Azure Rights Management Deployment Roadmap
Applies To: Azure Rights Management, Office 365
Use the following steps to prepare for, implement, and manage Azure Rights Management (RMS) for your organization.
However, if you just want to quickly try Azure RMS for yourself, rather than roll it out in a production environment, see Quick Start Tutorial for Azure Rights Management.
Before you do the following steps, make sure that you have reviewed Requirements for Azure Rights Management.
There is more than one type of subscription that includes Azure Rights Management. See the Cloud subscriptions that support Azure RMS section in the Requirements for Azure Rights Management topic, and check that your subscription includes the functionality that you want to use in your organization by referring to the table in Comparison of Rights Management Services (RMS) Offerings.
Before you begin using Rights Management, do the following preparation:
Make sure that your Azure or Office 365 tenant contains the user accounts and groups that will be used by Azure RMS to authenticate users from your organization. If necessary, create these account and groups, or synchronize them from your on-premises directory. For more information, see Preparing for Azure Rights Management.
Decide whether you want Microsoft to manage your tenant key (the default), or generate and manage your tenant key yourself (known as bring your own key, or BYOK). Note that currently, you cannot use BYOK if you use Exchange Online. For more information, see Planning and Implementing Your Azure Rights Management Tenant Key.
Install the Windows PowerShell module for Rights Management on at least one computer that has Internet access. You can do this step now, or later. For more information, see Installing Windows PowerShell for Azure Rights Management.
If you are currently using on-premises Rights Management services: Perform a migration to move the keys, templates, and URLs to the cloud. For more information, see Migrating from AD RMS to Azure Rights Management.
Activate Rights Management so that you can begin to use the service. If a phased deployment is required, configure user onboarding controls to restrict usage to specific users. For more information, see Activating Azure Rights Management.
Optionally, consider configuring the following:
Custom templates if the default rights policy templates are not sufficient for your organization. You can do this step now, or later. For more information, see Configuring Custom Templates for Azure Rights Management.
Usage logging so that you can monitor how your organization is using Rights Management. You can do this step now, or later. For more information, see Logging and Analyzing Azure Rights Management Usage.
Configuring your applications can include installing the Rights Management sharing application and enabling support for information rights management (IRM) features in SharePoint Online or Exchange Online. For more information, see Configuring Applications for Azure Rights Management.
If you have existing IT services that need to inspect files that Azure RMS will protect—such as data leak prevention (DLP) solutions, content encryption gateways (CEG), and anti-malware products—configure the service accounts to be super users for Azure RMS. For more information, see Configuring Super Users for Azure Rights Management and Discovery Services or Data Recovery.
If you have on-premises services that you want to use with Azure Rights Management, install and configure the Rights Management connector. For more information, see Deploying the Azure Rights Management Connector.
You’re now ready to publish and consume protected content, and log how your company is using Rights Management. For more information, see Using Azure Rights Management.
As you begin to use Rights Management, you might find the Rights Management module for Windows PowerShell useful to help script or automate administrative changes. For more information, see Administering Azure Rights Management by Using Windows PowerShell.