AZURE AD Connect:Pass-Through Authentication

Using the same credential (username and password) to access your corporate resources and cloud based services ensures that users don’t have to remember different credentials. It reduces the chances that they forget how to sign in and has the benefit of reducing the involvement of help desk for password reset events.

While many organizations are comfortable with using Azure AD Password synchronization to provide users with a single credential to access on-premises and cloud services, other organizations require that passwords, even in a hashed form, do not leave their internal organizational boundary.

Azure AD pass-through authentication provides a simple solution for these customers. It ensures that password validation for Azure AD services is performed against their on-premises Active Directory. Passwords can be validated without the need for complex network infrastructure or for the on-premises passwords to exist in the cloud in any form.

When combined with the Single Sign on option, users do not need to type their password to sign in to Azure AD or other cloud services. This feature provides these customers with a truly integrated experience on their corporate machines.

Continue reading →

Azure RMS: file is not protected (HRESULT: 0x80070002)

Hi guys, after I set Azure RMS integrated with File Server I tried some scenario to make sure it is working or not. I got one issue where the file status in the sharing folder File server unprotected.

Then I tried troubleshoot using PowerShell:

powershell.exe -Noprofile -Command “<path>\RMS-Protect-FCI.ps1 -File ‘<full path and name of a file>’ -TemplateID <template GUID>”

and the result: Error protecting file (logo.jpg) HRESULT: 0x80070002

Continue reading →

AZURE RMS: Enable IRM in SharePoint Online

What is IRM?

Information Right Management in SharePoint enables you to limit the actions that users can take on files that have been downloaded from lists or libraries. IRM encrypts the downloaded files and limits the set of users and programs that allowed to decrypt these files. IRM can also limit the rights of the users who are allowed to read files, so that they cannot take actions such as print copies of the files or copy text from them.

You can use IRM on lists or libraries to limit the dissemination of sensitive content. For example, if you are creating a document library to share information about upcoming products with selected marketing representatives, you can use IRM to prevent the individuals from sharing content with other employees in the company.

On a site, you apply IRM to an entire list or library, rather than individual files. This makes it easier to ensure a consistent level of protection for an entire set of documents or files. IRM can thus help your organization to enforce corporate policies that govern the use and dissemination of confidential or proprietary information.

Continue reading →

AZURE RMS: Configure IRM in Exchange Online

What is IRM?

People often use email to exchange sensitive information, such as financial data, legal contracts, confidential product information, sales reports and projections, patient health information, or customer and employee information. As a result, mailboxes can become repositories for large amounts of potentially sensitive information and information leakage can become a serious threat to your organization.

To help prevent information leakage, Exchange Online includes Information Right Management (IRM) functionality that provides online and offline protection of email messages and attachments. IRM protection can be applied by user in Microsoft Outlook or Outlook Web App, and it can be applied by administrators using transport protection rules or Outlook protection rules. IRM helps you and your users control who can access, forward, print, or copy sensitive data within an email.

For this case I will give you step by step how to configure IRM in Exchange Online with Azure RMS so users are able to use Azure RMS templates when they are using Outlook Web App.

Continue reading →

AZURE AD: Deploy Cloud App Discovery Agent through Group Policy

Cloud App Discovery

In an enterprise environment Administrator sometime using Group Policy Management for deploying an application to client domain join devices, so what we need to do if we are want to deploy Cloud App Discovery Agent to client devices?

If you want to know what is Cloud App Discovery and how to deploy Cloud App Discovery manual you can see here:

https://fazarsusanto.wordpress.com/2016/10/22/azure-ad-cloud-app-discovery/

The Cloud App Discovery agent includes both an executable (.exe) and a certificate file (.cert) bundled in a zipped folder. Active Directory Group Policy requires a standard MSI installer.

Continue reading →

AZURE AD: Cloud App Discovery

Cloud App Discovery

Hi, it’s been 4 months after my last post. Now I’m posting about Cloud App Discovery which is one of Azure Active Directory Premium feature that enable you to discover cloud app applications that are uses by the employees in your organization.

Introduction

In modern enterprises, IT departments are often not aware of all the cloud applications that are used by the users to do their work. As a consequence of this, administrators often have concerns in conjunction with unauthorized access to corporate data, possible data leakage and other security risks inherent in the applications. Because they don’t know how many or which apps are used, even getting started building a plan to deal with these risks seems to be daunting.

You can address these concerns by using Cloud App Discovery.

Cloud App Discovery provide your IT department with visibility into all your organization’s business and consumer cloud apps. That makes it easier than ever to discover shadow IT in your organization, including details on usage patterns and any users accessing your cloud applications.

Continue reading →

AZURE RMS: CUSTOM PROTECTION ON FILE SERVER USING SCRIPT

Overview

Hi Folks, after I post about integrating Azure RMS with FCI: https://fazarsusanto.wordpress.com/2016/06/05/azure-rms-rms-connector-with-file-clasification-infrastructure-fci/ . Now I want to post about making automatic Azure RMS protection for non-MS Office Files.

(https://docs.microsoft.com/en-us/rights-management/rms-client/configure-fci)

Continue reading →