AD RMS Bulk Protection Tool AD RMS & File Classification Infrastructure AD RMS PowerShell Exchange 2010 & AD RMS Integration Features On the Horizon…

Download Report

Transcript AD RMS Bulk Protection Tool AD RMS & File Classification Infrastructure AD RMS PowerShell Exchange 2010 & AD RMS Integration Features On the Horizon…

AD RMS Bulk Protection Tool
AD RMS & File Classification Infrastructure
AD RMS PowerShell
Exchange 2010 & AD RMS Integration Features
On the Horizon…
Help securely enable business by managing risk and empowering people
Identity
Highly Secure & Interoperable
Platform
Across on-premises & cloud
from:
Block
Cost
Siloed
to:
Enable
Value
Seamless
Microsoft Business Ready Security
AD RMS Bulk Protection Tool
AD RMS & File Classification Infrastructure
AD RMS PowerShell
Exchange 2010 & AD RMS Integration Features
On the Horizon…
Customer Scenarios
Bulk decryption
• E-discovery of content for litigation or audit purposes
Bulk encryption
• Safeguarding existing sensitive information
• Classifying and protecting sensitive information with File
Classification Infrastructure (FCI)
Feature Details
Command Line Examples
• Bulk Decryption
RMSBulk.exe /decrypt \\Share\Folder\ /log RMSBulk.log
• Bulk Encryption
RMSBulk.exe /encrypt \\Share\Folder\file.doc ContosoConfidential.xml /log
C:\Logs\RMSBulk.log
http://www.microsoft.com/downloads/details.aspx?displaylang=en&Fam
ilyID=f9fbe58f-c175-41d0-afdc-6f160ab809cd
Microsoft Business Ready Security
AD RMS Bulk Protection Tool
AD RMS & File Classification Infrastructure
AD RMS PowerShell
Exchange 2010 & AD RMS Integration Features
On the Horizon…
Identify and protect sensitive documents on file servers
Complement manual RMS protection with automated server-side IT policies for complete ownership of security infrastructure
and prevention of inadvertent data leakage
4
2
3
1
c
FCI Classify
Mgmt Task: RMS
Protect
c
User creates a file “marketing.docx”
on Windows Server 2008 R2 file
server
File Classification Infrastructure
(FCI) classifies file as “sensitive”
based on content, including
“Confidential” and “Internal only”
Full-Time Employee can access
“marketing.docx”
5
Automated File Management Task
invokes RMS protection to restrict
access to “Full-Time Employees” only
A malicious user getting access to the
file through unintentional leak is not
able to access file content
Businesses can automatically RMS protect 1,000s of confidential files on their file servers
Microsoft Business Ready Security
AD RMS Bulk Protection Tool
AD RMS & File Classification Infrastructure
AD RMS PowerShell
Exchange 2010 & AD RMS Integration Features
On the Horizon…
Microsoft Business Ready Security
AD RMS Bulk Protection Tool
AD RMS & File Classification Infrastructure
AD RMS PowerShell
Exchange 2010 & AD RMS Integration Features
On the Horizon…
Automatic Content
Based Privacy
• Transport Protection Rule
• Protected Voice Message
• Outlook Protection Rule
Streamline End
User Experience
• RMS Integration in OWA
Enable IT
Infrastructure
• Transport Pipeline Decryption
• Journal Report Decryption
Automatic Content
Based Privacy
• Transport Protection Rule
• Protected Voice Message
• Outlook Protection Rule
Streamline End
User Experience
• RMS Integration in OWA
Enable IT
Infrastructure
• Transport Pipeline Decryption
• Journal Report Decryption
Eliminate reliance on end-user
Enforcement Tools are required.
Content Protection should be automated.
Automatic Content-Based Privacy:
• Transport Rule action to apply RMS template to e-mail message
• Transport Rules support regex scanning of attachments in Exchange
2010
• Do Not Forward policy available out of box
Automatic Content
Based Privacy
• Transport Protection Rule
• Protected Voice Message
• Outlook Protection Rule
Streamline End
User Experience
• RMS Integration in OWA
Enable IT
Infrastructure
• Transport Pipeline Decryption
• Journal Report Decryption
Automatic Content
Based Privacy
• Transport Protection Rule
• Protected Voice Message
• Outlook Protection Rule
Streamline End
User Experience
• RMS Integration in OWA
Enable IT
Infrastructure
• Transport Pipeline Decryption
• Journal Report Decryption
RMS protection should not break IT infrastructure
Journal Report Decryption Agent
• Attaches clear-text copies of RMS protected
messages and attachments to journal mailbox
• Requires super-user privileges, off by default
Archive/Journal
Microsoft Business Ready Security
AD RMS Bulk Protection Tool
AD RMS & File Classification Infrastructure
AD RMS PowerShell
Exchange 2010 & AD RMS Integration Features
On the Horizon…
Mac Office
Exchange 2010 SP1
View Protected attachments in OWA
IRM in Exchange Active Sync
Enhanced collaboration using Microsoft Federation Gateway
Cross Premises IRM support for Exchange Online
Exchange
2010 RTM
Exchange
2007
Exchange
2010 SP1
View Protected attachments in OWA
•
•
•
IRM in EAS policy can be configured on a per user basis
EAS transactions must be made over SSL
All encryption/decryption operations are executed at CAS
5
Woodgrove Bank
Trey Engineering
1.
2.
3
4
7
3.
4.
5
6
5.
Exchange
AD RMS
1
9
6.
7.
8.
UL
9.
Author sends protected mail to recipient at Trey Engineering
Exchange (Trey Engineering) receives message and performs
service discovery against Woodgrove Bank’s AD RMS Server
Exchange (Trey Engineering) requests a token from the MFG
MFG validates the claims and returns the token to Exchange
(Trey Engineering)
Exchange (Trey Engineering) creates a bootstrapping request
including the token to the AD RMS server.
AD RMS Server validates the token and then returns a RAC for
Exchange(Trey Engineering)
Exchange (Trey Engineering ) then requests a token on behalf of
the recipient from the MFG
Repeat Steps 4-6 for a licensing request
The message is delivered and the recipient can consume the
content via OWA
Import TPD
SIA313 Secure Collaboration: All You Need to Know about Extending Active Directory
Rights Management Services (AD RMS) Protected Content to External Parties
SIA322 Business Ready Security: Protecting Information with Microsoft Forefront and
Windows Server 2008 R2 Active Directory
SIA08-INT Information Protection: Implementing Information Protection Using
Active Directory Rights Management Services
SIA03-HOL | Information Protection using Active Directory Rights Management
Services (AD RMS)
SIA07-HOL | Information Protection Solution: Business Ready Security with Microsoft
Forefront and Active Directory
Red SIA-2 | Microsoft Forefront Information Protection Solution
http://technet.microsoft.com/en-us/dd448611.aspx
http://technet.microsoft.com/en-us/library/dd772711(WS.10).aspx
http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=f9fbe58f-c175-41d0-afdc6f160ab809cd#tm
http://blogs.msdn.com/rms/
http://blogs.technet.com/rmssupp/
http://www.microsoft.com/fci
http://technet.microsoft.com/en-us/library/ee156482.aspx
http://vepcdn.microsoft.com/prod/images/64/Area/214/2676/9fd29bc1-bd16-42fe-a39ef1d91d62aa60.pdf
• IRM protectors control the conversion of documents to their encrypted, rights-managed
format and the decryption of documents from their rights-managed format back to their
original format
Name
Supported File Formats
MsoIrmProtector
doc, dot, xla, xls, xlt, pps, ppt
OpcIrmProtector
docm, docx, dotm, dotx, xlam, xlsb,
xlsm, xlsx, xltm, xltx, xps, potm, potx,
ppsx, ppsm, pptm, pptx, thmx