Microsoft EMS Components: Azure Rights Management
This article is the fourth in the series on the Microsoft Enterprise Mobility Suite. While enterprises create valuable information for their customers or themselves out of their processes, data or the results of applying data to their processes, those components need to be protected. This process is called intellectual rights management. Azure Rights Management is Microsoft’s service that facilitates the protection of information. This solution can be used in many different environments, where both data and intellectual property is key to the success of the organization.
Keeping Data Secure with Azure Rights Management
In this challenging work environment where everyone can access, share, and publish information, it is key for organizations to be able to protect their intellectual property and data. This also applies to protect data legally required to be protected, such as personally identifiable information (PII), HIPAA (health-related protected information) or other information legally required to be secure.
Users normally access corporate-owned information from their personal devices at work, on the road or from home. Sometimes, it even needs to be shared with partners to achieve a common goal. Transmission of files via email or file-sharing services work great within the enterprise, but when those services reach outside the enterprise, the old model of OS-level security or access lists is no longer effective.
The challenge is how to keep the information that needs to float around safe from prying eyes.
Azure Rights Management leverages Azure services so that it can use identity and authorization policies along with encryption to allow users to open files being shared, even outside of the organization. At the same time, these services work on multiple platforms and devices so that no matter who uses, shares or tries to open a file or email is a legitimately authorized user.
How Does it Work?
The implementation of this solution is architecturally simple with complex processes. Simply put, encrypted content and distributed code enforce access rules. In other words, the content is encrypted and protected and can only be opened if the user can verify credentials with access to read or edit the content. This requires encryption on the data and a way for that data to be decrypted and displayed. So, the OS provides the complex decryption mechanisms while the data moves in encrypted form. This guarantees that no prying eyes have access to such content while in transit or if it’s delivered to the wrong destination. The code that enforces the policies is embedded with the OS or the apps using the protected content so that it cannot be bypassed. The only caveat is that you need to sign up to the Azure Rights Management solution and accept the rules and policies that will enforce such protections.
Azure Rights Management works on most platforms: Windows (all supported versions), Android, iOS, Windows Phone, etc. This is a global platform solution, regardless of what is used across locations and environments.
Rules and Policies
Policies define what can be done with a particular file. We already covered access for read and edit, but it can also be prevented from being printed. This is very convenient when sending documents outside of the organization, because now documents can be only opened by the people with the necessary credentials, who in turn can only read and will not be able to print or even copy-paste onto an empty document.
Emails can similarly be limited by these policies. For example, they can be prevented from being forwarded or prevented from using the “reply all” button.
Office and Office 365 integrate very nicely with Azure Rights Management. Not only are these tools able to handle documents most commonly used, but they also handle any calls required into Azure Rights Management for validating identity and credentials.
Azure Rights Management is a Must-Use Tool for the Enterprise
All in all, Azure Rights Management is a must-use tool for any enterprise that values their proprietary processes and information. It would be ill-advised to ignore the value-proposition for this service, especially when it comes included with Enterprise Mobility Suite. Most importantly, it can also integrate with your on-premise hardware and Active Directory as well as with the other components of Enterprise Mobility Suite, such as Azure Active Directory.