Azure RMS and OneDrive for Business: The End-User Experience

Protecting company data is important, but you don’t want to impact the productivity of your employees and users. In this blog, find out what happens when you enable Azure Rights Management (RMS) on OneDrive for business.

OneDrive for Business is built right on top of SharePoint. Therefore OneDrive for Business has support for Azure RMS for its Information Rights Management (IRM) provider. IRM can be enabled in OneDrive for Business by its respective user but I can’t imagine many individual users performing this action voluntarily. Until recently Microsoft didn’t release a method to do this from an administrative position. I want to talk a little bit about the end user experience when you enable this feature. TechNet can easily get you on the path to enabling this but we need to talk about what happens to the user’s data. Here two of the main options that will affect a users OneDrive when applying IRM: Do not allow users to upload documents that do not support IRM. This will prevent the user from uploading any document that is not any of the following types:

  • Microsoft Office InfoPath forms
  • The 97-2003 file formats for the following Microsoft Office programs: Word, Excel, and PowerPoint
  • The Office Open XML Formats for the following Microsoft Office programs: Word, Excel, and PowerPoint
  • The XML Paper Specification (XPS) format

When enabled on the OneDrive document library the user will be notified by the icon in their OneDrive for Business folder or in the web upload dialog.

AzRMSOneDriveBusiness1

AzRMSOneDriveBusiness2

If you enable this on an existing user that has populated their OneDrive with files, the existing files that support protection will be protected but files that do not support protection will remain in the library without protection. The OneDrive for Business sync app will need to download the newly protected files to the users computers.

Prevent opening documents in the browser for this Document Library – This will disable using the Office Web applications to open documents. All documents will need to be opened with their respective desktop application.

Currently users can disable IRM in SharePoint if they want, so it would be prudent to have a process that reapplies IRM at a set interval.

Important!

If you apply IRM to existing users with files currently in their OneDrive the desktop syncing application will pull down the new RMS protected versions of the files. If a user has a massive number of files this will take some time and has the potential to interrupt their work.

Hopefully that helps clear up some OneDrive for Business IRM/Azure RMS questions.

Read more about Azure RMS here. 


 

DISCOVER MORE ABOUT THE NUTS AND BOLTS OF ATA AT OUR SUMMIT

Attend our North American Summit in May 2016 when we’ll be talking about PAM and many other aspects of identity, identity protection, security and enterprise mobility. Here’s the agenda.

WHERE At Microsoft headquarters in Redmond, WA  |  WHEN May 24-26, 2016

  • Learn from industry leaders and technical and business experts
  • Immerse yourself in sessions, presentations, networking and discussions
  • Gather ideas and get answers
  • Case studies!  Discover how others have overcome the same challenges you face

More about the Summit!