Azure Rights Management with EMS vs. RMS with Office 365Alex Fields
The purpose of Azure Rights Management Services is to allow users to encrypt certain files and messages for sharing safely only with those colleagues and business associates whom they choose. You can obtain Azure RMS licensing separately or with an EMS subscription, but if you have an Office 365 E3 plan (or E4 or E5), then you’ve already got access to the features necessary for enabling stuff like Email encryption and Information Rights for SharePoint Online & OneDrive for Business. With Rights Management enabled for Office 365, a user is able to “tatoo” files or messages before sending them outside of the organization. The protections are impressed on and travel with the data itself, even when it leaves the boundaries of your network (e.g., your own servers or your Office 365 tenancy).
However, it is important to note that there are some differences in the various Azure RMS offerings. As we saw with Mobile Device Management, small-to-mid-sized businesses might find everything they need within, for example, an E3 plan. However, it is important to note the items that will not be included by default, unless you upgrade to a premium subscription or EMS.
At the time of this writing, it appears that the main features we’re missing from the Office 365-included version are:
- The ability to integrate Azure RMS with local file servers (but it will work natively with files & messages created from within Office 365 apps & services; you can also get a connector to integrate with on-premises Exchange & SharePoint servers)
- The ability to track usage of documents, and also to revoke access to documents previously granted
As long as you are okay living without the above features, then Office 365 is going to be good enough. Most SMB’s are not utilizing these great security mechanisms yet, but I urge my customers to take a closer look.