Integrate Azure RMS Protection for SharePoint On Prem (Step by Step video)

Azure Rights Management (RMS) can protect your on-premises servers using the free RMS Connector app. Basically the RMS Connector is a tiny application that provides an RMS Proxy rather than having to deal with the complexity and limitations of a real RMS server. The RMS Connector basically allows  SharePoint, Exchange and/or a File Classification Infrastructure (FCI) enabled Windows File Server to connect to it the exact same as a local RMS server.

The utility is a couple fold, first, it extends the same templates and RMS Authority beyond your local on-prem environment, allowing for better mobile or BYOD consumption of protected data while still respecting the security. Secondly, native RMS servers are hard to setup, hard to manage and really limited…

By using Azure RMS to do the heavy lifting, Microsoft does all of the high availability, crossing of domains, federation, manages the encryption keys, certificates, auditing, revocation of permissions, reporting and other complexities for you. All you have to do is tell one of the supported servers/applications is “Hey, I’ve got an RMS Authority in Azure, you can connect to it via this RMS connector server” and immediately everything starts working.

As a word of caution, this example is not high availability. For production, you should have two servers with the RMS Connector and load balance them behind a load balancer.

Prerequisites:

  • Azure RMS must be configured
  • SharePoint server must be 2010+
  • The RMS Connector cannot be installed on any servers that it is protecting

Step by Step below:

Why bother doing this? Well for starters thanks to Azure Application Proxy my on-prem SharePoint serves are now easily available outside of my firewall. Integrating RMS ensures my data is protected, audited and easily secured even on BYOD devices. This lets me be more productive without releasing my control of my data, even if it’s shared outside of my environment.

Questions or comments? Hit me up at @Joe_Kuster on twitter.