Documente Academic
Documente Profesional
Documente Cultură
Agenda
Information Leakage Problem
AD RMS History
Whats New in CY09
With
Demos
Q&A
Identity
Protect everywhere,
access anywhere
s
ce
Ac
on
Management
to:
Block Enable
Cost Value
Siloed Seamless
USB Drive
Independent
Consultant
Mobile Devices
Partner
Organization
Information Leakage
Is Costly On Multiple Fronts
Firewall Perimeter
Access Control
List Perimeter
Authorize
d
Users
Authorize
d
Users
Authorize
d
Users
Unauthorize
d
Users
Authorize
d
Users
Info
rm
Lea ation
kag
e
Unauthorize
d
Users
AD RMS Is A Content-Based
Solution
Policy
Policy
AD RMS Workflow
Publishing and Consumption
SQL
AD
DS
and CLC
RMS
Auth
or
Recipie
nt
4
4
UL
3
3
1
1
RAC CLC
2
2
PL
6
6
RAC CLC
Client
Out-of-band installer for
RMS Client (v1, v1 SP1, v1
SP2) on Windows XP and
WS2003
Microsoft Solutions
Office 2003 (Outlook,
Word, Excel, PowerPoint)
Internet Explorer Add-On
(RMA)
Client
AD RMS client integrated in
Windows Vista and WS2008
Microsoft Solutions
Windows Mobile 6 integration
Office 2007 (+InfoPath)
XPS Viewer
SharePoint 2007 (Doc libraries)
Exchange 2007 SP1
(Prelicensing)
Client
AD RMS client integrated in
Windows 7 and WS2008 R2
Microsoft Solutions
Exchange 2010
AD RMS Bulk Protection
Tool
WS2008 R2 FCI integration
Partner Solutions
Partner Solutions
PDF and other file formats & Blackberry support Gigatrust,
Liquid Machines
CAD file format - Dassault Systems
Classification - Titus Labs
Secure Content Mgmt - Workshare
RSA DLP
PDF solution - Foxit
Secure Content Mgmt
OpenText
* Each consecutive release on this slide includes features from the prior re
Consisten
cy
Ensure identical
deployments
Automate common tasks
Flexibility
Customer Ask #1
PowerShell
for deployment
Deployment
and support
Administration
and admin
demo
AD RMS Administration
Publishing organization
maintains full control of
content
Groups defined by publishing
organization
Enable secure external
collaboration
Consistent end user experience
when working with internal and
external users
Control
access
Simplify
collaborati
on
Customer Ask #2
WS2008
introduced
federation support
Secure
External
Collaboration
via AD FS Need to individually
identify external users when
protecting information
WS2008 R2 supports protecting to
publishing org (internal) groups that
include external users No need to
individually identify external users
AD
AD
Fabrikam
Fabrikam
Contoso
Contoso
Bob
projec
projec
tX
tX
11
ADFS
FS-R
ADFS
FS-A
WebSSO
4
6
5
3
RMS
10
Alic
e
Bob
2
PL
9
1
RAC CLC
13
RAC CLC
12
UL
Streamline
end-user
experience
Enable
automatic
protection
Integrate
seamlessly
with IT
infrastructure
Seamless
protection
OWA
support
Customer Ask #1
Prelicensing
support
enables offline
Streamline
End-user
Experience
demo
Client End-user
Access Experience:
Server (CAS)
uses
Streamline
RMS Integration
In
OWA: Details
Superuser privileges to decrypt
Prelicensed use license (UL) used to
determine rights to enforce
Rights enforcement concerns in the
browser mitigated by enabling the
feature for a specific set of users (at
mailbox policy level)
Enable
automatic
protection
Automatically
Automatic
Protectionprotect e-mails in transit
via Exchange transport rules
Automatically protect e-mails in
Outlook 2010 (through an add-in)
Automatically protect private
voicemails through Exchange Unified
Messaging (UM)
demo
Rules agent
stamps
x-org
header
Automatic
Protection:
Through
Transport
Rules:in eDetails
mail with RMS template GUID
Encryption agent applies RMS
template to e-mail and attachments
on onRouted Transport Agent event
Office 2003 and above file formats
(Word, Excel, PowerPoint) and XPS
attachments also get automatically
protected
Extensible to other file formats through
Outlook
2010 add-in
rules
Automatic
Protection:
Through(small-scale
Outlook Protection
Rules
engine)
Mitigates concerns of Exchange admin
or host accessing sensitive mail
Rules
Context only: Senders department,
recipients identity, recipients scope
(internal/external)
Retrieved by add-in from CAS through
Exchange Web Services (EWS) API
demo
UM admin
can allow
incoming
Automatic
Protection:
Through
Unified Messaging
demo
Enable
e-discovery
Allow
scanning of
protected
e-mails
Customer Ask #3
Enables
e-discoveryIntegration
via journal
Seamless
IT Infrastructure
decryption
Enables anti-malware and other
scenarios (such as adding a
disclaimer) at hub transport via
transport decryption and re-encryption
Seamless
Journal
ReportIT Infrastructure
Decryption
Decryption
Agent
Integration: Journal
Archive/Journal
demo
demo
Enable
automatic
protection
Integrate
seamlessly
with IT
infrastructure
Recover RMS-protected
documents
Help in e-discovery efforts
Bulk
decryptio
n tool
Customer Ask
Bulk encryption
Safeguard existing sensitive information
Can be integrated with WS2008 R2 File
Classification Infrastructure (FCI) to
classify and automatically RMS-protect
files on the file server
2
2
3
3
4
4
1
1
c
FCI
FCI
Classify
Classify
Mgmt
Mgmt Task:
Task:
AD
AD RMS
RMS
Protect
Protect
5
5
c
User creates a file
marketing.docx on
Windows server 2008
R2 file server
File Classification
Infrastructure (FCI)
classifies file as
sensitive based on
content analysis
(keyword/RegEx)
and/or folder location
(e.g., Business Impact
= High)
Automated File
Management Task
invokes AD RMS Bulk
Protection Tool to
automatically RMSprotect the file (restrict
access to Full-Time
Employees only)
demo
Microsoft
Microsoft AD
AD
RMS
RMS
RSA DLP
R&D
R&D
Department
Department
Marketing
Marketing
Department
Department
Others
Others
View,
View, Edit,
Edit,
Print
Print
View
View
No
No Access
Access
Find
Find IP
IP documents
documents
Apply
Apply IP
IP AD
AD RMS
RMS
template
template
IP
Policy
R&D department
Marketing department
Endpoints:
Laptops/Desktops
File Shares
SharePoint
Othe
rs
Intellectua
l Property
(IP)
template
Client
Out-of-band installer for
RMS Client (v1, v1 SP1, v1
SP2) on Windows XP and
WS2003
Microsoft Solutions
Office 2003 (Outlook,
Word, Excel, PowerPoint)
Internet Explorer Add-On
(RMA)
Client
AD RMS client integrated in
Windows Vista and WS2008
Microsoft Solutions
Windows Mobile 6 integration
Office 2007 (+InfoPath)
XPS Viewer
SharePoint 2007 (Doc libraries)
Exchange 2007 SP1
(Prelicensing)
Client
AD RMS client integrated in
Windows 7 and WS2008 R2
Microsoft Solutions
Exchange 2010
AD RMS Bulk Protection
Tool
FCI integration
Partner Solutions
Partner Solutions
PDF and other file formats & Blackberry support Gigatrust,
Liquid Machines
CAD file format - Dassault Systems
Classification - Titus Labs
Secure Content Mgmt - Workshare
RSA DLP
PDF solution - Foxit
Secure Content Mgmt
OpenText
* Each consecutive release on this slide includes features from the prior re
More Information
AD RMS TechNet TechCenter [Link] and Documentation
Roadmap [Link]
Exchange 2010 and AD RMS Integration [Link]
AD RMS Bulk Protection Tool Download [Link]
WS2008 R2 FCI Website [Link]
RSA DLP Website [Link]
MSIT Deployment
AD RMS Deployment [Link]
FCI and AD RMS Bulk Protection Tool Deployment [Link]
RSA DLP and AD RMS Deployment [Link]
Blogs
AD RMS Product Team Blog [Link]
Jason Tyler Blog [Link]
(Jason is a Senior Support Escalation Engineer for AD RMS)
Q&A
Resources
www.microsoft.com/teched
www.microsoft.com/learning
http://microsoft.com/techne
t
http://microsoft.com/ms
dn
Complete an
evaluation on
CommNet and enter
to win an Xbox 360
Elite!
2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S.
and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must
respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information
provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.