locked
Azure RMS Permission questions RRS feed

  • Question

  • Hello! I would like to ask two questions related to Azure Rights Management services and how is it possible to give permission to the e-mail recipient user to open protected document.

    First question:1
    In case the sending user (User1@Adomain.com) send a RMS protected user to a (User2@ZDomain.com) which is not in the same Azure tenant nor O365 tenant and doesn't have RMS license. is it possible for this user to open the document or not? ( I tried and it seems that only users inside the same Exchange organizations that have RMS license can open the protected docs.! 

    Second question:2 
    How is it possible to send protected documents to anything that's not Exchanged Mail based. e.g. Zimbra, Zentyal, Postfix ..etc !

    Thanks

    Mohammed JH

    Thursday, September 10, 2015 10:58 AM

Answers

  • Mohammed,

    The answer to both of your questions are as follows.

    When using Azure RMS recipient does not need to have an Azure RMS service of their own. The person who sends the protected content, it's their RMS service that will authenticate the recipient and let them access the content.

    If the recipient has their own O365 tenant or Azure AD then your RMS service will be able to authenticate them. Otherwise they need a free "RMS for individuals" account. Currently these are available to most business email addresses. If you have a personal email account (e.g. Hotmail, Gmail, Yahoo, etc.) you cannot get a free RMS for Individuals at this time.

    All of this is covered in "What is Azure Rights Management?" on TechNet.

    /Steve


    Steve L [MSFT] This posting is provided "AS IS" with no warranties, and confers no rights.

    Friday, September 11, 2015 2:05 PM

All replies

  • Hello,

     

    We are researching on the query and would get back to you soon on this. I apologize for the inconvenience and appreciate your time and patience in this matter.

     

    Best Regards,

    Kamalakar

    Thursday, September 10, 2015 4:26 PM
  • Mohammed,

    The answer to both of your questions are as follows.

    When using Azure RMS recipient does not need to have an Azure RMS service of their own. The person who sends the protected content, it's their RMS service that will authenticate the recipient and let them access the content.

    If the recipient has their own O365 tenant or Azure AD then your RMS service will be able to authenticate them. Otherwise they need a free "RMS for individuals" account. Currently these are available to most business email addresses. If you have a personal email account (e.g. Hotmail, Gmail, Yahoo, etc.) you cannot get a free RMS for Individuals at this time.

    All of this is covered in "What is Azure Rights Management?" on TechNet.

    /Steve


    Steve L [MSFT] This posting is provided "AS IS" with no warranties, and confers no rights.

    Friday, September 11, 2015 2:05 PM
  • Hello,

    We hope that the last response helped clarify the query.

    We would like to now mark this thread as ‘Answered’, which can help others facing the same issue. If you’re still facing any issues, please write back to us, and we can continue working on this.

    Regards,

    Sunday, September 13, 2015 10:38 AM
  • Hi Steve, I have tried that but it didn't work for me. here's the scenario that I have tried

    Sending email with an account in Exchange online with (Azure RMS Rule - Confidential View only rule) to another Office 365 tenant mail gives the following ( please see the attachment picture ) Configuring your computer for IRM then asks me for my user's credentials and after I enter them nothing happens. 

    I already have tried this on two different computers with the same result. 

    Configuring your computer for IRM


    Mohammed JH

    Monday, September 14, 2015 11:29 AM
  • Mohammed,

    When sending email to external recipients you cannot use RMS templates. RMS templates only grant access to users/groups from your tenant. Thus if you send email to anyone not in your tenant they have not been granted access via the template. We'll have to wait until Azure RMS templates allow us to add foreign email addresses in them to be able to apply templates to external recipient emails.

    If you want to use Outlook or OWA to create a protect email to an external recipient (user, not a group) you may use the 'Do Not Forward' option. This specifically protects the content to the individual's email which may be authenticated by another tenant or by the Azure RMS for Individuals account.

    If you want to send a document with specific permissions please use the RMS Sharing App to 'share protected' the content to the external individual.

    /Steve


    Steve L [MSFT] This posting is provided "AS IS" with no warranties, and confers no rights.

    Monday, September 14, 2015 1:14 PM