Microsoft Azure RM

Azure Active Directory Updates, and they are awesome

First of all, lets summarize what just happened

  • Azure Active Directory Application Proxy just went into General Availability
  • Azure Active Directory Premium is now available for all Office 365 customers either in Direct or through MOSP
  • Azure Active Directory received four enhancements.
    • Administrative Units – Public Preview
    • New SSO capabilities for SaaS apps – Public Preview
    • Password writeback enters General Availability
    • Security questions for Self-Service Password Reset – Public Preview

Read the official blog post here

Azure Active Directory Application Proxy (AADAP)

Recently I blogged about this topic, read more here. Basically what AADAP does it to create a proxy application in the cloud that allows you to connect to your internal on-premises application in a secure matter. This is a great tool if we don’t have a publication platform on-premises today.

Azure Active Directory Premium in Direct/MOSP for Office 365

We now have Azure AD Premium available for direct online purchase, using a credit card, in the Office 365 admin portal (you do not need to be an existing Office 365 customer to buy). This opens a new world of features for the SMB market!

Azure Active Directory – Administrative Units

We can now delegate administrative access to Azure AD. In this release it’s only available through PowerShell. The consept is that we can for instanve have Global Admins as before, but we can now also have Regional Admins. Within their region they can manage users, devices, applications and policies.

Azure Active Directory – Custom additon of SaaS applications

If we search for an SaaS application, and it’s not available, we can add the application as a unlisted app, and then configure SSO as we like.

Azure Active Directory – Password writeback enters GA

This isn’t something new, but it’s released into GA. This means that we can use this in production with good confidence. Note that this feature require Azure AD Premium.

Azure Active Directory Password Reset – Security Questions

We have now the posibility to add security questions as one of the authentication methods when users need to change their password. The value of this is that the user don’t need ther phone or alternative email address available when resetting.

Azure Rights Management and external users

Rights management is extremely important! The last thing you want is that a document with business critical information is lost.

Azure Rights Management is an easy way to get a few steps more secure. In this blog post, I will show how you can get started yourself, and how to send a protected document to an external user that do not have Azure Rights Management.

For demonstration purposes, I will use a fictive food restaurant that I just opened, Anders Food 14. Our domain name will then be Should be good enough to get through this post.

As this is an Office 365 tenant, enabling Azure RM is just a few clicks away.

While singed in to the Office 365 admin center, click Service Settings, and then Rights Management.
Note: This post was written before the graphical update of the Office 365 Admin Center, but the steps in this post is still valid 🙂


There, click Manage, and you are sent to this page


There you simply click Activate, and then confirm it by clicking activate once more.


You are now aboard, and your tenant is ready to use Azure Rights Management. If you need to create custom Rights Management templates you also need an Azure subscription, but to get started you should be good with only Office 365 for now.


The next step is to try this out. Open Word, and make sure you are signed in using the corporate account. In my case, I’m signed in using

I like to protect my documents even before I start adding content. Click File, and on the Info tab, locate a button named Protect Document. If you click that one, you get a new menu with an option named Restrict Access. Hover that one, and if this is your first time, you can select Connect to Rights Management Servers and get templates.


Now, you are ready to protect the document. Click Protect Document, then Restrict Access again.. For the purpose of this blog post, select Restricted Access. Add the email address of an external contact in the Read field and click OK.


SetDocumentPermissions - Safe


Add some secret information, and save the document. In my case, I will add a new menu that we will release later this summer.


After the document is saved, give it to the external contact, along with this URL: (Microsoft Rights Management) is a site where you can sign up for a free Azure RM account that you can use to DRM proterct your files and documents. If you use Azure RM to protect your documents, your recipients have to use Azure RM their self, or they can get a free account from this service to be able to open them.

I have not enabled my private address for Azure Rights Management yet, so when I try to open the document, I get this message.


I could have signed in using my account here, or I could request access to the document using another account. I already know that I need to use my private address, so to solve this case, I go to the Microsoft Rights Management portal, and begin the sign up process.

SignUpGetStarted - Safe

I’m now sent to a form that needs filling. When that’s done, I click Create.

RegisterAccount - Safe

A verification email is now sent to my address.

EmailVerificationSendt - Safe

When it arrives, I verify by clicking the link.


When that’s done, I get a Thank you message, and I’m ready to open the document.


Well, try opening the file again, and this time click Change User, and sign in with the email and password you created during the Microsoft Rights Management sign up request.

Whola. You and your contact are now in, and ready to secure every document.