AD RMS Bulk Protection Tool AD RMS & File Classification Infrastructure AD RMS PowerShell Exchange 2010 & AD RMS Integration Features On the Horizon…
Download ReportTranscript AD RMS Bulk Protection Tool AD RMS & File Classification Infrastructure AD RMS PowerShell Exchange 2010 & AD RMS Integration Features On the Horizon…
AD RMS Bulk Protection Tool AD RMS & File Classification Infrastructure AD RMS PowerShell Exchange 2010 & AD RMS Integration Features On the Horizon… Help securely enable business by managing risk and empowering people Identity Highly Secure & Interoperable Platform Across on-premises & cloud from: Block Cost Siloed to: Enable Value Seamless Microsoft Business Ready Security AD RMS Bulk Protection Tool AD RMS & File Classification Infrastructure AD RMS PowerShell Exchange 2010 & AD RMS Integration Features On the Horizon… Customer Scenarios Bulk decryption • E-discovery of content for litigation or audit purposes Bulk encryption • Safeguarding existing sensitive information • Classifying and protecting sensitive information with File Classification Infrastructure (FCI) Feature Details Command Line Examples • Bulk Decryption RMSBulk.exe /decrypt \\Share\Folder\ /log RMSBulk.log • Bulk Encryption RMSBulk.exe /encrypt \\Share\Folder\file.doc ContosoConfidential.xml /log C:\Logs\RMSBulk.log http://www.microsoft.com/downloads/details.aspx?displaylang=en&Fam ilyID=f9fbe58f-c175-41d0-afdc-6f160ab809cd Microsoft Business Ready Security AD RMS Bulk Protection Tool AD RMS & File Classification Infrastructure AD RMS PowerShell Exchange 2010 & AD RMS Integration Features On the Horizon… Identify and protect sensitive documents on file servers Complement manual RMS protection with automated server-side IT policies for complete ownership of security infrastructure and prevention of inadvertent data leakage 4 2 3 1 c FCI Classify Mgmt Task: RMS Protect c User creates a file “marketing.docx” on Windows Server 2008 R2 file server File Classification Infrastructure (FCI) classifies file as “sensitive” based on content, including “Confidential” and “Internal only” Full-Time Employee can access “marketing.docx” 5 Automated File Management Task invokes RMS protection to restrict access to “Full-Time Employees” only A malicious user getting access to the file through unintentional leak is not able to access file content Businesses can automatically RMS protect 1,000s of confidential files on their file servers Microsoft Business Ready Security AD RMS Bulk Protection Tool AD RMS & File Classification Infrastructure AD RMS PowerShell Exchange 2010 & AD RMS Integration Features On the Horizon… Microsoft Business Ready Security AD RMS Bulk Protection Tool AD RMS & File Classification Infrastructure AD RMS PowerShell Exchange 2010 & AD RMS Integration Features On the Horizon… Automatic Content Based Privacy • Transport Protection Rule • Protected Voice Message • Outlook Protection Rule Streamline End User Experience • RMS Integration in OWA Enable IT Infrastructure • Transport Pipeline Decryption • Journal Report Decryption Automatic Content Based Privacy • Transport Protection Rule • Protected Voice Message • Outlook Protection Rule Streamline End User Experience • RMS Integration in OWA Enable IT Infrastructure • Transport Pipeline Decryption • Journal Report Decryption Eliminate reliance on end-user Enforcement Tools are required. Content Protection should be automated. Automatic Content-Based Privacy: • Transport Rule action to apply RMS template to e-mail message • Transport Rules support regex scanning of attachments in Exchange 2010 • Do Not Forward policy available out of box Automatic Content Based Privacy • Transport Protection Rule • Protected Voice Message • Outlook Protection Rule Streamline End User Experience • RMS Integration in OWA Enable IT Infrastructure • Transport Pipeline Decryption • Journal Report Decryption Automatic Content Based Privacy • Transport Protection Rule • Protected Voice Message • Outlook Protection Rule Streamline End User Experience • RMS Integration in OWA Enable IT Infrastructure • Transport Pipeline Decryption • Journal Report Decryption RMS protection should not break IT infrastructure Journal Report Decryption Agent • Attaches clear-text copies of RMS protected messages and attachments to journal mailbox • Requires super-user privileges, off by default Archive/Journal Microsoft Business Ready Security AD RMS Bulk Protection Tool AD RMS & File Classification Infrastructure AD RMS PowerShell Exchange 2010 & AD RMS Integration Features On the Horizon… Mac Office Exchange 2010 SP1 View Protected attachments in OWA IRM in Exchange Active Sync Enhanced collaboration using Microsoft Federation Gateway Cross Premises IRM support for Exchange Online Exchange 2010 RTM Exchange 2007 Exchange 2010 SP1 View Protected attachments in OWA • • • IRM in EAS policy can be configured on a per user basis EAS transactions must be made over SSL All encryption/decryption operations are executed at CAS 5 Woodgrove Bank Trey Engineering 1. 2. 3 4 7 3. 4. 5 6 5. Exchange AD RMS 1 9 6. 7. 8. UL 9. Author sends protected mail to recipient at Trey Engineering Exchange (Trey Engineering) receives message and performs service discovery against Woodgrove Bank’s AD RMS Server Exchange (Trey Engineering) requests a token from the MFG MFG validates the claims and returns the token to Exchange (Trey Engineering) Exchange (Trey Engineering) creates a bootstrapping request including the token to the AD RMS server. AD RMS Server validates the token and then returns a RAC for Exchange(Trey Engineering) Exchange (Trey Engineering ) then requests a token on behalf of the recipient from the MFG Repeat Steps 4-6 for a licensing request The message is delivered and the recipient can consume the content via OWA Import TPD SIA313 Secure Collaboration: All You Need to Know about Extending Active Directory Rights Management Services (AD RMS) Protected Content to External Parties SIA322 Business Ready Security: Protecting Information with Microsoft Forefront and Windows Server 2008 R2 Active Directory SIA08-INT Information Protection: Implementing Information Protection Using Active Directory Rights Management Services SIA03-HOL | Information Protection using Active Directory Rights Management Services (AD RMS) SIA07-HOL | Information Protection Solution: Business Ready Security with Microsoft Forefront and Active Directory Red SIA-2 | Microsoft Forefront Information Protection Solution http://technet.microsoft.com/en-us/dd448611.aspx http://technet.microsoft.com/en-us/library/dd772711(WS.10).aspx http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=f9fbe58f-c175-41d0-afdc6f160ab809cd#tm http://blogs.msdn.com/rms/ http://blogs.technet.com/rmssupp/ http://www.microsoft.com/fci http://technet.microsoft.com/en-us/library/ee156482.aspx http://vepcdn.microsoft.com/prod/images/64/Area/214/2676/9fd29bc1-bd16-42fe-a39ef1d91d62aa60.pdf • IRM protectors control the conversion of documents to their encrypted, rights-managed format and the decryption of documents from their rights-managed format back to their original format Name Supported File Formats MsoIrmProtector doc, dot, xla, xls, xlt, pps, ppt OpcIrmProtector docm, docx, dotm, dotx, xlam, xlsb, xlsm, xlsx, xltm, xltx, xps, potm, potx, ppsx, ppsm, pptm, pptx, thmx