The RMS client then creates a certificate that includes a policy for the document that includes the usage rights for users or groups, and other restrictions, such as an expiration date.This is a random key using AES symmetric encryption algorithm and Once the encryption is done this key will be added to the header of the document. When RMS policies applied to this document, it will first encrypt the data using a unique key called content key (Green key).
Let’s take the same cola formula scenario to explain the protection process.
It just makes data unreadable to anyone other than authorized users by encrypting them. A key fact of AIP is that data never leaves or is stored in Azure as part of the protection process. It is important to understand how Azure RMS works and I’m referring Microsoft TechNet to explain this. Azure RMS enables you to share documents within the organization and outside the organization such as suppliers, partners, and dealers, it can be described as following: This is built on top of AD RMS with simplified capabilities to encrypt and protect emails and office documents. It can be used to create policies to prevent forward, save, print and read/write. Let’s try to understand the evolution of Azure RMS to Azure Information Protection Microsoft Azure RMSĪzure RMS is more about protecting Office 365 Emails from unauthorized use. Azure Information Protection is evolved from Azure RMS with additional features to a complete document protection product. Azure Information Protection is a cloud-based solution from Microsoft which will protect documents and emails by classifying and labeling according to the rules and permissions defined by the organization or by users themself.Īzure Information Protection, AIP is kind of new to your ears, but you might be familiar with the terms such as Rights Protection, AD RMS, Azure RMS. Information Protection can be defined as protecting sensitive data throughout its life cycle inside and outside the organization.