Export (0) Print
Expand All
1 out of 1 rated this helpful - Rate this topic

Comparing Azure Rights Management and AD RMS

Published: October 29, 2012

Updated: April 1, 2014

Applies To: Azure Rights Management, Office 365

If you know or have previously deployed Active Directory Rights Management Services (AD RMS), you might be wondering how Azure Rights Management compares in terms of functionality and requirements. Use the following table for a side-by-side comparison of the features and benefits of Azure Rights Management and AD RMS. If you have security-specific comparison questions, see the Cryptographic controls for signing and encryption section in this topic.

noteNote
To make this comparison easier, some information here is repeated from Requirements for Azure Rights Management. Use that topic for more specific support and version information for Azure Rights Management.

 

Azure Rights Management Active Directory Rights Management Services (AD RMS)

Supports information rights management (IRM) capabilities in Microsoft Online services such as Exchange Online and SharePoint Online, as well as Office 365.

 

Also supports on-premises Microsoft server products, such as Exchange Server, SharePoint Server, and file servers that run Windows Server and File Classification Infrastructure (FCI).

Supports on-premises Microsoft server products such as Exchange Server, SharePoint Server, and file servers that run Windows Server and File Classification Infrastructure (FCI).

Enables implicit trust between organizations and users in any organization. This means that protected content can be shared between users within the same organization or across organizations when users have Microsoft Office 365, or Azure Rights Management, or users sign up for RMS for individuals.

Trusts must be explicitly defined in a direct point-to-point relationship between two organizations by using either trusted user domains (TUDs) or federated trusts that you create by using Active Directory Federation Services (AD FS).

Provides two default rights policy templates that restrict access of the content to your own organization; one that provides read-only viewing of protected content and another template that provides write or modify permissions for the protected content.

 

You can also create your own custom templates. For more information, see Configuring Custom Templates for Azure Rights Management.

 

In addition, users can define their own set of permissions if the templates are not sufficient.

Provides two default rights policy templates that restrict access of the content to your own organization; one that provides read-only viewing of protected content and another template that provides write or modify permissions for the protected content.

 

You can also create your own custom templates. For more information, see AD RMS Policy Template Considerations.

 

In addition, users can define their own set of permissions if the templates are not sufficient.

Minimum supported version of Microsoft Office is Office 2010, which requires the RMS sharing application.

 

Microsoft Office for Mac 2011 is not supported.

Minimum supported version of Microsoft Office is Office 2007.

 

Microsoft Office for Mac 2011 is supported.

Supports the RMS sharing application for Windows and mobile devices.

Supports the RMS sharing application for Windows.

Minimum supported version of the Windows client is Windows 7.

Minimum supported version of the Windows client is Windows Vista Service Pack 2.

Mobile device support includes Windows Phone, Android, iOS, and Windows RT.

 

Email support by using Exchange ActiveSync IRM is also supported on all mobile device platforms that support this protocol.

Mobile device support is restricted to Windows Phone.

 

Email support by using Exchange ActiveSync IRM is supported on all mobile device platforms that support this protocol.

Supports Cryptographic Mode 2 without additional configuration, which provides stronger security for key lengths and encryption algorithms.

 

For more information, see the Cryptographic controls for signing and encryption section in this topic, and AD RMS Cryptographic Modes.

Supports Cryptographic Mode 1 by default and requires additional configuration to support Cryptographic Mode 2 for stronger security.

 

For more information, see the Cryptographic controls for signing and encryption section in this topic, and AD RMS Cryptographic Modes.

Supports outbound migration from Azure Rights Management to Active Directory Rights Management Services (AD RMS).

 

Does not currently support migration from AD RMS.

Supports migration from Azure Rights Management and migration from Windows Server 2003 AD RMS.

Whereas AD RMS supports RSA 1024 and RSA 2048 algorithms for all public key cryptography, and SHA 1 or SHA 256 for signing operations, Azure Rights Management always uses RSA 2048 bits and the SHA 256 algorithm.

Both AD RMS and Azure Rights Management use AES 128 for symmetric encryption.

See Also

Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft. All rights reserved.