Enable more secure business collaboration from virtually anywhere and across devices, while preventing unauthorized use of confidential information PROTECT everywhere ACCESS anywhere • Secure,
Download ReportTranscript Enable more secure business collaboration from virtually anywhere and across devices, while preventing unauthorized use of confidential information PROTECT everywhere ACCESS anywhere • Secure,
Enable more secure business collaboration from virtually anywhere and across devices, while preventing unauthorized use of confidential information PROTECT everywhere ACCESS anywhere • Secure, seamless access • Protect sensitive information in documents • Best-in-class anti-malware INTEGRATE and EXTEND security • Deep Microsoft SharePoint and Office integration • Standards-based interoperability across organizations and cloud SIMPLIFY security, MANAGE compliance • Enterprise-wide visibility • Easier partner management AD RMS within an Enterprise environment Enable secure collaboration using AD RMS AD RMS Trusted User Domains AD RMS Integration with Active Directory Federation Services ADRMS Integration with the Microsoft Federation Gateway Questions Persistent Protection Encryption + Policy: • Access Permissions • Use Right Permissions Provides identity-based protection for sensitive data Controls access to information across the information lifecycle Allows only authorized access based on trusted identity Secures transmission and storage of sensitive information wherever it goes – policies embedded into the content; documents encrypted Embeds digital usage policies (print, view, edit, expiration etc. ) in to the content to help prevent misuse after delivery Overview of Active Directory Rights Management Services (AD RMS) AD RMS concepts and deployment within the Enterprise Enable secure collaboration using AD RMS AD RMS Trusted User Domains AD RMS Integration with Active Directory Federation Services ADRMS Integration with the Microsoft Federation Gateway Questions Corporate Network The Internet 6 5 2 RMS Cluster 1 4 7 PL RAC CLC UL 3 RAC CLC Overview of Active Directory Rights Management Services (AD RMS) AD RMS within an Enterprise environment Enable secure collaboration using AD RMS AD RMS Trusted User Domains AD RMS Integration with Active Directory Federation Services ADRMS Integration with the Microsoft Federation Gateway Questions Overview of Active Directory Rights Management Services (AD RMS) AD RMS within an Enterprise environment Enable secure collaboration using AD RMS AD RMS Trusted User Domains AD RMS Integration with Active Directory Federation Services ADRMS Integration with the Microsoft Federation Gateway Questions AD RMS Forest A John in Forest A sends RM content to Monica in Forest B AD RMS Forest B Monica in Forest B sends PL and RAC with request for UL from Forest B AD RMS Forest A 2) Import TUD from Forest 2 AD RMS Forest B 1) Export TUD from Forest 2 5) Server uses imported SLC to verify Monica’s RAC and returns UL 3) John in Forest A sends RM content to Monica in Forest B 4) Monica in Forest B sends PL and RAC with request for UL Overview of Active Directory Rights Management Services (AD RMS) AD RMS within an Enterprise environment Enable secure collaboration using AD RMS AD RMS Trusted User Domains AD RMS Integration with Active Directory Federation Services ADRMS Integration with the Microsoft Federation Gateway Questions AD RMS Integration with AD FS Scenario AD Contoso AD Fabrikam FS-R 9 Assume author is already bootstrapped 2. Author sends protected mail to recipient at Fabrikam 3. Recipient contacts RMS server to get bootstrapped 4. WebSSO agent intercepts request 5. RMS client is redirected to FS-R for home realm discovery 6. RMS client is redirected to FS-A for authentication 7. RMS client is redirected back to FS-R for authentication 8. RMS client makes request to RMS server for bootstrapping 9. WebSSO agent intercepts request, checks authentication, and sends request to RMS server 10. RMS server returns bootstrapping certificates to recipient 11. RMS server returns use license to recipient 12. Recipient accesses protected content 1. FS-A WebSSO 4 6 5 3 7 8 RMS 2 PL 11 10 1 12 RAC CLC RAC CLC UL Overview of Active Directory Rights Management Services (AD RMS) AD RMS within an Enterprise environment Enable secure collaboration using AD RMS AD RMS Trusted User Domains AD RMS Integration with Active Directory Federation Services ADRMS Integration with the Microsoft Federation Gateway Questions Fabrikam may also have their own RMS deployment Marcus Jane Exchange 2010 Marcus Jane Exchange 2010 Marcus Jane Exchange 2010 Jane could have protected the message at OWA/OLK Marcus Jane Exchange 2010 Marcus Jane Exchange 2010 Fabrikam will cache the RAC to use in future requests RAC Marcus Jane Exchange 2010 All proxy addresses of the federated Identity are included in the Token Marcus Jane Exchange 2010 The Use License call is batched and a single MFG token is presented for all recipients UL Marcus Jane Exchange 2010 The Use License will be used to decrypt the message for OWA, Transport Decryption, Journal Report Decryption Marcus Jane Exchange 2010 Breakout & Interactive Sessions SIA323 |Business Ready Security: Securely Collaborate with Partners and Employees Using SharePoint, Microsoft Forefront, and Windows Server 2008 R2 Active Directory SIA312 |Secure Collaboration: Install and Configure Remote Access for Microsoft SharePoint Server in an Hour SIA313 | Secure Collaboration: All You Need to Know about Extending Active Directory Rights Management Services (AD RMS) Protected Content to External Parties SIA315|Secure Collaboration: Microsoft Forefront Protection 2010 for SharePoint Deep Dive SIA309-INT | Secure Collaboration: Protecting Your Microsoft SharePoint Server Using Microsoft Forefront Business Ready Security Hands-On Lab SIA08-HOL | Secure Collaboration Solution: Business Ready Security with Microsoft Forefront and Active Directory Product Demo Station Red SIA-4 | Microsoft Forefront Secure Collaboration Solution Learn more about our solutions: http://www.microsoft.com/forefront Try our products: http://www.microsoft.com/forefront/trial www.microsoft.com/teched www.microsoft.com/learning http://microsoft.com/technet http://microsoft.com/msdn Sign up for Tech·Ed 2011 and save $500 starting June 8 – June 31st http://northamerica.msteched.com/registration You can also register at the North America 2011 kiosk located at registration Join us in Atlanta next year