Monthly Archives: August 2013

Introducing Windows Azure AD Rights Management (AADRM)

Organizations that are interested in taking advantage of the Rights Management features available in volume licensed versions of Microsoft Office have a new deployment option available:

Windows Azure AD Rights Management (AADRM).

Release Date

AADRM is already available through the Office 365 portal for organizations that are already using Online Services such as Exchange Online and SharePoint Online. The Office 365 E3 SKU is required, and the Office Professional Plus SKU must be used to right-protect content with RMS.

AADRM “stand-alone” is expected to be generally available in the early fall of 2013 and will enable organizations to deploy a highly available RMS infrastructure without the infrastructure or implementation costs of standing it up on premise. It will feature a connector that allows you to connect it with on-premise Exchange and SharePoint servers even if you do not use any other Office 365 service.


Pricing is set at $2/user/month for users who need the ability to protect content. It is free to view content that has been RMS protected.


There are at least two major benefits that I can tell from AADRM:

1) Organizational sharing is implied among all Office 365 tenants. If you use RMS to protect a document and you send it to another organization who also uses Office 365, they can view that document. This is an advantage over on-premise RMS which requires an ADFS trust.  Eventually, AADRM will allow you to share with Google IDs (CY14).

2) At GA release in the fall of 2013, AADRM will allow for any type of document to be protected by RMS, not just Office documents.


AADRM will not be a perfect fit for all organizations.

  1. Companies that still have Windows XP, Vista, or versions of Office prior to 2010 will need to use AD RMS on-premises and then perhaps migrate to Azure RMS later when their clients have been upgraded.
  2. AADRM is limited to two templates that cannot be customized (“Company Confidential” and “Company Confidential Read Only”). If you need to create custom templates, you need to deploy AD RMS on-premises.

In any case, whether you deploy to the cloud or on-premise, all scenarios require a volume licensed copy of Office. The OEM SKU  (“professional”) that comes bundled from the hardware manufacturer cannot create RMS content.

Mobile Client Support
  • Windows 7.5 and 8 devices natively support RMS
  • Android and iOS devices can support RMS through Nitrodesk Touchdown 7.3
  • Blackberry devices can view RMS content with RMS Viewer
OSX Support

Max OSX v10.5 (Leopard) or later and Office for Mac 2011 Volume License. Non-volume license copies can read RMS but cannot protect content.

RMS Concepts

RMS Whitepaper (July 2013)

Azure RMS Pricing

RMS Prerequisites

RMS Team Blog

Azure RMS on Technet

How RMS protects documents

RMS Best Practices Guide

IRM Deployment Guide in Office for Mac 2011

RMS Forum

RMS Troubleshooting Guide

Linux runs faster on Windows Azure than Amazon or Rackspace Openstack!

I recently reviewed a detailed comparison of the top 5 IaaS cloud providers and it listed Windows Azure as having the best overall value (both in cost and performance).

The interesting thing about the comparison is they used a benchmarking tool called Unixbench running on Ubuntu linux.

The irony of a Linux distribution running better on a Windows cloud platform than Rackspace Openstack which itself uses linux is just too awesome not to highlight and draw attention to!!

The full article is here and I highly recommend it.