Updated: July 11, 2020 (October 8, 2012)
Charts & IllustrationsProtecting Content with RMS
Rights Management Services (RMS) uses encryption to protect content from unauthorized users. Shown here is a simplified view of an RMS system in which the sender of an e-mail message (top) protects that message so that it is accessible only by another RMS user, the intended recipient (bottom).
The major components of the system are as follows:
RMS-enabled applications such as Outlook work with RMS to encrypt and decrypt protected content and enforce restrictions placed on the content (e.g., “cannot print” or “cannot forward”).
RMS servers distribute content encryption keys in the form of licenses. RMS servers also issue digital certificates to authenticate users, devices, applications, and other participants in the RMS system so that protected content can be decrypted and opened only by authorized participants.
Active Directory is used to authenticate users and computers to RMS so that they can receive their RMS certificates initially. Identities from federated providers, such as a Microsoft Account, can also be used.
Atlas Members have full access
Get access to this and thousands of other unbiased analyses, roadmaps, decision kits, infographics, reference guides, and more, all included with membership. Comprehensive access to the most in-depth and unbiased expertise for Microsoft enterprise decision-making is waiting.
Membership OptionsAlready have an account? Login Now