Azure RMS Templates

Hello, I recently posted this question in both the Azure and Office 365 forums and was referred here. We
are currently using Office 365 and have enabled E3 licenses to use IRM in Office through Azure. We would like to encrypt a lot of documents using the AD RMS Bulk Encryption tool,
however it requires an RMS template. Azure provides two (Confidential, and Confidential Read-only). These work using the tool, but when I try to modify the XML to customize the templates it breaks them and since I don't have access to the AD RMS
MMC I cannot generate my own. Does anyone know how I can make this work?

Updating an old thread: Azure RMS now supports customized templates. 
Announcement:
http://blogs.technet.com/b/rms/archive/2014/04/03/create-custom-templates-in-azure-rms-with-the-azure-management-portal.aspx
Documentation:
http://technet.microsoft.com/en-us/library/dn642472.aspx

Similar Messages

  • Azure RMS Group user with Ad-hoc policy

    Hi,
    In Azure RMS, the group users are unable to open the encrypted documants if the file is encrypted using ad-hoc policy(my policy)
    But, the same group users were able to open the encrypted document incase if the file is encrypted using templates(company policy)
    so, it would be great if you assist us in resolving this issue.
      

    Vivek, thanks for your reply. As mentioned I'm trying to integrate ASA remote access VPN in with Microsoft Active Directory via IAS. How can I configure RADIUS Attribute 25 on IAS to recv a value from AD and fwd it on to the ASA?
    What I'd really like confirmed first is whether group-lock functionality is available from AD through RADIUS?
    thanks, Graeme

  • RMS sdk 2.1 - cannot get AZURE rms server.

    We have 2 RMS servers, 1 is on premise and the second is RMS azure server with SSO(single sign on).
    calling IpcGetTemplateIssuerList returns only the on-premise RMS server. how do i retrieve the azure RMS server?

    Hi,
    I'm also new to AD RMS and trying to get started with the interop example. I too am getting the EXACT SAME ERROR - The system cannot find the file specified. HRESULT: 0x80070002 - when I try to run the code below:
    I try to run this statement: Collection<TemplateInfo> ipcTemplates = IPC.GetTemplates();
    internal static class IPC
    static IPC()
    SafeNativeMethods.IpcInitialize();
    public static Collection<TemplateInfo> GetTemplates()
    Collection<TemplateInfo> templates = null;
    try
    templates = SafeNativeMethods.IpcGetTemplateList(null, true, true, false, false, null, null);
    catch (Exception /*ex*/)
    /* TODO: Add logging */
    throw;
    return templates;
    Here's my stack trace:
    The system cannot find the file specified. HRESULT: 0x80070002
       at Microsoft.InformationProtectionAndControl.SafeNativeMethods.ThrowOnErrorCode(Int32 hrError) in c:\Microsoft.InformationProtectionAndControl\SafeNativeMethods.cs:line 1678
       at Microsoft.InformationProtectionAndControl.SafeNativeMethods.IpcGetTemplateList(ConnectionInfo connectionInfo, Boolean forceDownload, Boolean suppressUI, Boolean offline, Boolean hasUserConsent, Form parentForm, CultureInfo cultureInfo) in c:\\Microsoft.InformationProtectionAndControl\SafeNativeMethods.cs:line
    137
       at IPC.GetTemplates() in c:\IPC.cs
    Please let me know if you have resolved this error or if you can find any managed code samples for AD RMS. 
    Thanks

  • Azure RMS and Cache

    I am trying to make protected documents available to some users via Azure RMS. Within the templates, there is an option called Offline Settings and its configured to "Content is available only with an Internet connection".
    Background:
    When I open the file in Office 2010 or Office 2010, the user is prompted to login (good) and the credentials are cached.
    If the internet connection is unavailable, both Office 2010 or Office 2013 does not open the document (good).
    For the next 8 hours, Office 2013 will not prompt for authentication as its cached (acceptable/good).
    The problem is that Office 2010 seems to cache the credentials forever. Meaning that if a employee is suspended, they still have access to the document. Any ideas?

    Hi Bigredthelogger,
    Summing up - if you enable "Content is available only with an Internet connection" with Azure
    RMS,  to be able to open a protected document users will always need to have Internet connection. If they don't - they fail.
    Now, if you want to revoke access to the documents for the users you should disable users account. Relying
    on caching auth credentials is not a good way to your requirement. Depending on your architecture
    If you have your users synced from AD to Azure - disable users account in AD and this information should
    disable user in the Cloud resulting in user being not able to access document
    If you have your users directly in the Cloud with no synchronization - just login to the Office365 portal
    as a Global Admin, go to Users, search for the user and there in the settings section you can choose to block user "<label disabled="disabled">The user can't sign in or access services.". Also you can remove RMS subscription
    from the user account</label>
    Did my post help you or make you laugh? Don't forget to click the Helpful vote :) If I answered your question please mark my post as an Answer.

  • AD RMS Templates on OWA

    KimaniBob
    Is it possible to have AD RMS templates display on OWA (I have Exchange 2010 sp3) and AD RMS 2008 R2?

    I figured it out.
    I used the following link :http://blogs.technet.com/b/ilvancri/archive/2010/07/09/configuring-ad-rms-and-exchange-2010-sp1-beta.aspx
    Thanks hope this is helpful to someone else
    KimaniBob

  • Old AD RMS template still displayed in OWA which were already deleted

    Hi,
    Currently, I'm having a problem where a deleted template still can be view & select when trying to apply RMS protection. I have checked the template distribution folder & run the Get-RMSTemplate to see whether the template is presented or not (which
    is not) 
    As you can see from the picture above. I have already disabled the rms, still we can see the template. Some of the template listed above have been already deleted & some just come pop in out of no where. Please, i really need some help here. Thanks in
    advance

    Depending on what version of Exchange this is, you might be able to use:
    Set-IrmConfiguraton -RefreshServerCertificates
    It sounds like this will refresh the templates as well:
    The
    RefreshServerCertificates switch clears all
      Rights Account Certificates (RACs), Computer Licensor Certificates (CLCs),
      and cached AD RMS templates from all Microsoft Exchange Server 2010 or
      Exchange Server 2013 servers in the organization. Clearing RACs, CLCs, and
      cached templates may be required during troubleshooting or in the event of a
      change of keys on the AD RMS cluster in your organization.
    I would be careful about actually deleting templates.  Preferably you should archive them.  If messages actually were protected with those templates and they are deleted, they will be inaccessible.

  • I am unable to see the created AD RMS Templates office 2010

    Hi,
    We have a SBS 2011 server (AD, exchange, DNS, ...etc) and a File server 2008 R2.
    We installed the AD RMS feature on the File server and created the templates needed.
    On AD RMS client (W7):
    -We run the task scheduler.
    -We create the registry key:
          HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\DRM  for office 2010 clients
          HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Common\DRM  for office 2007clients
    On all MS 2007 client hasn't any problems but on all MS 2010 has a problem that: "unable to see the created AD RMS Templates.
    Please advise,
    Note: I prefer to contact me using my email
    [email protected] to acceleratre our communication.

    Hi,
    We need to check the templates in the path: C:\Users\martinr\AppData\Local\Microsoft\DRM\Templates
    first.
    Then, if you use 32-bit editions of Office running on 64-bit versions of Microsoft Windows,please try the following command:
    HKEY_CURRENT_USER\Software\Wow6432Node\Microsoft\Office\<version>\Common\DRM.
    Following this, I recommond do the two methods:
    The permission policy path in the ADMX file is setup to use EDITTEXT (Regular Reg_sz), instead of EXPANDABLETEXT (REg_Expand_Sz).
    The policy template is setup out of the box expects a static path (i.e. c:\templates, and cannot use %localappdata%\Microsoft\DRM\Templates)
    For more detail information, please refer to the following link:
    http://technet.microsoft.com/en-us/library/cc179103.aspx
    http://technet.microsoft.com/en-us/library/dd772637(v=ws.10).aspx
    Here is a similar issue, we could refer to:
    http://social.technet.microsoft.com/Forums/en-US/224574c4-599b-4843-b235-f86ac74d03e9/ad-rms-template-problem?forum=rms
    Regards,
    George Zhao
    TechNet Community Support

  • Can I build Azure RemoteApp template without Remote Desktop License ?

    Can I build Azure RemoteApp template without Remote Desktop License ?
    I want to build and update the Azure RemoteApp template by using same Hyper-V guest image continue.
    Message:
      "Remote Desktop licensing mode is not configured"
    Environment 1: my on-premises Hyper-V guest.
    Environment 2: my Azure Virtual Machine by "Windows Server Remote Desktop Session Host" image.
    Regards,
    Yoshihiro Kawabata

    Hi Yoshihiro,
    If you are referring to RDS CAL, the answer is yes, you can build a template
    without having an RDS CAL.  For on-premises you would still need rights to install Windows Server as a guest, but to build the template you do not need an RDS CAL because this use is for administrative purposes. 
    In the case of building the image on an Azure Virtual Machine you do not need Windows Server license since that is included in the pricing for the Virtual Machine.  As mentioned above you do not need an RDS CAL since you are only building a template
    image which is administrative use.
    As always please review the appropriate documents that apply to your situation such as the Online Service Terms (OST), Product Use Rights (PUR), license agreement(s), etc. for precise details.
    Thanks.
    -TP

  • Azure RMS

    Dear Sir,
    I got an experienced for the RMS with iPhone.  I have enrolled an account for RMS evaluation from aadrm portal.  I have registered two acounts for testing purpose.  First of all, I have download the apps from apple store and install
    it on my iphone.  After installation, I have tried to encrypted the photos through existing photo library.  I follwed the instructions to do so.  I have two choices and the third choices is dim which is "Custom Permission". The only
    two choices "Shared" and "Protected".  I am able to encrypt the photo and sent out to the designated users.  It returns an error on sharing permission.  What is going wrong?  On the other hand, is the in placed photo
    will be encrpted or not?  I have returned to photo library the format remains unchanged. 
    Secondly, I have registered Widnows Azure.   As heard from tecnical engineer-MS, they told me that MS has an Azure RMS dedicated cloud platform.  Is it a centralised platform for user management?  I would like managed all user in Azure
    cloud services.  Please let me know?
    For the permission assigned, I also have an experience before with PC encrypted document file(s) where I used ms office 2013. 
    Finally, I woul like to get more Windows Azure information.  Can you give me some implementation note and technical requirements?
    Regards
    Stanley                                              

    Hi Stanely,
    Some answers for your questions:
    " I have two choices and the third choices is dim which is "Custom Permission""
    >>> "Custom Permissions" is currently not supported and but will be available soon. It allows you to give permissions to specific people (i.e. email addresses) inside or outside your organization (i.e. account).
    >>> "It returns an error on sharing permission."
    It is not clear to me what happened here, can you please elaborate? Did the designated user get the sharing permissions when he tried to open the document using RMS sharing app? did it happen on the same device?
     >>> "On the other hand, is the
    in placed photo will be encrpted or not?  I have returned to photo library the format remains unchanged. 
    When you choose a photo from your Photos gallery, the photo is copied and encrypted using RMS and can be sent in a protected file format (called PFILE).
    The original photo in your Photos library app remains unchanged, because it is currently impossible to use RMS to protect the photos that are in your photos library app. You can of course choose to delete the original photo itself after you protect and share
    it.
    About the rest of your questions,
    - Windows Azure provides deep documentation and tutorials which you can find here: http://www.windowsazure.com/en-us/
    You can use Windows Azure Active Directory to manage all the users in your organization, as explained there.
    Azure RMS is the new RMS technology which RMS sharing app uses. You can build your own applications that uses Azure RMS too. Please refer to the following links to find more information on Azure RMS:
    http://blogs.msdn.com/b/rms/archive/2013/11/15/the-new-microsoft-rms-has-shipped.aspx
    You might also want to read Azure RMS whitepaper here:
    http://blogs.technet.com/b/rms/archive/2013/07/31/the-new-microsoft-rights-management-services-whitepaper.aspx
    Best regards,
    Yair

  • UNABLE TO RETRIVE RMS TEMPLATE

    HI ,
    I install RMS on standalone server
    in our file server just we go to file management task and go to action : i find ( cannot retrieve RMS templates )
    need suggestions.
    MCP MCSA MCSE MCT MCTS CCNA

    Hi Yasser,
    Here are some related links below for you references:
    You cannot use earlier versions of templates in Windows Rights Management Services (RMS) after you upgrade to RMS Server 2003
    http://support.microsoft.com/kb/830693
    AD RMS Troubleshooting Guide
    http://social.technet.microsoft.com/wiki/contents/articles/13130.ad-rms-troubleshooting-guide.aspx
    AD RMS Template Problem
    https://social.technet.microsoft.com/Forums/en-US/224574c4-599b-4843-b235-f86ac74d03e9/ad-rms-template-problem?forum=rms
    Best Regards,
    Amy

  • Decommissioning of a Azure RMS

    Title says it all :)
    The process of an AD RMS decommissioning is documented, and with can also be done automatically for the documents.
    But how about Azure RMS? I could not find Information about this Topic, can some one help me out?
    Thanks in advance
    www.sccmfaq.ch

    Hi Martin -
    I have found some information about deactivating the Azure RMS service here:
    http://technet.microsoft.com/en-us/library/jj658940.aspx.  That will help you to stop using the Azure RMS service.  However, in terms of using decommissioning to decrypt protected content, I don't think that Azure RMS has an equivalent process. 
    The article makes specific reference to contacting support to enable certain scenarios.
    I hope that helps!
    Micah LaNasa
    Synergy Advisors
    synergyadvisors.biz

  • SharePoint On Premises – AZURE RMS issue

    SharePoint On Premises – AZURE RMS issue. Our SharePoint plat form is on premises and wanted to take AZURE RMS ISSUE to make workable in On premises SharePoint site.
    Based on the below blogs I have configured all the specified in those. I am getting below at the final stage. Please help me with the same.
    https://technet.microsoft.com/en-us/library/dn375964.aspx
    http://blog.hametbenoit.info/Lists/Posts/Post.aspx?ID=639
    I am trying with my corporate AD account and logging into SharePoint site, getting below popup. in this screen, I am getting blank word whate ever I click with it is change user option or yes option or no option
    Thanks, Ram Ch

    Hi Ram,
    The RMS connector communicates with Azure RMS by invoking REST service, so it doesn't need to be exposed to internet, but it must be able to reach internet. Based on the screenshot
    information, it sounds that you haven't verified your domain in Office 365. For example, your AD users have UPN with suffix @consotos.com, the domain name contoso.com should be added into Domains of your Office 365 tenant, and verify it. This is to keep the
    consistency of your users' on-premises credential and online credential, otherwise, your users will by synced to Office 365 with the default domain "tenantname.onmicrosoft.com", such as the current situation. In fact it has been already mentioned
    in the article included in your first post. See the information below:
    (from
    https://technet.microsoft.com/library/hh967642.aspx)
    Caution
    You must add and verify your company’s domains in order to use them in Azure Active Directory and Office 365. For more information, see
    Add your custom domain to the Azure AD tenant and
    Verify a domain.
    Meanwhile, to experience Azure RMS, I highly recommend you to implement single sign-on, otherwise, your users will be prompt for credentials before they can get access to the protected content.
    Thanks,
    Reken Liu
    TechNet Community Support
    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact
    [email protected]

  • Mapping Azure RMS logs to SharePoint documents

    Hello,
    I have a SharePoint online environment with Azure RMS activated. I can get some logs from RMS, however it is not clear to me how the log entries are related the the sharepoint documents.
    Can anyone help me out how I can link a document to a RMS log entry? (c#, powershell, ...)
    Thanks

    Hi Ram,
    The RMS connector communicates with Azure RMS by invoking REST service, so it doesn't need to be exposed to internet, but it must be able to reach internet. Based on the screenshot
    information, it sounds that you haven't verified your domain in Office 365. For example, your AD users have UPN with suffix @consotos.com, the domain name contoso.com should be added into Domains of your Office 365 tenant, and verify it. This is to keep the
    consistency of your users' on-premises credential and online credential, otherwise, your users will by synced to Office 365 with the default domain "tenantname.onmicrosoft.com", such as the current situation. In fact it has been already mentioned
    in the article included in your first post. See the information below:
    (from
    https://technet.microsoft.com/library/hh967642.aspx)
    Caution
    You must add and verify your company’s domains in order to use them in Azure Active Directory and Office 365. For more information, see
    Add your custom domain to the Azure AD tenant and
    Verify a domain.
    Meanwhile, to experience Azure RMS, I highly recommend you to implement single sign-on, otherwise, your users will be prompt for credentials before they can get access to the protected content.
    Thanks,
    Reken Liu
    TechNet Community Support
    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact
    [email protected]

  • Azure RMS user licensing

    Hi,
    Im struggling with finding clear information on licensing surrounding Azure RMS, in particular protecting files on on-premise file servers.
    To begin with we only want to use Azure RMS to protect content stored within on-premise Windows 2012 servers using FCI and the Azure RMS Connector.
    In terms of licensing the users do we need to
    A) License each user that will be consuming protected content on premise?
    or
    B) License the users that will be applying the protection to content.
    i.e. does a user need a RMS license to consume on premise protected documents.
    A previous engagement with Microsoft Partner PreSales Advisory stated that we do not need to license users that are purely consuming content and only need to license uses putting the protection and policys in place but we wanted to confirm this.
    We are aware that with Applications such as Exchange Online and SharePoint Online all users need an RMS license but we need the clarification on on-premise file servers.
    Can anyone help?
    Many Thanks

    Hi Carol,
    Thank you for the further explanation this certainly does help clear things up.
    Thinking about this scenario more and more it does seem like it could be quite cumbersome to license with a high potential to not license correctly certainly in a large environment.
    Depending on how you have you NTFS permissions setup it strikes me that you would need to license any user that has the potential to save / create a file in a location as by default they would be the owner of that new file.
    Would it be a sensible suggestion to have a license in place for all members of the security group that has the ability to create files in the location you are protecting? Further on from that if a we did this and a member of that security group didn't have
    a license would we breach licensing regulations or would they simply not have the relevant functionality available to them? Taking this even further if the protection gets put in place by a policy / FCI rule surely they wouldn't need any different level
    of functionality as FCI will be assisting in putting the protection in place not the user creating the files.
    Sorry to bombard you with my questions / ramblings!
    Thanks

  • Azure RMS Licensing

    Hi,
    Im struggling with finding clear information on licensing surrounding Azure RMS, in particular protecting files on on-premise file servers.
    To begin with we only want to use Azure RMS to protect content stored within on-premise Windows 2012 servers using FCI and the Azure RMS Connector.
    In terms of licensing the users do we need to
    A) License each user that will be consuming protected content on premise?
    or
    B) License the users that will be applying the protection to content.
    i.e. does a user need a RMS license to consume on premise protected documents.
    A previous engagement with Microsoft Partner PreSales Advisory stated that we do not need to license users that are purely consuming content and only need to license uses putting the protection and policys in place but we wanted to confirm this.
    We are aware that with Applications such as Exchange Online and SharePoint Online all users need an RMS license but we need the clarification on on-premise file servers.
    Can anyone help?
    Many Thanks

    Please see the following blog post. I believe it covers your questions.
    Rights Management Licensing Terms (for Orgs and ISVs)
    Consuming protected content is free. Licenses needed to protect content. Other details in the link.
    Steve L [MSFT] This posting is provided "AS IS" with no warranties, and confers no rights.

Maybe you are looking for

  • SAP XI 3.0 Tutorial

    I know this forum has many requests on a daily basis for tutorials for beginners. Does anyone know online a sample scenario with XI sending an receiving idocs via email? Thanks for the info. Steve Edited by: Stephen Hardeman on Feb 11, 2008 2:39 PM

  • Ebooks, scrollable text, pdfs

    Hello all, I am creating a simple ebook in indesign, using scrollable text. It is not working in an interactive pdf export. Is there a workaround for this? I am creating a simple editors proofing pdf, and it would be great if that worked. I can creat

  • How to implement an online recorder?

    Hello everyone, We would like to offer our site users an online recording tool. This means, any user who registers on our forum will be able to record an audio file and automatically store it in their account. Which Adobe products do we need for this

  • Incomplition sales order list t.code

    Hi, Is there any t.code for incomplition sales order. b4 posting this thread i cheked all previous ones. thanks sreenivas

  • TS Types. Order of loading

    From http://www.ni.com/white-paper/7060/en/ I know that order of the loading types is like below: ==================================================​======================================= ==================================================​==========