Helping Users to Protect Files by Using Azure Rights Management
Updated: March 1, 2015
Applies To: Azure Rights Management, Office 365
After you have deployed and configured Azure Rights Management (RMS) for your organization, provide help and guidance for users, administrators, and your help desk:
Let users know how to protect documents and emails that contain sensitive information. Be sure to let them know the benefits (and the risks) that are specific to your business, as well as providing guidance for when they should protect files and emails. If you have configured custom templates, provide instructions about which one to select if the template name and description is not sufficient for them to choose the correct one.
Some applications automatically apply information protection, by using policies and settings that administrators configure. For these applications, you might need to provide instructions for other administrators who manage these applications and services. For more information, see How Applications Support Azure Rights Management and Configuring Applications for Azure Rights Management.
Sign in help:
Users might be prompted for credentials when Azure RMS needs to authenticate a user and cannot use cached credentials. This will be the user’s work or school account and password that is associated with your Office 365 tenant or Azure Active Directory tenant. It will not be a Microsoft account (formerly Microsoft Live ID) or their personal email account, because these are not currently supported by Azure RMS. Provide users and your help desk with instructions about which account to use when users are prompted for credentials when they use these applications with Azure RMS.
Use the following sections for application-specific information to help users protect sensitive documents and emails.
The Rights Management (RMS) sharing application is required for users to protect and consume protected content if they use Office 2010, but also recommended for all computers and mobile devices that support Azure RMS.
In addition to making it easier for users to protect important documents, the RMS sharing application lets users track the documents that they have protected, and if necessary, revoke access to them.
For instructions to use this application for Windows computers, see the Rights Management sharing application user guide.
For mobile devices, see the FAQ for Microsoft Rights Management Sharing Application for Mobile Platforms.
If you are using Azure RMS and have not installed the Rights Management sharing application, users will not see the Share Protected button on the ribbon or Protect in-place from File Explorer that makes it easier for them to protect files. For these users, they must follow instructions similar to these.
|To find application-specific help and instructions for using information protection with these applications, search for IRM and the application name and version.|
Within Microsoft Word, create a new document.
From the File menu, click Info, click Protect Document, click Restrict Access, and then choose a template to quickly apply the appropriate usage rights, or select Restrict Access and select the usage rights yourself.
Note If this is the first time that you have used Rights Management, you will contact the Azure Rights Management service and will be prompted for credentials to configure the Office IRM client.
Save the document.
When others open the document, they are first authenticated. If they are not authorized to open the document, the document does not open. If they are authorized to open the document, it opens with the restricted usage rights that were specified for that user. For example, a usage right of View-only does not allow the user to edit or save the document, even if it is first copied to another location. The usage rights are displayed at the top of the document by using a restriction banner. The banner might display the permissions that are applied to the document, or it might provide a link to display them.
Within Outlook, create a new mail message addressed to a recipient within your organization.
From the OPTIONS tab, click Permission, and then select an option. For example: Do Not Forward, <Company Name> - Confidential or <Company Name> - Confidential View Only.
Send the message.
Similarly to viewing a protected document, when the recipients receive the email message, they are first authenticated. If they are authorized to see the email message, it opens with the restricted usage rights that were specified for that user. For example, if you selected Do Not Forward, the Forward button on the ribbon is not available.
Within the Outlook Web App, create a new mail message addressed to a recipient within your organization.
Click …, click set permission, and then select an option. For example: Do Not Forward, Do Not Reply All, <Company Name> - Confidential or <Company Name> - Confidential View Only.
Send the message.
Similarly to viewing a protected document, when the recipients receive the email message, they are first authenticated. If they are authorized to see the email message, it opens with the restricted usage rights that were specified for that user. For example, if you selected Do Not Reply All, the REPLY ALL option in the message window is not available.
ConceptsUsing Azure Rights Management