What is Azure Rights Management?

Applies to: Azure Information Protection, Office 365

Azure Rights Management (Azure RMS) is the protection technology used by Azure Information Protection.

This cloud-based service uses encryption, identity, and authorization policies to help secure your files and email, and it works across multiple devices—phones, tablets, and PCs. Information can be protected both within your organization and outside your organization because that protection remains with the data, even when it leaves your organization’s boundaries.

As an example, employees might email a document to a partner company, or save a document to their cloud drive. The persistent protection that Azure RMS provides not only helps to secure your company data, but might also be legally mandated for compliance, legal discovery requirements, or simply for good information management practices.

But very importantly, authorized people and services (such as search and indexing) can continue to read and inspect the data that Azure RMS protects. This capability is not easily accomplished with other information protection solutions that use peer-to-peer encryption. You might have heard this capability referred to as "reasoning over data" and it is a crucial element in maintaining control of your organization’s data.

The following picture shows how Azure RMS works as a Rights Management solution for Office 365, as well as for on-premises servers and services. You also see that Azure RMS supports the popular end-user devices that run Windows, Mac OS, iOS, Android, and Windows Phone.

How Azure RMS works

You can use Azure RMS protection with different cloud subscriptions, and it supports multiple features. You can find more information about the available subscriptions and which features they support on the Azure Information Protection site.

Next steps

To learn more about this data protection service from Azure Information Protection:

If you want to dive in and try protecting documents for yourself, try the Quick start tutorial for Azure Information Protection. This tutorial includes prompting you to protect a document when sensitive data is detected. It also includes protecting a document that you share by email, which you can then track to see how it's being used and if necessary, revoke access to it.

However, if you’re ready to start deploying Azure Information Protection for your organization so that administrators and users can start protecting documents and emails, use the Azure Information Protection deployment roadmap for your deployment steps and links for how-to instructions.


For additional information and help, use the resources and links in Information and support for Azure Information Protection.


Before commenting, we ask that you review our House rules.