Applies to: Azure Information Protection, Office 365
Use the following information to help you understand how the most commonly used end-user applications (such as the Office applications, Word, Excel, PowerPoint, and Outlook) and services (such as Exchange and SharePoint) can use the Azure Rights Management service from Azure Information Protection to help protect your organization’s documents and emails.
To verify the applications and versions that the Azure Rights Management service supports, see Applications that support Azure Rights Management data protection.
In some cases, the Azure Rights Management service automatically applies protection, according to policies that administrators configure. For example, this is the case with SharePoint libraries and Exchange transport rules. In other cases, end users must apply information protection themselves from their applications, for example, by selecting a classification label that has configured to apply a template, selecting a template directly, or by selecting specific options. Protection applied by users is typical when users protect a file to share and they restrict access or usage to selected users or to users outside the organization.
Templates make it easier for users (and administrators who configure policies) to apply the correct level of protection and restrict access to people inside your organization. Although the Azure Rights Management service comes with two default templates, you will probably want to create custom templates to reduce the times when they have to specify individual options. For more information, see Configuring custom templates for the Azure Rights Management service.
For the cases where users must apply information protection themselves, be sure to provide them with instructions and guidance how and when to do this. The instructions should be specific for the application and versions that they use and how they use them, and the guidance for when and how to apply information protection should be appropriate for your business. For more information, see Helping users to protect files by using the Azure Rights Management service.
For information about how to configure these applications for the Azure Rights Management service from Azure Information Protection, see Configuring applications for Azure Rights Management.
For examples and screenshots of applications using the Azure Rights Management service, see Azure RMS in action: What administrators and users see.
Search services can integrate with Rights Management in different ways. For example:
Exchange Online and Exchange Server use service-side indexing so that a user's RMS-protected emails are automatically displayed in their search results.
SharePoint Online and SharePoint Server apply Rights Management protection to files only on download, which means that indexing and search results on SharePoint are not affected by this document protection solution. However, if you have a document that you want to store in SharePoint and should not be returned in search results, RMS-protect the file before uploading it to SharePoint.
Windows desktop search uses a shared index between different users of the device, so to keep the data in the protected documents secure, it does not index RMS-protected files. This means that although your search results don’t include files that you have protected, you can be assured that your files containing sensitive data will not be displayed in search results for other users who might sign in to or connect to your PC.
Learn more about how each of the following supports the Azure Rights Management service:
Before commenting, we ask that you review our House rules.