Generic Protection for non-Office files

• When you generically protect a file, unauthorized people cannot open the file. But after authorized people open the file, they could then forward it unprotected to other people or save it in a location that others could access. They do, however, see a message that tells them what permissions they have for the file, and they are asked to honor these, but this protection cannot be enforced. In addition, when you generically protect a file, you cannot restrict the permissions further than authorization. For example, you cannot restrict the content to view-only, or do not print.
• A generically protected file always has a file name extension of .pile

Native Protection for Office files

• The protection applies to the file even if the file is then sent to somebody else or saved in another location. And, when you protect these files, you can use restrictive permissions such as read-only, or the permission to edit but not print or copy. For example, you could select Viewer – View Only, so that the content cannot be edited, printed, or copied.
• When you share a protected file by email (share protected), the RMS sharing application automatically creates a. ppdf version of the file for Word, Excel, PowerPoint, or PDF. This is a read-only protected version of the file that only authorized people can open, and it ensures that the recipients can always read the attachment, even if they are using a mobile device that doesn’t have an application that natively supports Rights Management. Provided these people have the RMS sharing app installed, they will be able to read the attachment.
• In this scenario, unlike a generically protected file, usage restriction is enforced. The recipient will not be able to save this version of the fileand if they forward the attachment to somebody else, the original restrictions remain with the document. Only people that were authorized for the protected document will be able to open it.
• A pdf file is automatically created when you share protected (share by email) but is not created when you protect in-place

Protect files anywhere

• When a file is saved to a location (protect in-place), the protection stays with the file, even if it is copied to storage that is not under the control of IT, such as a cloud storage service.

Share files securely by Email

• When a file is shared by email (share protected), the file is protected as an attachment to an email message, with instructions how to open the protected attachment. The email text is not encrypted, so the recipient can always read these instructions. However, because the attached document is protected, only authorized users will be able to open it, even if the email or document is forwarded to other people.

Audit and Monitor usage

• You can audit and monitor usage of your protected files, even after these files leave your organization’s boundaries.
• For example, you work for Contoso, Ltd. You are working on a joint project with 3 people from Fabrikam, Inc. You email these 3 people a document that you protect and restrict to read-only. Azure RMS auditing can provide the following information: i. Whether the people you specified in Fabrikam opened the document, and when. ii. Whether other people that you didn’t specify attempted (and failed) to open the document—perhaps because it was forwarded or saved to a shared location that others could access. iii. Whether any of the specified people tried (and failed) to print or change the document.

Support all devices

• Windows computers and phones
• Mac computers
• iOS tablets and phones
• Android tablets and phones

Support Business to Business Collaboration

• If your Business Partner already has an Office 365 or an Azure AD directory, collaboration across organizations is automatically supported. If they do not, users can sign up for the free RMS for individual’s subscription.

Create flexible and simple policies

• Customized rights policy templates provide a quick and easy solution for administrators to apply policies, and for users to apply the correct level of protection for each document and restrict access to people inside your organization.
• For example, for a company-wide strategy paper to be shared with all employees, you could apply a read-only policy to all internal employees. Then, for a more sensitive document, such as a financial report, you could restrict access to executives only.

Meets all Regulatory and Security requirements and Certifications

• Use of industry-standard cryptography and supports FIPS 140-2
• Support for Thales Hardware Security Modules (HSMs) to store your tenant key in Microsoft Azure data centers. Azure RMS uses separate security worlds for its data centers in North America, EMEA (Europe, Middle East and Africa), and Asia, so your keys can be used only in your region
• ISO/IEC 27001:2013 (includes ISO/IEC 27018)
• SOC 2 SSAE 16/ISAE 3402 attestations
• HIPAA BAA
• EU Model Clause
• FedRAMP as part of Azure Active Directory in Office 365 certification, issued FedRAMP Agency Authority to Operate by HHS
• PCI DSS Level 1