Documentation | Support

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
General System Settings > Services > Configuring Microsoft RMS
Configuring Microsoft RMS
Administrator Help | Forcepoint DLP | Version 8.4.x
Use the Microsoft RMS tab of the Settings > General > Services page to configure Forcepoint DLP to decrypt and analyze Microsoft Office files that were encrypted by Azure RMS or Active Directory (AD) RMS on Windows endpoints. This includes files found on Windows endpoints (discovery) or sent via any endpoint channel.
Office files that are protected by Microsoft RMS include Word, Excel, PowerPoint and other Office documents created in Office 2007 or later, such as those ending in docx and pptx.
The system uses logged-in user credentials to access the Microsoft RMS server. In case of errors, the transaction is permitted without analysis and the error is recorded in a log file.
By default, this setting is disabled.
To enable RMS decryption, select Enable RMS decryption, then click OK.
The RMS file detection feature has the following prerequisites:
1.
The endpoint machine must be in your organization's domain.
2.
Azure Active Directory/Office 365 single sign-on (SSO) must be configured and working. Users must be able to RMS-protect a document without a login request.
3.
Either Rights Management Service Client 2.1 or Microsoft Rights Management Sharing application must be installed on the endpoint machine.
4.
For Azure AD/Office 365 SSO, Microsoft Online Services Sign-In Assistant must be installed on the endpoint machine.
5.
Microsoft RMS predefined templates must have Copy and Extract Content permissions.
6.
Make sure that the following Forcepoint DLP predefined policies are not configured to block breaches, because they block the RMS client communication to the RMS server:
*
Encrypted Files - Unknown Format (Script)
*
Encrypted Files - Unknown Format (Wide)
By default, these policies are set to monitor. If they are enabled, false positive incidents for RMS communication appear in the Security Manager.
To view RMS-related incidents in the Data Security module of the Security Manager, navigate to the Main > Reporting > DLP > Incidents - Last 3 days page. The Forensics tab shows when the detected breach was an RMS-protected file.
To determine whether RMS decryption and analysis is active or inactive, check the Main > Status > Endpoint Status page.

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
General System Settings > Services > Configuring Microsoft RMS
Copyright 2017 Forcepoint. All rights reserved.