Release notes

This topic contains important information about this and previous releases of the RMS SDK 2.1.

New for the February 2017 - SDK documentation update


The documentation updates in this section apply to the SDK download dated dd/mm/yy.


  • Data collection - application error and performance information collection is now available. It is controlled via a new property, IPC_EI_DATA_COLLECTION_ENABLED one of the Environment properties, and can be administratively overridden.

February 2016 update


The feature documentation updates in this section apply to the SDK download dated 12/11/2015.


  • Improved authentication flow - using OAuth2 token based authentication via the Azure Active Directory Authentication Library (ADAL). For more information on this process and the API extensions for it, see ADAL authentication for your RMS enabled application.

  • Update to ADAL - By updating your application to use ADAL authentication rather than the Microsoft Online Sign-in Assistant, you and your customers will be able to:

    Utilize multi-factor authentication Install the RMS 2.1 client without requiring administrative privileges to the machine Certify your application for Windows 10
  • Support for Microsoft Online Sign-in Assistant (SIA) with the RMS SDK is being removed. We will continue to support the use of SIA for 6 months after which time support will stop.

December 2015 update

  • Performance improvements have been implemented in several areas including:

    Publish from primary licensing server when using license-only servers. RMS SDK 2.1 fails faster when there is no network connection.
  • Many updates to improve error messaging and troubleshooting experience.

  • Note also that the Supported platforms listing is also updated.

  • The need for the pre-production environment and the use of an application manifests has been removed from the RMS SDK 2.1. These sections of this developer documentation set have been removed and the overall documentation simplified and reorganized.

May 2015 update

April 2015 update

  • Document tracking is now possible through a set of new APIs. For more information, see Tracking Content.

  • Encryption type - We now support API level control for selection of the encryption package. For more information, see Working with encryption.


    We will no longer be exposing the IPC_LI_DEPRECATED_ENCRYPTION_ALGORITHMS flag in our API. This means that future apps will no longer compile if they reference this flag, but apps already built will continue to work since we will honor the flag privately in the API code. Getting the benefit of the old deprecated encryption algorithms flag can still be achieved simply by changing a flag. For more information, see Working with encryption.


  • Server Mode Applications, those using an API mode value of IPC_API_MODE_SERVER, no longer require an application manifest. You can test your application against a production RMS server and are not required to obtain a production license when switching to production environment. For more information on server mode applications, see Application types.

  • Logging is now implemented through both file and Event Tracing for Windows methods.

  • If you're running on a Windows 7 SP1 or Windows Server 2008 R2 machine, see the note following under "Important developer notes".

January 2015 update

  • Supported protected file (pfile) size increase - Now supports pfile sizes greater than one gigabyte (1 GB). For more information on pfiles, see Support File Formats.

  • Improved logging for better diagnostics - Logging levels will show ERROR or WARNING for messages that should be reviewed. All other messages, including exceptions which are still displayed, will be logged as INFO.

    We chose this approach so that you won't lose any details. Now, only the important messages are shown with level as WARNING.

  • Acquiring Company templates – substantial fixes to the template acquire code, based on customer reports and feedback.

  • Improved localization consistency

October 2014 update

July 2014 update

The File API components of SDK has been extended and offers the following features:

April 2014 update

  • File API memory usage, especially for large PFiles has been improved significantly.

  • Content ID is now writable via the property IPC_LI_CONTENT_ID. For more information, see License property types.

  • Production manifest requirement - When your RMS enabled application/service is being run in server mode, we will not require a manifest anymore. For more information, see Application types.

  • Documentation updates

    **Reorganized** - [How-to use](/previous-versions//hh535252(v=vs.85)) to clarify the order of steps for environment setup and application testing. **Testing best practice** - guidance added for use of on-premise server before testing with Azure RMS. For more information, see [Enable your service application to work with cloud based RMS](

Important developer notes

  • Native support for all file types

    Native support can be added for any file type (extension) with this release of Rights Management Services SDK 2.1. For instance, for any extension <ext> (non-office and pdf), *.p<ext> will be used if the admin configuration for that extension is "NATIVE".

    For more information on supported file types, see File API configuration.

  • Windows 7 SP1 and Windows Server 2008 R2 SP1 machines without the update, KB2533623, may have the following error protecting any office file "The parameter is incorrect. Error code 0x80070057". If you see this, please install the update and try again. If you’re still seeing issues, please contact RMS SDK Beta Feedback alias


    As of the April 2015 release, a check has been added to the installation process for this KB.


  • File API integration

    The Active Directory Rights Management Services File API , with the addition of File API, provides the following benefits and capabilities.

    You can protect confidential data in an automated way without having to know the details of the Information Rights Management (IRM) implementation used by various file formats. Microsoft Office files, Portable Document Format (PDF) files, and selected other file types can be protected using native protection. For a complete list of file types that can be protected with native protection, see [File API configuration]( All files, except system files and Office files can be protected using RMS Protected File format (PFile).

    The file API is implemented via the following four new functions: IpcfDecryptFile, IpcfEncryptFile, IpcfGetSerializedLicenseFromFile and IpcfIsFileEncrypted.

    The File API requires that the Rights Management Service Client 2.1 be installed on the client computer and that the computer have connectivity to an RMS server. For more information on RMS server, RMS client, and their functionality, see the TechNet content for IT Pro documentation for RMS.

  • Issue: When creating a license from scratch, ownership rights must be granted explicitly.

    Solution: Your application must explicitly add Owner rights to the license owner when creating a license from scratch using IpcCreateLicenseFromScratch. For more information, see Add explicit owner rights.

  • Issue: If an application calls IpcProtectWindow or IpcUnprotectWindow twice for the same window by using its handle, RMS SDK 2.1 will return a failure in the HRESULT.

    Solution: For specific guidance on this, see the Remarks section in IpcProtectWindow and IpcUnprotectWindow.

  • Issue: When building for multiple architectures, you must use this guidance.

    Solution: If you want to use the Ipcsecproc*isv.dll for a different architecture (for example, you have installed the 64-bit SDK on a 64-bit computer but now want to deploy on a 32-bit computer that requires Ipcsecproc*isv.dll), you must install the 32-bit SDK on a different computer and copy the Ipcsecproc*isv.dll files to there from the "%PROGRAMFILES%\Microsoft Information Protection And Control" folder (the default location or wherever you chose to install the SDK).

Frequently asked questions

**Q**: How does the default language behavior work with functions that take an LCID parameter? **A**: Use 0 for the default locale. In this case, RMS Client 2.1 looks up names and descriptions in the following sequence and retrieves the first available one:
1 - User preferred LCID. 2 - System locale LCID. 3 - The first available language specified in the Rights Management Server (RMS) template.

If no name and description can be retrieved, an error is returned. There can be only one name and description for a specific LCID.


Add explicit owner rights

File API configuration