Export (0) Print
Expand All

Comparing Azure Rights Management and AD RMS

Updated: December 1, 2014

Applies To: Azure Rights Management, Office 365

If you know or have previously deployed Active Directory Rights Management Services (AD RMS), you might be wondering how Azure Rights Management compares in terms of functionality and requirements. Use the following table for a side-by-side comparison of the features and benefits of Azure Rights Management and AD RMS. If you have security-specific comparison questions, see the Cryptographic controls for signing and encryption section in this topic.

noteNote
To make this comparison easier, some information here is repeated from Requirements for Azure Rights Management. Use that topic for more specific support and version information for Azure Rights Management.

 

Azure Rights Management Active Directory Rights Management Services (AD RMS)

Supports information rights management (IRM) capabilities in Microsoft Online services such as Exchange Online and SharePoint Online, as well as Office 365.

Also supports on-premises Microsoft server products, such as Exchange Server, SharePoint Server, and file servers that run Windows Server and File Classification Infrastructure (FCI).

Supports on-premises Microsoft server products such as Exchange Server, SharePoint Server, and file servers that run Windows Server and File Classification Infrastructure (FCI).

Enables implicit trust between organizations and users in any organization. This means that protected content can be shared between users within the same organization or across organizations when users have Microsoft Office 365, or Azure Rights Management, or users sign up for RMS for individuals.

Trusts must be explicitly defined in a direct point-to-point relationship between two organizations by using either trusted user domains (TUDs) or federated trusts that you create by using Active Directory Federation Services (AD FS).

Provides two default rights policy templates that restrict access of the content to your own organization; one that provides read-only viewing of protected content and another template that provides write or modify permissions for the protected content.

You can also create your own custom templates. For more information, see Configuring Custom Templates for Azure Rights Management.

In addition, users can define their own set of permissions if the templates are not sufficient.

There are no default rights policy templates; you must create and then distribute these. For more information, see AD RMS Policy Template Considerations.

In addition, users can define their own set of permissions if the templates are not sufficient.

Minimum supported version of Microsoft Office is Office 2010, which requires the RMS sharing application.

Microsoft Office for Mac:

  • Microsoft Outlook for Mac for Office 365: Supported

  • Microsoft Office for Mac 2011: Not supported

Minimum supported version of Microsoft Office is Office 2007.

Microsoft Office for Mac:

  • Microsoft Outlook for Mac for Office 365: Supported

  • Microsoft Office for Mac 2011: Supported

Supports the RMS sharing application for Windows and mobile devices.

Supports the RMS sharing application for Windows and mobile devices. However, sharing is restricted to your own organization and does not support email notification, which lets the sender know when somebody tries to open a protected attachment.

Minimum supported version of the Windows client is Windows 7.

Minimum supported version of the Windows client is Windows Vista Service Pack 2.

Mobile device support includes Windows Phone, Android, iOS, and Windows RT.

Email support by using Exchange ActiveSync IRM is also supported on all mobile device platforms that support this protocol.

Mobile device support includes Windows Phone, Android, iOS, and Windows RT, and requires the Active Directory Rights Management Services Mobile Device Extension.

Email support by using Exchange ActiveSync IRM is supported on all mobile device platforms that support this protocol.

Supports Cryptographic Mode 2 without additional configuration, which provides stronger security for key lengths and encryption algorithms.

For more information, see the Cryptographic controls for signing and encryption section in this topic, and AD RMS Cryptographic Modes.

Supports Cryptographic Mode 1 by default and requires additional configuration to support Cryptographic Mode 2 for stronger security.

For more information, see the Cryptographic controls for signing and encryption section in this topic, and AD RMS Cryptographic Modes.

Supports outbound migration from Azure Rights Management to Active Directory Rights Management Services (AD RMS).

Does not currently support migration from AD RMS.

Supports migration from Azure Rights Management and migration from Windows Server 2003 AD RMS.

Azure Rights Management always uses RSA 2048 for all public key cryptography and SHA 256 for signing operations. In comparison, AD RMS supports RSA 1024 and RSA 2048, and SHA 1 or SHA 256 for signing operations.

Both Azure Rights Management and AD RMS use AES 128 for symmetric encryption.

Azure Rights Management is compliant with FIPS 140-2 when your tenant key is created and managed by Microsoft (the default), or if you manage your own tenant key (known as BYOK). For more information about managing your tenant key, see Planning and Implementing Your Azure Rights Management Tenant Key.

See Also

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft