3. ERYEM est spécialisé dans l’accompagnement, la conception et le développement de solutions innovantes
autour des technologies Microsoft Office 365 et Azure.
Migration d’applications vers Azure
Développement d’applications métiers
Solutions mobiles et chatbots
Migrations vers Office 365
Accompagnement du changement
Applications métiers et mobilité
www.eryem.com
4. Agenda
Au menu :
Comment activer RMS ?
Comment configurer RMS ?
Intégration avec Office
Intégration avec SharePoint
Intégration avec Exchange
7. Les briques de sécurité Office 365
RMS
Rights Management Services
DLP
Data Loss Prevention
Security Score
Recommandation d’un plan de sécurisation
Cloud App Security
Monitoring des apps cloud et sécurisation
ATP
Exchange Advanced Threat Protection (ATP)
MDM
Mobile Device Management
Customer Lockbox
Confidentialité des données
Firewalls,Proxy,Antivirus…
9. Objectifs de RMS
Protéger les données des services et
applications Office 365 :
• Emails
• Documents
• Contenus confidentiels
Partager des données en sécurité, dans, et en
dehors de l’organisation
Définir des droits et politiques de sécurité sur
les contenus publiés ou partagés, en interne
comme en externe.
12. Et par PowerShell
1-
2-
3- Enter your Office 365 Global administrator
credentials.
4-
5-
Import-Module aadrm
Connect-aadrmservice –Verbose
Enable-aadrm
Disconnect-aadrmservice
13. Comment attribuer les droits ?
To add a role-based administrator for Rights Management, at the prompt, type the
following command and press Enter, where user@domainname is the email
address of a user or a group:
Alternatively, you can specify the group name as follows:
To view a list of role-based administrators for Rights Management, at the prompt
type the following command and press Enter:
Add-AadrmRoleBasedAdministrator –EmailAddress “user@domainname”
Add-AadrmRoleBasedAdministrator –SecurityGroupDisplayName “Sales Dept”
Get-AadrmRoleBasedAdministrator
15. Protecting Office Content with RMS
There are two methods for providing content protection using Rights Management
in Office:
• Templates: These contain predefined rights that can be applied to provide IRM
protection for content.
The following templates are provided in Microsoft Office 2013:
• Company Confidential: This template allows users to read and modify the content, but does
not allow them to print or copy the document content.
• Company Confidential Read Only: This template allows users to only read the content, but
does not allow them to edit, print, or copy the document content.
• User defined rights: These settings enable you to configure more granular
control of content access.
Users can apply their own usage rights and specify which users and groups
they apply to.
18. En synthèse
Office support for Rights Management
• Office Pro Plus 2013 and Office 2010 – supported
• Office 2007 – not supported
Office Professional Plus 2013 Client Configuration
• Install Office and login with Office 365 credentials
Office 2010 Client Configuration
• Install Office
• Install RMS sharing application
• Login with Office 365 credentials
Protecting Office Content with Rights Management
• Templates
• User defined rights
20. RMS Integration with Exchange Online
Users will often send email messages which contain sensitive data, such
as legal documents, employee and payroll information, sales reports, and
confidential product details.
Accidentally leaking sensitive information such as this can have very
serious ramifications for your company.
To help mitigate this risk, Exchange Online provides IRM capabilities to
protect these sensitive email messages and their attachments.
21. Enable IRM Services with Exchange Online
1. Activate Rights Management
2. Connect to Exchange Online Using Remote
PowerShell
a) Enter your Office 365 Global administrator credentials.
b) Ouvrir une session Exchange Online
Set-ExecutionPolicy RemoteSigned
$UserCredential = Get-Credential
$Session = New-PSSession –ConfigurationName Microsoft.Exchange –
ConnectionUri "https://ps.outlook.com/powershell" -Credential $UserCredential -
Authentication Basic -AllowRedirection
Import-PSSession $Session
22. Enable IRM Services with Exchange Online
3. Configure the RMS Online Key Sharing Location
Set-IRMConfiguration –RMSOnlineKeySharingLocation
“https://sp-
rms.eu.aadrm.com/TenantManagement/ServicePartner.svc”
Location RMS key sharing location
North America https://sp-rms.na.aadrm.com/TenantManagement/ServicePartner.svc
European Union https://sp-rms.eu.aadrm.com/TenantManagement/ServicePartner.svc
Asia https://sp-rms.ap.aadrm.com/TenantManagement/ServicePartner.svc
South America https://sp-rms.sa.aadrm.com/TenantManagement/ServicePartner.svc
Office 365 for Government
(Government Community Cloud)
https://sp-rms.govus.aadrm.com/TenantManagement/ServicePartner.svc
(1)
23. Enable IRM Services with Exchange Online
4. Import the Trusted Publishing Domain from RMS Online
5. Enable IRM in Exchange Online
6. Test the IRM Configuration :
a) To test IRM Configuration for Exchange Online:
b) This test checks connectivity from Exchange Online to RMS Online service, obtains your
organization’s Trusted Publishing Domain, and verifies that it is valid:
Import-RMSTrustedPublishingDomain -RMSOnline –name “RMS
Online”
Set-IRMConfiguration -InternalLicensingEnabled $True
Test-IRMConfiguration -RMSOnline
Test-IRMConfiguration –Sender user@domainname
24. Apply IRM to Emails in Outlook Web App
After you configure and enable IRM for use with Exchange Online, your users can start to apply
IRM policies to their email messages in Outlook and Outlook Web App.
When a user uses IRM to protect an email message, any IRM-supported attachments are also
protected.
When a user sends an email message in Outlook Web App, they will see a new option on the …
menu, called set permissions. This new menu item provides the following IRM templates that
users can select from:
• No Restrictions: As the name suggests, this has no IRM restrictions associated with it.
• Do Not Forward: This allows a recipient to read the message, but they cannot forward it, print it,
or copy content from it.
• Company name – Confidential: This specifies that the message content is proprietary
information and is intended for internal consumption only. The content may be modified but it
cannot be copied or printed.
• Company name – Confidential View Only: This is the same as above except that the content
is readonly and therefore cannot be modified either.
31. En synthèse
Enable IRM Services in Exchange Online
1. Enable Rights Management in Office 365
2. Connect to Exchange Online with Remote PowerShell
3. Configure RMS Online Key Sharing Location
4. Import TPD from RMS Online
5. Enable IRM in Exchange Online
6. Test IRM configuration
Apply IRM to emails in OWA
Administrator-defined IRM in Exchange Online
• Transport protection rules (Outlook and OWA)
• Outlook protection rules (Outlook)
36. Thank you for your attention!
This presentation will be available on the
SharePoint Days web site after the
event.
Merci de votre attention !
Cette présentation sera disponible sur le site internet
de SharePoint Days, après l’événement.
37. SVP évaluez ma session!
Complétez le sondage et courez la chance
de gagner un cadeau lors du tirage de clôture
Please rate this session!
Fill out the survey and get a chance to win a Gift