Preparing for Azure Rights Management

Carol Bailey

Applies to: Azure Rights Management, Office 365

After you have signed up for a cloud subscription and established your organization with an account for Microsoft Office 365 or Azure Active Directory, you’re ready to enable the Rights Management service.

However, before you do so, make sure that the following are in place:

  • User accounts and groups in the cloud that you create manually or that are automatically created and synchronized from Active Directory Domain Services (AD DS).

    When you synchronize your on-premises accounts and groups, not all attributes need to be synchronized. For a list of the attributes that must be synchronized for Azure RMS, see the Azure RMS section from the Azure Active Directory documentation. For ease of deployment, we recommend that you use Azure AD Connect to connect your on-premises directories with Azure Active Directory but you can use any directory synchronization method that achieves the same result.

  • Mail-enabled groups in the cloud that you will use with Rights Management. These can be built-in groups or manually created groups that contain users who will use Rights Management.

    If you have Exchange Online, you can create and use mail-enabled groups by using the Exchange admin center. If you have AD DS and are synchronizing to Azure AD, you can create and use mail-enabled groups that are either security groups or distribution groups.

Enable Rights Management

By default, Rights Management is disabled when you sign up for your Office 365 or Azure AD account. To enable Rights Management for your organization, you must activate the service. For more information, see Activating Azure Rights Management.