Azure RMS user licensing

Similar Messages

• Azure RMS Licensing

  Hi,
  Im struggling with finding clear information on licensing surrounding Azure RMS, in particular protecting files on on-premise file servers.
  To begin with we only want to use Azure RMS to protect content stored within on-premise Windows 2012 servers using FCI and the Azure RMS Connector.
  In terms of licensing the users do we need to
  A) License each user that will be consuming protected content on premise?
  or
  B) License the users that will be applying the protection to content.
  i.e. does a user need a RMS license to consume on premise protected documents.
  A previous engagement with Microsoft Partner PreSales Advisory stated that we do not need to license users that are purely consuming content and only need to license uses putting the protection and policys in place but we wanted to confirm this.
  We are aware that with Applications such as Exchange Online and SharePoint Online all users need an RMS license but we need the clarification on on-premise file servers.
  Can anyone help?
  Many Thanks

  Please see the following blog post. I believe it covers your questions.
  Rights Management Licensing Terms (for Orgs and ISVs)
  Consuming protected content is free. Licenses needed to protect content. Other details in the link.
  Steve L [MSFT] This posting is provided "AS IS" with no warranties, and confers no rights.

• Azure RMS Group user with Ad-hoc policy

  Hi,
  In Azure RMS, the group users are unable to open the encrypted documants if the file is encrypted using ad-hoc policy(my policy)
  But, the same group users were able to open the encrypted document incase if the file is encrypted using templates(company policy)
  so, it would be great if you assist us in resolving this issue.
    

  Vivek, thanks for your reply. As mentioned I'm trying to integrate ASA remote access VPN in with Microsoft Active Directory via IAS. How can I configure RADIUS Attribute 25 on IAS to recv a value from AD and fwd it on to the ASA?
  What I'd really like confirmed first is whether group-lock functionality is available from AD through RADIUS?
  thanks, Graeme

• Azure RMS

  Dear Sir,
  I got an experienced for the RMS with iPhone.  I have enrolled an account for RMS evaluation from aadrm portal.  I have registered two acounts for testing purpose.  First of all, I have download the apps from apple store and install
  it on my iphone.  After installation, I have tried to encrypted the photos through existing photo library.  I follwed the instructions to do so.  I have two choices and the third choices is dim which is "Custom Permission". The only
  two choices "Shared" and "Protected".  I am able to encrypt the photo and sent out to the designated users.  It returns an error on sharing permission.  What is going wrong?  On the other hand, is the in placed photo
  will be encrpted or not?  I have returned to photo library the format remains unchanged. 
  Secondly, I have registered Widnows Azure.   As heard from tecnical engineer-MS, they told me that MS has an Azure RMS dedicated cloud platform.  Is it a centralised platform for user management?  I would like managed all user in Azure
  cloud services.  Please let me know?
  For the permission assigned, I also have an experience before with PC encrypted document file(s) where I used ms office 2013. 
  Finally, I woul like to get more Windows Azure information.  Can you give me some implementation note and technical requirements?
  Regards
  Stanley                                              

  Hi Stanely,
  Some answers for your questions:
  " I have two choices and the third choices is dim which is "Custom Permission""
  >>> "Custom Permissions" is currently not supported and but will be available soon. It allows you to give permissions to specific people (i.e. email addresses) inside or outside your organization (i.e. account).
  >>> "It returns an error on sharing permission."
  It is not clear to me what happened here, can you please elaborate? Did the designated user get the sharing permissions when he tried to open the document using RMS sharing app? did it happen on the same device?
   >>> "On the other hand, is the
  in placed photo will be encrpted or not?  I have returned to photo library the format remains unchanged. 
  When you choose a photo from your Photos gallery, the photo is copied and encrypted using RMS and can be sent in a protected file format (called PFILE).
  The original photo in your Photos library app remains unchanged, because it is currently impossible to use RMS to protect the photos that are in your photos library app. You can of course choose to delete the original photo itself after you protect and share
  it.
  About the rest of your questions,
  - Windows Azure provides deep documentation and tutorials which you can find here: http://www.windowsazure.com/en-us/
  You can use Windows Azure Active Directory to manage all the users in your organization, as explained there.
  Azure RMS is the new RMS technology which RMS sharing app uses. You can build your own applications that uses Azure RMS too. Please refer to the following links to find more information on Azure RMS:
  http://blogs.msdn.com/b/rms/archive/2013/11/15/the-new-microsoft-rms-has-shipped.aspx
  You might also want to read Azure RMS whitepaper here:
  http://blogs.technet.com/b/rms/archive/2013/07/31/the-new-microsoft-rights-management-services-whitepaper.aspx
  Best regards,
  Yair

• I cannot activate $100 Monthly Benefit OR my AD Basic 5 User Licenses

  I cannot activate $100 Monthly Benefit OR my AD Basic 5 User Licenses 4196858 for [email protected] partner organization ID: 
  https://manage.windowsazure.com/cornerstone-its.com#Workspaces/
  This has been a nightmare, I've been bounced between 6 departments who cannot resolve my issue. Why can't azure just give us a $100 credit? Is it really that hard? Do
  they not want me to signup the dozens of leads I have because our company can't get a insignificant $100 credit?

  Hi,
  Please I would request you to contact billing support, it's free, and it's the best choice for you.
  Please contact support team by creating a support ticket at
  http://www.windowsazure.com/en-us/support/contact/
  Regards,
  Azam khan

• SharePoint On Premises – AZURE RMS issue

  SharePoint On Premises – AZURE RMS issue. Our SharePoint plat form is on premises and wanted to take AZURE RMS ISSUE to make workable in On premises SharePoint site.
  Based on the below blogs I have configured all the specified in those. I am getting below at the final stage. Please help me with the same.
  https://technet.microsoft.com/en-us/library/dn375964.aspx
  http://blog.hametbenoit.info/Lists/Posts/Post.aspx?ID=639
  I am trying with my corporate AD account and logging into SharePoint site, getting below popup. in this screen, I am getting blank word whate ever I click with it is change user option or yes option or no option
  Thanks, Ram Ch

  Hi Ram,
  The RMS connector communicates with Azure RMS by invoking REST service, so it doesn't need to be exposed to internet, but it must be able to reach internet. Based on the screenshot
  information, it sounds that you haven't verified your domain in Office 365. For example, your AD users have UPN with suffix @consotos.com, the domain name contoso.com should be added into Domains of your Office 365 tenant, and verify it. This is to keep the
  consistency of your users' on-premises credential and online credential, otherwise, your users will by synced to Office 365 with the default domain "tenantname.onmicrosoft.com", such as the current situation. In fact it has been already mentioned
  in the article included in your first post. See the information below:
  (from
  https://technet.microsoft.com/library/hh967642.aspx)
  Caution
  You must add and verify your company’s domains in order to use them in Azure Active Directory and Office 365. For more information, see
  Add your custom domain to the Azure AD tenant and
  Verify a domain.
  Meanwhile, to experience Azure RMS, I highly recommend you to implement single sign-on, otherwise, your users will be prompt for credentials before they can get access to the protected content.
  Thanks,
  Reken Liu
  TechNet Community Support
  Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact
  [email protected]

• Mapping Azure RMS logs to SharePoint documents

  Hello,
  I have a SharePoint online environment with Azure RMS activated. I can get some logs from RMS, however it is not clear to me how the log entries are related the the sharepoint documents.
  Can anyone help me out how I can link a document to a RMS log entry? (c#, powershell, ...)
  Thanks

  Hi Ram,
  The RMS connector communicates with Azure RMS by invoking REST service, so it doesn't need to be exposed to internet, but it must be able to reach internet. Based on the screenshot
  information, it sounds that you haven't verified your domain in Office 365. For example, your AD users have UPN with suffix @consotos.com, the domain name contoso.com should be added into Domains of your Office 365 tenant, and verify it. This is to keep the
  consistency of your users' on-premises credential and online credential, otherwise, your users will by synced to Office 365 with the default domain "tenantname.onmicrosoft.com", such as the current situation. In fact it has been already mentioned
  in the article included in your first post. See the information below:
  (from
  https://technet.microsoft.com/library/hh967642.aspx)
  Caution
  You must add and verify your company’s domains in order to use them in Azure Active Directory and Office 365. For more information, see
  Add your custom domain to the Azure AD tenant and
  Verify a domain.
  Meanwhile, to experience Azure RMS, I highly recommend you to implement single sign-on, otherwise, your users will be prompt for credentials before they can get access to the protected content.
  Thanks,
  Reken Liu
  TechNet Community Support
  Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact
  [email protected]

• Azure RMS Templates

  Hello, I recently posted this question in both the Azure and Office 365 forums and was referred here. We
  are currently using Office 365 and have enabled E3 licenses to use IRM in Office through Azure. We would like to encrypt a lot of documents using the AD RMS Bulk Encryption tool,
  however it requires an RMS template. Azure provides two (Confidential, and Confidential Read-only). These work using the tool, but when I try to modify the XML to customize the templates it breaks them and since I don't have access to the AD RMS
  MMC I cannot generate my own. Does anyone know how I can make this work?

  Updating an old thread: Azure RMS now supports customized templates. 
  Announcement:
  http://blogs.technet.com/b/rms/archive/2014/04/03/create-custom-templates-in-azure-rms-with-the-azure-management-portal.aspx
  Documentation:
  http://technet.microsoft.com/en-us/library/dn642472.aspx

• Azure RMS and Cache

  I am trying to make protected documents available to some users via Azure RMS. Within the templates, there is an option called Offline Settings and its configured to "Content is available only with an Internet connection".
  Background:
  When I open the file in Office 2010 or Office 2010, the user is prompted to login (good) and the credentials are cached.
  If the internet connection is unavailable, both Office 2010 or Office 2013 does not open the document (good).
  For the next 8 hours, Office 2013 will not prompt for authentication as its cached (acceptable/good).
  The problem is that Office 2010 seems to cache the credentials forever. Meaning that if a employee is suspended, they still have access to the document. Any ideas?

  Hi Bigredthelogger,
  Summing up - if you enable "Content is available only with an Internet connection" with Azure
  RMS,  to be able to open a protected document users will always need to have Internet connection. If they don't - they fail.
  Now, if you want to revoke access to the documents for the users you should disable users account. Relying
  on caching auth credentials is not a good way to your requirement. Depending on your architecture
  If you have your users synced from AD to Azure - disable users account in AD and this information should
  disable user in the Cloud resulting in user being not able to access document
  If you have your users directly in the Cloud with no synchronization - just login to the Office365 portal
  as a Global Admin, go to Users, search for the user and there in the settings section you can choose to block user "<label disabled="disabled">The user can't sign in or access services.". Also you can remove RMS subscription
  from the user account</label>
  Did my post help you or make you laugh? Don't forget to click the Helpful vote :) If I answered your question please mark my post as an Answer.

• How do I access the End User Licensing Agreement? I clicked on it and it gives me a message that I need to launch Adobe Reader, accept and close and reopen. Trouble is I can't get to an icon for file to launch. I am working on a Mac and have installed Mac

  I am using a Mac and have installed Adobe Reader for Mac, latest version. I cannot access the End User Licensing Agreement. I clicked on it and it gives me a message that I must launch Adobe, check that I agree, close and reopen. The problem is I can't find any way to launch Adobe because it appears nowhere on my launch pad, nor in my document files or on the control panel. Because of this, I cannot print bank statements nor can I get into my insurance companies billing department to make a payment. HELP!

  How about in your Applications folder?

• Error while Authenticating sharepoint site with Azure AD users using Azure Access Control Namespace

  I have a Sharepoint site running on Azure virtual Machine. Now i want to authenticate my sharepoint site with Azure AD users.
  For this i have followed below link, but getting error after login.
  Using Microsoft Azure Active Directory for SharePoint 2013 authentication
  I have implemented as given on reference link, but still facing error. When i access my url from browser, it will ask me through which you want to logon.
  Then on selection of ACS Provider, it will redirect me to office365 login. After i submit my credentials, it will redirect me to
  https://testvm.cloudapp.net/_trust/
  and got error. So i checked in sharepoint log and found below error.
  Cannot find site lookup info for request Uri urn:sharepoint:spvms.
  SPAudienceValidator: Audience uri 'urn:sharepoint:spvms is not valid for the context.
  Getting Error Message for Exception Microsoft.IdentityModel.Tokens.FailedAuthenticationException: The Audience URI could not be validated.
  SPSaml11SecurityTokenHandler: Audience validation failed for request 'https://testvm.cloudapp.net/_trust/' with
  the following audience URIs: 'urn:sharepoint:spvms', .
  Application error when access /_trust/, Error=The Audience URI could not be validated.
  at Microsoft.SharePoint.IdentityModel.SPSaml11SecurityTokenHandler.ValidateConditions(SamlConditions conditions, Boolean enforceAudienceRestriction)
  at Microsoft.IdentityModel.Tokens.Saml11.Saml11SecurityTokenHandler.ValidateToken(SecurityToken token)
  at Microsoft.IdentityModel.Tokens.SecurityTokenHandlerCollection.ValidateToken(SecurityToken token)
  at Microsoft.IdentityModel.Web.TokenReceiver.AuthenticateToken(SecurityToken token, Boolean ensureBearerToken, String endpointUri)
  at Microsoft.IdentityModel.Web.WSFederationAuthenticationModule.SignInWithResponseMessage(HttpRequest request)
  at Microsoft.IdentityModel.Web.WSFederationAuthenticationModule.OnAuthenticateRequest(Object sender, EventArgs args)
  at Microsoft.SharePoint.IdentityModel.SPFederationAuthenticationModule.OnAuthenticateRequest(Object sender, EventArgs eventArgs)
  at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
  at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)

  I want 100,000 external users to have access to my SharePoint online Site collection.
  I was thinking of going the Azure AD route, where external users will have there ID's created in Azure AD cloud.
  Trying to figure how I can integrate Azure AD cloud with my SharePoint Online Site collection.
  Currently my site collection is tied to On-premise AD.
  Is there a way to integrate the SharePoint online to use both Azure AD and On-premise AD?
  Thanks
  Nate
  Any Answer here?

• How to promote Free User to a Team User License on Flash Builder v4.7?

  Hi,
  Recently, we brought CC Team License. At present whatever the Flash builder 4.7 we installed is a standalone setup i.e; not installed using Creative Cloud.
  However, later I installed the CC (as a Free User ID) and the same Flash builder 4.7 is recognized by the CC. But, It was expired now.
  Now my question is how this Flash builder normal free user license will be upgraded to CC Team User License?
  I know some invite by email from admin console. Does it make any difference for standalone and CC based installations?
  Do i have to reinstall the Flash Builder otherwise?

  It's same with me, i also using Google Nexus 7(2013). Just a simple default apps with nothing created by Flash Builder, it get error and not working！

• Can't open a PDF because I get a messge to accept End User License

  How do I fix this?-Before viewing PDF documents in this browser you must launch Adobe Reader and accept the End User License Agreement, then Quit and relaunch the browser.

  Hi Jane,
  Did you follow the instructions to accept the license?
  Regards, Stacy

• I am getting this response when I am trying to open a file: Before viewing PDF documents in this browser you must launch Adobe Reader and accept the End User License Agreement, then Quit and relaunch the browser."  What do I do?

  I am getting this response when I am trying to open a file: Before viewing PDF documents in this browser you must launch Adobe Reader and accept the End User License Agreement, then Quit and relaunch the browser.”  What do I do?  I have opened this up in the past without a problem. 

  Back up all data.
  If Adobe Reader or Acrobat is installed, there should be a setting in its preferences such as Display PDF in Browser. I don't use those applications myself, so I can't be more precise. Deselect that setting, if it's selected. Otherwise do as follows.
  Triple-click anywhere in the line of text below on this page to select it, the copy the selected text to the Clipboard (command-C):
  /Library/Internet Plug-ins
  In the Finder, select
  Go ▹ Go to Folder
  from the menu bar, or press the key combination shift-command-G. Paste into the text box that opens (command-V), then press return.
  From the folder that opens, remove any items that have "Adobe" or “PDF” in the name. You may be prompted for your login password. Then quit and relaunch Safari, and test.
  The "Silverlight" web plugin distributed by Microsoft can also interfere with PDF display in Safari, so you may need to remove it as well, if it's present. The same goes for a plugin called "iGetter," and perhaps others.
  If you still have the issue, repeat with this line:
  ~/Library/Internet Plug-ins
  If you don’t like the results of this procedure, restore the items from the backup you made before you started. Relaunch Safari again.

• User Licensing for Approvers in GRC AC 5.3

  Hi all
  I am looking for some clarification regarding the user licensing.
  In CUP, we have managers who will need AEApprover role to approve the user requests.
  In our case, we have SAP EP as the single point of entry to the application (both ECC & GRC AC). Also
  some of the managers who are involved in the approval process (in CUP) do not need access to the ECC backend system.
  So managers only need an entry in the  AD(LDAP) which is the datasource for SAP EP, GRC AC. This means that GRC UME (authentication system for CUP) is the only place where the managers user profile are maintained.
  Will these managers be accounted for SAP licenses?
  My answer is No. The managers will not be accounted for SAP (prof/ limited prof) license cost as they do not have any access to the ECC system. All users in GRC system will be accounted for GRC AC licensing ( which is based on the operating budget of the organazation)
  Appreciate if you can confirm whether my understanding is correct.
  Thanks
  Keerthika

  Closing the request as this has been answered in the forum and I got a confirmative answer from SAP too..
  Rationale:
  GRC users dont count for SAP ECC license unless they have a dialog user account in the ECC system.
  Thanks
  Kee