Azure Rights Management with EMS vs. RMS with Office 365

Back to Blog

Azure Rights Management with EMS vs. RMS with Office 365

The purpose of Azure Rights Management Services is to allow users to encrypt certain files and messages for sharing safely only with those colleagues and business associates whom they choose. You can obtain Azure RMS licensing separately or with an EMS subscription, but if you have an Office 365 E3 plan (or E4 or E5), then you’ve already got access to the features necessary for enabling stuff like Email encryption and Information Rights for SharePoint Online & OneDrive for Business. With Rights Management enabled for Office 365, a user is able to “tatoo” files or messages before sending them outside of the organization. The protections are impressed on and travel with the data itself, even when it leaves the boundaries of your network (e.g., your own servers or your Office 365 tenancy).

However, it is important to note that there are some differences in the various Azure RMS offerings.  As we saw with Mobile Device Management, small-to-mid-sized businesses might find everything they need within, for example, an E3 plan.  However, it is important to note the items that will not be included by default, unless you upgrade to a premium subscription or EMS.

At the time of this writing, it appears that the main features we’re missing from the Office 365-included version are:

  • The ability to integrate Azure RMS with local file servers (but it will work natively with files & messages created from within Office 365 apps & services; you can also get a connector to integrate with on-premises Exchange & SharePoint servers)
  • The ability to track usage of documents, and also to revoke access to documents previously granted

As long as you are okay living without the above features, then Office 365 is going to be good enough. Most SMB’s are not utilizing these great security mechanisms yet, but I urge my customers to take a closer look.



Comments (2)

  • Joe Wescott Reply

    I am a CSP in Massachusetts and I was hoping to bounce a question off of you regarding Azure RMS and Office365 Email Encryption. Is it possible to add Azure RMS to Office 365 Business Essentials seats? I am trying to do Office 365 Email Encryption with a customer. If not, is there another way to do this?

    April 23, 2017 at 11:33 am
    • Alexander Reply

      When you go to the “Billing > Purchase Services” option in the portal, this product is now called “Azure Information Protection Plan 1.” I almost exclusively do Enterprise plans, but I don’t see why this wouldn’t work. Azure Information Protection / RMS is a standalone product that can even be enabled for on-premises Exchange servers, for example.

      April 23, 2017 at 11:49 am

Leave a Reply

Back to Blog

Helping IT Consultants Succeed in the Microsoft Cloud

Have a Question? Contact me today.