RMS in Exchange 2007 SP1 ?!

April 28, 2008 By: Yann Espanet Category: Exchange 2007

When I started to test the beta of Exchange 2007, two Rights Management’s agents were in this beta and they could be used to protect email by automatically applied RMS template to emails ( Ex : Do not forward, or Do not print, …).

Microsoft Windows Rights Management Services (RMS) for Windows Server 2003 is an information protection technology that works with RMS-enabled applications to help safeguard digital information from unauthorized use—both online and offline, inside and outside of the firewall.

RMS augments an organization’s security strategy by protecting information through persistent usage policies, which remain with the information, no matter where it goes. Organizations can use RMS to help prevent sensitive information—such as financial reports, product specifications, customer data, and confidential e-mail messages—from intentionally or accidentally getting into the wrong hands.

In the beta of Exchange 12, the first agent was used to apply the Information Rights Management template based on rule’s content ( RMS Rule Agent) : for example you can use rules based on sender, destination, a keyword in the subject like “confidential”, …

The second agent was used to automatically pre-activate the content , so the users don’t need to be connected when he opened for the first time a protected email (Prelicensing agent  ) .

The exchange library used was Microsoft.Exchange.MessagingPolicies.RmSvcAgent, and in the beta version, two dll was needed : RightsManagementWrapper.dll and Microsoft.Exchange.MessagingPolicies.RmSvcAgent.dll

The only trace of this functionality is inside an Exchange 2007 HUB transport architecture poster that was issue during the beta where you can find in the Categorizer block the two transport routing agents :

RMS Exchange agent proof 

This feature have been removed from the RTM version, and Microsoft have said that the RMS function will be in the next service pack.

When the SP1 for Exchange have been available, I was very disappointed, because there was still now built-in implementation to automatically apply RMS template rule directly on the hub server.

Indeed, Microsoft re-introduce the AD RMS Prelicensing agent  in the Exchange 2007 SP1.
Source : Managing the AD RMS Prelicensing Agent

This functionality improves the offline and mobile device synchronization scenarios. In the offline scenario, when a user is running Outlook in cache mode, rights-protected messages are pre-licensed so that if a user opens the rights-protected message when the user is offline, the content is accessible. For mobile devices that synchronize with Exchange 2007, rights-protected messages that are synchronized to the devices running Windows Mobile 6.0 are pre-licensed.

I have done a presentation for the financial Luxembourg sector about using RMS to protect information when Exchange was in beta. During this presentation I have explained the benefit of using RMS to enforce paper policy (like do not forward email warning) or assigning deadline to information (for financial report). And the financial market seems to be interested in this type of solution.

With the RMS core server role in Windows 2008, Rights Management Services (RMS) which has been renamed Active Directory Rights Management Services (AD RMS) is not anymore only a service, and it seems to be part of the system, but there I still no information concerning the use of Rights Management Features with Exhange !

More information : RMS in Windows 2008

Comments are closed.