Microsoft Rights Management – Three Different Options to Best Fit Your Information Needs and Budget

Microsoft has three different levels of functionality around controlling access to critical intellectual property with rights management. 

Here is a quick summary of Microsoft's Rights Management offerings:

1) Rights Management Service for Office 365

Included in the E3 Service

This option is for those who want base level security and the ability to keep documents that are stored in the cloud secure. It does not protect documents stored locally on a file share, but there is a connector available for Exchange and SharePoint.

• Protects content that is stored in Office 365 and connector for on premises SharePoint and Exchange
• Encryption for Office and PDF files       
• Generic and native file protection using the RMS Sharing Application

2) Azure Information Protection Premium Plan 1

Included in the licensing packages of EMS E3, and SPE E3*

This option is for those who need to protect documents stored both in the cloud and on premises.  For this option, users are required to take an action to manually protect the documents or documents can be protected in mass by a policy created and managed by an administrator.  

• Everything included with the Office 365 E3 bundle
• Manual classification and protection of Office documents using the AIP client 
• Protection for content stored on a Windows File Server
• Ability to track and revoke access to a document

3) Azure Information Protection Premium Plan 2

Included in the licensing packages of EMS E5 and SPE E5*

This option is for those who wants their security to always be implemented as Plan 2 allows for automation. With Plan 2, you can automatically classify your documents based on the rules an Administrator implements so you never have to worry about an end-user forgetting to encrypt a critical document.

• Everything in Automatic Information Protector Plan 1
• Automatic classification of documents needed to be protected, i.e. a document with a credit card number included in it would be encrypted automatically
• Hold your own key for encryption 

Summary Chart:

¹ Some Office 365 subscriptions also include data protection using Microsoft Azure RMS. For information on those Office 365 subscriptions and the data protection capabilities they include, refer toAzure Information Protection licensing datasheet.

² Azure subscription required to use configured key for Bring Your Own Key (BYOK).

³ Currently, you can also use this free subscription to help protect documents and create new email messages with enhanced protection. However, the ability to author new protected content is intended for trial use only and might be removed in the future.

⁴ Includes activating/deactivating the service, onboarding controls for a phased deployment, usage logging, super user capability for eDiscovery and data recovery, bulk protect/unprotect of files.

What do the acronyms stand for?

• EMS is the acronym for Microsoft’s Enterprise Mobility + Security Suite which is sold in both an E3 and E5 versions 
• SPE is the acronym for Microsoft Secure Productive Enterprise Suite which is sold in both an E3 and E5 versions 

Need help deciding which package is best for your needs? 
We are here to help!  Contact us today.