Microsoft TechNet
United States (English) Sign in
Home Library Wiki Learn Gallery Downloads Support Forums Blogs
This topic has not yet been rated - Rate this topic

Office Integration with Rights Management

Published: July 16, 2012

Updated: June 14, 2013

Applies To: Office 365

When creating or consuming information rights management (IRM) protected content only the following versions of Microsoft Office are supported.

 

For this Office product family… …these restrictions apply for Rights Management use

Microsoft Office Professional Plus 2013

Supported for this release.

Microsoft Office 2010

Supported for this release.

To publish rights-protected content requires Office Professional Plus. To consume rights-protected content, Office Standard is required.

Microsoft Office 2007

Not supported for this release.

Office 2013 Client Configuration

To use Rights Management for supporting IRM features within Office Professional Plus 2013, the following steps are required.

To install and configure Office 2013 to use Rights Management with Office IRM features

  1. Install Office Professional Plus 2013 from the download site.

  2. Sign in to your Office applications using your Microsoft Office 365 credentials.

Office 2010 Client Configuration

To use Rights Management for supporting IRM features within Office 2010, the following steps are required.

noteNote
Because this procedure is difficult to undo, we recommend that you first perform these steps on a computer set aside for testing within your environment.

To install and configure Office 2010 to use Rights Management with Office IRM features

  1. Establish an Office 365 tenant user account.

    This will provide you with a valid O365 user login and email user account (such as user@mytestdomain.onmicrosoft.com) that you can use to login to the Office 365 portal site and also later for use with Exchange Online as your hosted email provider.

    For more information, see Sign in to Office 365.

  2. Update the Windows operating system on your computer to a compatible version that has the necessary RMS Client included.

    The IRM features in Office 2010 require the RMS Client which ships as a part of Windows 7 SP1 and Windows Server 2008 R2 SP1. In order to use Rights Management you might also need to install the software updates listed in the following table.

     

    Description Download

    For computers running Windows 7 or Windows Server 2008 R2 where the AD RMS cluster you are using has been updated to Cryptographic Mode 2.

    (Article ID 2627273) RSA key length is increased to 2048 bits for AD RMS in Windows 7 or in Windows Server 2008 R2

    If you are also experiencing errors with Office 2010 applications, verify that you have installed the Office 2010 hotfix package.

    (Article ID 2596501) Office 2010 hotfix package

    noteNote
    Rights Management supports both x86 (32-bit) or x64 (64-bit) installations.

  3. Install Office 2010 from your local installation media.

  4. Login to the Office 365 portal site and configure your Office 2010 desktop to use Office 365.

    Once you are logged in to the Office 365 site, do the following to install the Office 365 Sign-In Assistant:

    1. Click Home at the top of the page.

    2. From the Home page, click the Software tile and then click Make Office desktop apps work with Office 365.

    3. When the Office 365 update wizard launches, follow the prompts to install Microsoft Sign-In Assistant and other Office updates required and reboot your computer.

  5. Download and run the Service Location Registry Script Generator Tool from the download site.

    Once the tool is downloaded, extract it to a folder, verify that all Office applications are closed and then run the tool as directed to generate a Windows script file. The name of the executable is as follows: Microsoft.AADRM.ServiceLocationRegScriptTool.exe.

    For more information on how to run this tool, see the following section.

  6. Execute the generated Windows script file to finish configuring your client to use Rights Management.

    noteNote
    For this script tool to work correctly, elevated (administrative) privileges are not required, however, for the tool to run as expected, the user running the tool must have write permissions to the folder where the tool is located.

  7. Open Outlook 2010 and configure your mail settings for Exchange Online.

    If this is the first time you have opened Outlook on this computer, you will be prompted to setup an email account. You can continue through the process of configuring your Exchange mail settings to use Exchange Online and your tenant user account.

    For more information, see Add or remove an email account.

Service Location Registry Script Generator Tool

To configure your computer to use Office 2010 with Rights Management, an additional command-line utility, the Service Location Registry Script Generator tool, is needed. This tool can be run by a non-administrative user from a standard command prompt but the tool needs to be run in a folder that the user has write permissions to as it will generate a script file that will be used to configure Office 2010 to work with Rights Management. When it is run, the tool prompts the user to specify their Office 365 credentials in a credentials dialog box and uses those credentials to generate a script file to configure their computer.

After the tool has been run, the generated script file must be run by an administrative user from an elevated command prompt as it sets the proper Windows Registry keys needed to configure Office 2010 to work with Rights Management.

The following is the help syntax and examples for working with this tool.

Copy 
C:\>Microsoft.AADRM.ServiceLocationRegScriptTool.exe /?
=======================================================================
            Service Location Registry Script Generator
=======================================================================
Microsoft.AADRM.ServiceLocationRegScriptTool.exe -r:<AADRM URL> -s:<STS Site ID> -u:<O365 Authentication System user name> -p:<User password>

   -r: The Uniform Resource Locator (URL) that is the base address for your Windows Azure Active Directory Rights Management (AADRM) server
   -s: The host name identifier for the Secure Token Service (STS) site
   -u: The O365 Authentication System user name, typically provided in e-mail format (for example, "user@contoso.com")
   -p: The password for the O365 Authentication System user.

---------
EXAMPLES
---------

-------------------------------EXAMPLE 1-------------------------------
C:\>Microsoft.AADRM.ServiceLocationRegScriptTool.exe

Description
-----------
Runs the Service Location Registry Script Generator tool using default settings and prompts you to enter credentials.

-------------------------------EXAMPLE 2-------------------------------
C:\>Microsoft.AADRM.ServiceLocationRegScriptTool.exe -r:https://AadrmUrl.com -s:StsName

Description
-----------
Runs the Service Location Registry Script Generator tool using non-default values and prompts you to enter credentials.

-------------------------------EXAMPLE 3-------------------------------
C:\>Microsoft.AADRM.ServiceLocationRegScriptTool.exe -r:https://AadrmUrl.com -s:StsName -u:user@contoso.com -p:password

Description
-----------
Runs the Service Location Registry Script Generator tool using non-default values.
noteNote
When running this tool, errors will be produced when registry keys are not present. These errors do not affect the operation of the tool and can be ignored.

Did you find this helpful?
(1500 characters remaining)

Community Additions

ADD
© 2013 Microsoft
|
Site Feedback
© 2013 Microsoft. All rights reserved.