PL UL PL Protection is persisted with the data, content can travel anywhere Prevent the accidental...

Deep Dive on Information Rights Management and SharePointBarak Cohen, Neil Wang

SPC073

• How IRM works in SharePoint and in Office 365

• What is new in SharePoint 2013• IRM and PDF• IRM Programmability• Q&A

Agenda

• IRM: Information Rights Management• DRM: Digital Rights Management• RMS: Right Management Server• RMS Online (AADRM): Cloud based Right

Management Service• Publishing License: the license a document is

published with• Usage License: the license to use the document• AD: Active directory• ADFS: Active Directory Federation Services

Glossary

How IRM works?

PL

UL

PL

Protection is persisted with the data, content

can travel anywhere

Prevent the accidental disclosure of sensitive

data by applying usage polices (cannot

forward, cannot print, read-only)

Securely share data with individuals

Email, documents, files

RMSAD

How IRM works in SharePoint (Recap)?

PL

UL

PL

RMS

MSDRM

Document Protectors

AD

GUID

GUID GUID

GUIDGUID

Re-plumbing IRM for the cloud

MSDRM

Office Clients SharePoint

MSIPC

ProtectorsSingle Tenant RMS Server

ProtectorsMulti TenantRMS Service WAC

How IRM works in SharePoint 2013?

PL

UL

PL

SharePoint RMS

MSIPC

New Document Protectors

AD

GUID

GUID GUID

GUIDGUID

How IRM works in SharePoint Online?

SharePoint

RMS

Exchange

AD in Office 365

Tenant 1 , Tenant 2 …. Tenant N Tenant 1 , Tenant 2 …. Tenant N

Start protecting when you subscribe to Office

365

Integrated within Exchange Online,

SharePoint Online and Office, users will use

applications and services they are already familiar

with today.

oOn premises: SharePoint Standard & Enterprise

oOffice 365: E3, E4, A3 and A4 Office Online SKUs

What SharePoint configurations can work with IRM?

SharePoint

AD ADFS RMS

SharePoint Online

ADFS RMSAD

SharePoint Online

RMSAD

On Premises Federated Online

1. Document protection in the cloud (and for subscriptions on premises)

2. Protecting documents is easy (with granular usage rights)

3. Protected documents can be viewed in browser4. Group protection5. Support for PDF in addition to Office formats6. Programmability

6 new document protection features

Document protection in Office 365 with AADRM

rights management

Document protection in SharePoint online

Document protection for subscriptions

Demo: configuring IRM in Office 365 and SharePoint onlineNeil Wang

• Updated simpler UI• Granular usage rights• Office web application support• Group protection

Protecting documents is easy (with granular usage rights)

• Set access rights (print, run scripts to enable screen readers, or enable writing on a copy of the document (new to Office 2013))

• Set expiration date (date after which the document cannot be used)

Usage rights

Protected documents can be viewed in browser

How does WAC work with IRM?

SharePoint

MSIPC

Document Protectors

GUIDGUIDGUID

Web AppsWOPI

Group protection

RMS

AD

SharePoint

users

groups

PL

UL

PL

GUID

PDF support

• Extension to ISO 32000 (PDF Protection)

• A new protector in SharePoint• Standard compliant• Supports discovery payload

• Compatible with 3rd party readershttp://go.microsoft.com/fwlink/?LinkID=231373

Call to action: bring your PDF viewer to market

PDF support

The Foxit PDF reader

Demo: New IRM document protection featuresNeil Wang

Programmability (Farm level)Example PowerShell commandEnable IRM for the farm and configures it to use the default RMS server configured in Active Directory.

Set-SPIRMSettings -IrmEnabled -UseActiveDirectoryDiscovery

Enables IRM for the farm and specifies the URL of the RMS server to use

Set-SPIRMSettings -IrmEnabled -CertificateServerUrl http://myrmsserver 

Enable IRM for the specified tenant and specifies the URL of the RMS server to use.

Set-SPIRMSettings –IrmEnabled -SubscriptionScopeSettingsEnabled site = Get-SPSite http://myspserver$subscription = $site.SiteSubscription

Set-SPSiteSubscriptionIrmConfig -Identity $subscription -IrmEnabled

-CertificateServerUrl http://myrmsserver 

Disable IRM for the farm Set-SPIRMSettings -IrmEnabled:$false 

SPInformationRightsManagementSettings classSPInformationRightsManagementSettings membersSPInformationRightsManagementSettings methodsSPInformationRightsManagementSettings properties

Programmability (Library level)

The Document Leak problem demoNeil Wang

Other interesting sessions in SPCSPC173 - Overview of ECM for teams with Site Mailboxes (Tue 9AM)SPC223 - CMIS and SharePoint 2013: Interop with other ECM systems (Tue 3:15)SPC018 - Best Practices for ECM in the Cloud, and how large organizations can get the most out of Office 365 (Wed 9:00)SPC112 - Customer Showcase: How Clifford Chance, one of the world's largest law firms, has bet its ECM strategy on SharePoint (Wed 3:15)SPC251 - What's New in Managing Your SharePoint Online Environment (Mon 3:45)SPC195 - PowerShell 3.0 Administration with SharePoint 2013 (Tue 9:00)

Read more: IRM in SharePoint 2013 blog

Q&A

Evaluate this session now on MySPC using your laptop or mobile device: http://myspc.sharepointconference.com

MySPC

© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.