RMS: On-Premise vs Azure

Similar Messages

• Co-existence of AD RMS On-Premises and Azure Rights Management

  Recently, I was part of an internal IT project to implement AD RMS on-premises on top of Windows Server 2012 R2. We had created a template, assigned users to it and the template has been in use for about 2 months without any issues.
  I was then reading about the Azure Rights Management Service which had been released and we were eligible for with our Office 365 subscription. I went through all the documentation and went ahead with implementing it yesterday not seeing any caveats based
  on our current setup. Well, today, I received word from users that they were not able to see the original template they were using when trying to protect a document, only the new "Confidential" and "Confidential - View Only" templates that
  I know are provided by the Azure Rights Management Service.
  I have scoured the web and the Microsoft IT forums, but cannot find any information about restrictions on using on-premises AD RMS along with the Azure Rights Management Service at the same time. I really like the idea of using the Azure version as then
  our corporate users can get their policies on all their devices and when outside the network as well as the great new sharing options for other users outside the organization. However, I also need to have some more granular control over at least one template
  which I can do with the on-premises AD RMS.
  My question is: can you have both rights management services running at the same time? At this point, I may have to disable the Azure Rights Management Service in order to restore the previous functionality that my users are relying on, but I'd like to have
  both options available if possible and short of that, maybe migrate over to the Azure hosted version. In addition, is there any documentation that includes considerations for migrating from AD RMS to Azure RMS?

  "In addition, is there any documentation that includes considerations for migrating from AD RMS to Azure RMS?"
  Just in case you missed the announcement, migration from AD RMS to Azure RMS is now supported:
  Blog post announcement:
  http://blogs.technet.com/b/rms/archive/2015/01/29/january2015majorupdate.aspx
  Migration documentation:
  https://technet.microsoft.com/en-us/library/Dn858447.aspx

• Data sync between on-premise and azure database

  HI, I am not able to setup data sync between my on-premise database and azure database. Following is the error I am getting after it ran for almost 36 hours...
  Sync failed with the exception "GetStatus failed with exception:Sync worker failed, checked by GetStatus method. Failure details:An unexpected error occurred when applying batch file C:\Resources\directory\4c6dc848db5a4ae88265ee5aa1d44f40.NTierSyncServiceWorkerRole.LS1\DSS_7b1d73b4-d125-466f-94ab-eaa4553ea0ae\ed19f805-3d50-466a-96b3-861c4f22d8a4.batch.
  See the inner exception for more details.Inner exception: Failed to execute the command 'UpdateCommand' for table 'dbo.Transactions'; the transaction was rolled back. Ensure that the command syntax is correct.Inner exception: SqlException Error Code: -2146232060
  - SqlError Number:10054, Message: A transport-level error has occurred when receiving results from the server. (provider: TCP Provider, error: 0 - An existing connection was forcibly closed by the remote host.) "    For more information,
  provide tracing ID ‘e6a1fad1-f995-4ffe-85db-0c6dc02423f1’ to customer support.

  Hi, sorry it has been a long time since your last post. Are you still using SQL Data Sync and hitting any issue which we could help with?
  Linda

• Vpn rras connectivity between on-premise and azure.

  hello,
  i have created a vpn rras site to site between my onpremise site and azure.
  vpn status is connected but i can't ping from my on-premise site to azure.
  also when i type ns lookup from vm azure it gives me DNS request timed out timeout was 2 seconds.
  thakns in advance.

  Hi,
   Hope your issue is resolved, if u need further assistance, please reply with the information asked by Nagamalar.
   If your issue is resolved, please post the steps/troubleshooting solution so that it can help other users in the community.
  Regards,
  Nithin Rathnakar

• How to access CRM 2015 On-Premise from Azure web application

  hi,
  I have deployed a MVC Application on Microsoft Azure. I was wondering Is it possible to access(read and write records like we do normally in local deployment) CRM On-Premise from Cloud or Do CRM 2015 should be IFD deployed? 
  Any pointers will be highly appreciated.

  Hi,
  I don't familiar with CRM 2015 On-Premise, but it seems that this is a feature request, please access this website:
  https://zapier.com/zapbook/microsoft-dynamics/windows-azure-web-sites/, you could also ask this issue at CRM forum.
  Disclaimer: This response contains a reference to a third party World Wide Web site. Microsoft is providing this information as a convenience to you. Microsoft does not control these sites and has not tested any software or information found on these sites;
  therefore, Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. There are inherent dangers in the use of any software found on the Internet, and Microsoft cautions you to make sure
  that you completely understand the risk before retrieving any software from the Internet
  Best Regards,
  Jambor
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click
  HERE to participate the survey.

• AD RMS (On-Premise) and RMS Sharing App not allowing outside organisation protection

  Hi All, 
  I have been looking using the RMS Sharing app with our AD RMS (2012) test environment. 
  But I seem to be having issues where the RMS Sharing app complains about protecting documents with addresses outside of the organisation.
  I have set RMS to trust windows live ID's so i would have assumed that this wouldn't be the issue, or is there any additional settings that need to be implemented to get this to work? (Inter-Organisational protection however works fine)
  Any advise would be appreciated.
  Thanks,
  Dave

  Hi. Not all email domains are allowed when including the recipients of the protected file. Currently, free email services like gmail, live or yahoo will be blocked. The whole list can be checked from here https://portal.aadrm.com/content/blocked_domains.json
  Regards
  // Raúl - I love this game

• SharePoint On Premises – AZURE RMS issue

  SharePoint On Premises – AZURE RMS issue. Our SharePoint plat form is on premises and wanted to take AZURE RMS ISSUE to make workable in On premises SharePoint site.
  Based on the below blogs I have configured all the specified in those. I am getting below at the final stage. Please help me with the same.
  https://technet.microsoft.com/en-us/library/dn375964.aspx
  http://blog.hametbenoit.info/Lists/Posts/Post.aspx?ID=639
  I am trying with my corporate AD account and logging into SharePoint site, getting below popup. in this screen, I am getting blank word whate ever I click with it is change user option or yes option or no option
  Thanks, Ram Ch

  Hi Ram,
  The RMS connector communicates with Azure RMS by invoking REST service, so it doesn't need to be exposed to internet, but it must be able to reach internet. Based on the screenshot
  information, it sounds that you haven't verified your domain in Office 365. For example, your AD users have UPN with suffix @consotos.com, the domain name contoso.com should be added into Domains of your Office 365 tenant, and verify it. This is to keep the
  consistency of your users' on-premises credential and online credential, otherwise, your users will by synced to Office 365 with the default domain "tenantname.onmicrosoft.com", such as the current situation. In fact it has been already mentioned
  in the article included in your first post. See the information below:
  (from
  https://technet.microsoft.com/library/hh967642.aspx)
  Caution
  You must add and verify your company’s domains in order to use them in Azure Active Directory and Office 365. For more information, see
  Add your custom domain to the Azure AD tenant and
  Verify a domain.
  Meanwhile, to experience Azure RMS, I highly recommend you to implement single sign-on, otherwise, your users will be prompt for credentials before they can get access to the protected content.
  Thanks,
  Reken Liu
  TechNet Community Support
  Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact
  [email protected]

• Mapping Azure RMS logs to SharePoint documents

  Hello,
  I have a SharePoint online environment with Azure RMS activated. I can get some logs from RMS, however it is not clear to me how the log entries are related the the sharepoint documents.
  Can anyone help me out how I can link a document to a RMS log entry? (c#, powershell, ...)
  Thanks

  Hi Ram,
  The RMS connector communicates with Azure RMS by invoking REST service, so it doesn't need to be exposed to internet, but it must be able to reach internet. Based on the screenshot
  information, it sounds that you haven't verified your domain in Office 365. For example, your AD users have UPN with suffix @consotos.com, the domain name contoso.com should be added into Domains of your Office 365 tenant, and verify it. This is to keep the
  consistency of your users' on-premises credential and online credential, otherwise, your users will by synced to Office 365 with the default domain "tenantname.onmicrosoft.com", such as the current situation. In fact it has been already mentioned
  in the article included in your first post. See the information below:
  (from
  https://technet.microsoft.com/library/hh967642.aspx)
  Caution
  You must add and verify your company’s domains in order to use them in Azure Active Directory and Office 365. For more information, see
  Add your custom domain to the Azure AD tenant and
  Verify a domain.
  Meanwhile, to experience Azure RMS, I highly recommend you to implement single sign-on, otherwise, your users will be prompt for credentials before they can get access to the protected content.
  Thanks,
  Reken Liu
  TechNet Community Support
  Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact
  [email protected]

• AD RMS 2012 On Premise queries

  I have followed couple of articles on AD RMS (On premise) on Technet but still unable to get clear idea on below concerns....Please help me in clearing the doubts.
  1) AD RMS 2012 :- Which edition of Sharepoint Server 2013 is spported.
  Can it support Office Standard 2013 edition on Sharepoint Server for all the features....or which will be missed out.
  2) For RMS to work completely on Desktop machines which verison of Office like 2013, 2010, 2007, 2003 is required & which edition like Standard or Professional.
  Please help. 

  Hi,
  according to http://blogs.msdn.com/b/sharepoint__cloud/archive/2013/01/10/sharepoint-2013-onpremise-edition-comparison-chart.aspx and http://blog.blksthl.com/2013/01/14/sharepoint-2013-feature-comparison-chart-all-editions/ RMS/IRM is available
  in the Standard and Enterprise Edition.
  For Office this is a good start http://technet.microsoft.com/en-us/library/dd772697(v=WS.10).aspx but the article hasnt been updated for a while.
  For Office 2013 the Standard edition will only allow consuming, for protecting documents you need the Professionla Plus edition (http://office.microsoft.com/en-us/business/microsoft-office-volume-licensing-suites-comparison-FX101825637.aspx).
  Hope that helps,
  Lutz

• AD RMS

  I have one AD RMS server installed in Dev environment. I want to ensure that users will be able to access the documents already secured and will be able to restrict access on new documents even if AD RMS server goes down for a while.I am testing it at
  my end but getting mixed results. So not clear with the results. I see some security settings in the AD RMS template but I am not clear with what does what.Please share your experience in case you have already worked on it.

  AD RMS might not be the right solution for your requirements. Azure RMS sounds like a much better fit for you.
  When a protected document is opened for the first time, RMS (both ADRMS and Azure RMS) must validate the user at least once. Then if the RMS template used to protect the document allows for offline access, then that same user can subsequently open that same
  document for the period of time defined in the RMS template (for example, up to 7 days). So during that 7 day offline period, the RMS service can be down and the user can still open the protected document, however, users who have not contacted the RMS service
  at least once will not be able to open the document when the RMS server is offline. That is why Azure RMS is a better fit for your needs, because a Cloud service is highly available, much more so that what most organizations can design for their on-premise
  environments. 
  For more information about RMS concepts, and what the security settings are in the RMS templates, see these URLS:
  RMS Concepts
  http://blogs.technet.com/b/rms/archive/2012/04/16/ad-rms-infrastructure-concepts-part-1.aspx
  RMS Whitepaper (July 2013)
  http://blogs.technet.com/cfs-file.ashx/__key/communityserver-components-postattachments/00-03-58-79-43/Microsoft-Rights-Management-_2D00_-English-_2800_July-2013_2900_.docx
  Azure RMS Pricing
  http://blogs.technet.com/b/rms/archive/2013/07/16/azure-rms-pricing-and-availability.aspx
  RMS Prerequisites
  http://technet.microsoft.com/en-us/library/dd772659(v=ws.10).aspx
  RMS Team Blog
  http://blogs.technet.com/b/rms/
  Azure RMS on Technet
  http://technet.microsoft.com/en-us/library/jj585024
  How RMS protects documents
  http://blogs.technet.com/b/rms/archive/2012/04/16/licenses-and-certificates-and-how-ad-rms-protects-and-consumes-documents.aspx
  RMS Best Practices Guide
  http://technet.microsoft.com/en-us/library/jj735304.aspx
  IRM Deployment Guide in Office for Mac 2011
  http://www.microsoft.com/en-us/download/details.aspx?id=20825
  RMS Forum
  http://social.technet.microsoft.com/Forums/en-us/rms/threads
  RMS Troubleshooting Guide
  http://social.technet.microsoft.com/wiki/contents/articles/13130.ad-rms-troubleshooting-guide.aspx
  Joe Stocker www.TheCloudTechnologist.com

• AD RMS MDE. RMS Sharing App error

  Hi!
  Sorry for my english. Recently I have raised AD RMS on-premises environment according to document "Leverage-the-Mobile-Device-Extension-for-AD-RMS-on-your-premises.docx". In my case I used only local network infrastructure (without Azure). Then
  I tested RMS Sharing App on iPad devices and it worked fine. However, on Android devices I get error
  Caused by: java.lang.NullPointerException
         at com.microsoft.rightsmanagement.identity.IdentityStore.getDnsClientResult(IdentityStore.java:124)
         at com.microsoft.rightsmanagement.flows.ExternalAuthFlow.getAuthInfo(ExternalAuthFlow.java:460)
         at com.microsoft.rightsmanagement.flows.ExternalAuthFlow.getAccessToken(ExternalAuthFlow.java:148)
         at com.microsoft.rightsmanagement.flows.GetTemplatesFlow.getTemplateArray(GetTemplatesFlow.java:97)
         at com.microsoft.rightsmanagement.flows.GetTemplatesFlow.doInBackground(GetTemplatesFlow.java:73)
         at com.microsoft.rightsmanagement.flows.GetTemplatesFlow.doInBackground(GetTemplatesFlow.java:28)
  How I said, environment uses local network DNS Server, hosted on Domain Controller. In Android settings I set appropriate DNS, sites www/adfs/adrms.[domainname].com are visible. What can it be?

  Correct. When you install ADRMS there is a local group created called "AD RMS Enterprise Admins". Your account is added to that group. If you do not log off and back on after the installation, OR, if you try to log into the console as a different user than
  you installed the role as, you will see that error.
  Obviously for you the answer was to log off and back on, but otherwise, make sure the account you are logging in as is added to that local group.
  -Jason
  hi Jason.  thank you for your good explanation
  regards

• UPN & Manager Attribute in Azure AD

  We are trying to sync on premise users & groups to Azure AD with default domain. Currently UPN value in azure AD is populated as mail nick name and manger attribute of each person object in azure AD is null value.
  We used default options in Azure synch tool.  Looking for your help to address this problem for correctly populating the two attributes in Azure AD. Also, how can we see other user attributes (For e.g extension attributes) synced from on premise
  in Azure AD? I can see only limited attributes using poweshell or graph API

  Hi,
   Use the Following Microsoft article on how to troubleshoot AADsync not syncing some objects or Attributes.
   https://support.microsoft.com/en-us/kb/2643629
   Also the following article lists the attributes that are synced by the AADsync tool.
   http://social.technet.microsoft.com/wiki/contents/articles/19901.dirsync-list-of-attributes-that-are-synced-by-the-azure-active-directory-sync-tool.aspx
  Regards,
  Nithin Rathnakar

• Microsoft Azure Site Recovery VM Metadate Replication

  Hello,
  We are in a process of investigating azure site recovery for On-Premise to azure replication, but we have seen strange behavior with our VM's after the initial replication.
  We installed a new VM with single disk .vhdx (containing the operating system only) with the size of 127 Gb as the default suggests, and we started replicating the VM to Azure. in the meantime we decided to add a second disk .vhdx file with 200GB in size
  and we figure that the replication will include the second .vhdx file (second disk) but it did not.
  the way we figured it out is by doing a failover test and we have seen that the second disk is missing, the only option of replicating the changes was by removing the replication and than adding it back, it seems that only the initial replication
  takes the metadata of the VM, is it by design?
  Ilan Saadi

  Hi Ilan,
  Your observation is correct; only during enabling the protecting we read the disk metadata and replicate.
  Currently we don't support replicating newly added disk to a protected virtual machine; this is part of the backlog and would request you to update the feature with your specific requirement details
  here.
  Regards
  Anoob

• SSAS High Availability in Azure (not SQL DBE)

  Hello,
  I was wondering what would be my options for having an SSAS environment with High Availability in Azure?
  Please refrain from mentioning HA solutions for the SQL Database Engine itself - that is
  not the issue at hand.
  The issue is that as far as I know (and please correct me if I am wrong), the only way to provide SSAS HA is through clustering that involves share storage -- which is not available in Azure.
  So I was wondering if anyone has come across such requirement before and if there are any sort of novel/original solutions
  (thinking outside the box).
  Regards,
  P.

  Hi Pmdci,
  According to your description, you need implement SSAS environment with High Availability in Microsoft Azure, the problem is that you need to use share storage in this environment which is not available in Azure, right?
  Based on my research, a clustered implementation of SSAS can be configured in Microsoft Azure.
  A clustered implementation of SSAS can also span from on premises to Azure (or any qualified cloud) if networking is properly configured so that the nodes on premise and in the cloud can see each other, talk to Active Directory, and access storage.
  http://azure.microsoft.com/en-in/documentation/articles/storage-dotnet-how-to-use-files/
  Regards,
  Charlie Liao
  If you have any feedback on our support, please click
  here.
  Charlie Liao
  TechNet Community Support

• Replicated machines to Azure - started Test Failover but cannot RDP to the hosts

  Just replicated two VM's into Azure from my on premises test servers.
  They are in Azure fine but when I do  a test failover they end up in a state Waiting for Action.  That I discover is waiting for me to take some action on the server.
  I try to RDP to the servers(I do have RDP endpoints defined) but always get an error about not being able to connect.
  The onpremises servers have RDP enabled (which is how I access them) but to make sure I also put in exceptions in Firewall for RDP for all networks and waiting for the settings to replicate.
  Based on another thread I tried to telnet to the server
  telnet servername-test.cloudapp.net 49839
  but get no response.
  I also created a VM in Azure directly and I can access that one fine using RDP.  Based on another suggestion I tried to RDP to my replicated servers using this test VM (assuming that went through the internal Azure cloud network, not the Internet) but
  still no joy.
  I have also tried to resize the server, shut it down and bring it up but that also didn't change anything.
  Basically I am now at an impasse so any hints on further actions I can take would be really helpful.
  Thanks

  Hi,
  Please confirm if you have followed the same procedure to replicate the VM from On-premise to Azure:
  http://social.technet.microsoft.com/wiki/contents/articles/14983.copying-on-premises-virtual-machines-to-windows-azure.aspx
  Regards,
  Manu Rekhar