Key learnings from our customers Data privacy is important and is often mandated Regulatory requirements are on the rise IT must ‘reason over data’ as they do high value services Point to point encryption fails them today Peer to Peer federation is not practical or scalable There has to be a better way The perimeter is fading… Mobile workforces, BYOD, outsourcing, virtual orgs Many models of data protection polices are more reactive We need data to be born encrypted and to maintain a persistent protection Waiting for the “ultimate data protection solution” is tempting … yet data is leaking now

Secret Cola Formula Water HFCS Brown #16 Secret Cola Formula Water HFCS Brown #16 Use Rights + ProtectUnprotect Rights Management 101 Usage rights + symmetric key stored in file as ‘license’ License protected by customer owned RSA key File is protected by its own, unique AES symmetric key.

PC/DEVICE LOCAL PROCESSING Use Rights + Rights Management 101 File content is never sent to the RMS server/service. RMS-enlightened apps enforce rights Apps use the SDK to communicate with the RMS service/servers File content is never sent to the RMS server/service. Use Rights +

Activate RMS in Office 365 admin console

Office apps integrates with RMS

Office 365 (Exchange) integrates with RMS Powerful rules-based policies can enforce the automatic application of RMS to and documents that include sensitive information. Protect SharePoint document libraries with on- exit protection of documents Enforce Data Loss Protection policies in with content scanning including attachments

Office 365 (Exchange) integrates with RMS A simple yet powerful rules generation experience with pre-canned templates makes it easy to quickly implement and provision data protection policies

Office 365 (SharePoint) integrates with RMS

Traditional Collaboration via P2P Trust

Using Azure AD as the Trust Fabric

Cn (common name)jdoe displayNameJohn Doe accountEnabledTrue objectSID (sync ID) E2 DB 08 EA EE CC 4F CF A pwdLastSet Z sourceAnchor (for Licensing)NyWoidInKk2S4xtxK+GsbQ== usageLocation (for Licensing)DE

Overview: Cloud Ready, Accepting, & Reluctant Azure RMS topologies Available Now CY16+ Available Now Limited O365 Integration Sync only 3 PII properties

Brad uses Share Protected

The document is sent with instant revocation

Bob receives an with the document

Bob opens the document

Brad wants to track the document

Looks like Bob shared the document with Mary, but she couldn’t open it. Brad sends the document to Mary himself. Brad wants to track a document he sends to his staff Brad reaches the Document Tracking site

29 Brad tracks a document he sends to his staff

Summary View

31 Timeline View

32 Map View

33 Brad wants to revoke the document

Microsoft Confidential - EU RMS User Group / Oct

Brad picks up a file for redaction

Marks the relevant text for Redaction

Chooses the right template

Saves the file as a PDF file, and sends it.

John’s view (redacted copy)

Kayla’s view (after authentication)

INTRODUCING Enterprise Data Protection A DIFFERENT APPROACH Corporate vs personal data identifiable wherever it rests on the device Protects data at rest, and wherever it rests or may roam to Seamless integration into the platform, No mode switching and use any app Prevents unauthorized apps from accessing business data IT has fully control of keys and data and can remote wipe data on demand Common experience across all Windows devices with cross platform support

Roam and share Enterprise data

For more information visit: microsoft.com/rms For latest updates follow on