to protected content is restricted to users within the same email domain (this means that only users within the same company can consume protected content).
AD RMS offers the user an alternative option: the user can use a Windows Live ID (WLID) email address to access protected content. Windows Live ID is a free, cloud-based email and identity service provided by Microsoft that allows anyone to open an account and use it for email and other services. Microsoft provides an AD RMS service for Windows Live ID accounts and this service can be integrated with any organization’s AD RMS platform, via a trust. (It should be noted that Microsoft provides the Windows Live ID certification and licensing service as a temporary service, and reserves the right to stop providing the service at any time.)
Setting up a trust with Windows Live ID allows an Active Directory Rights Management Services user to send rights-protected content to a user with a Windows Live ID. A user with a Windows Live ID email address can consume rights-protected content, and users with accounts in the forest where the AD RMS service is located can protect documents and apply specific permissions for Windows Live ID users that consume the protected content.
This solution is applicable only in situations where the number of external users that need access to protected documents is relatively small and these external users do not need to create protected content, only to consume it.