![]() However, if you use your own internal CA to deploy the server certificates for RMS, you must take additional steps to install the root CA certificate on the mobile devices. When you purchase your server certificates from a public CA, such as VeriSign or Comodo, it's likely that mobile devices will already trust the root CA for these certificates, so that these devices will trust the server certificates without addition configuration. Mobile devices must trust the PKI certificates on the RMS server (or servers) For instructions, see the Configuring AD FS for the AD RMS mobile device extension section in this topic. AD FS must be configured for the mobile device extension. Forms-based authentication is not supported you must use Windows Integrated Authentication Important: AD FS must be running a different computer from the computer running AD RMS and the mobile device extension.įor documentation about AD FS, see the Windows Server AD FS Deployment Guide in the Windows Server library. If the AD RMS servers are behind a firewall or published by using a reverse proxy, in addition to publishing the /_wmcs folder to the Internet, you must also publish the /my folder (for example: _).įor details about AD RMS prerequisites and deployment information, see the prerequisites section of this article.ĪD FS deployed on your Windows Server: - Your AD FS server farm must be accessible from the Internet (you have deployed federation server proxies). The AD RMS servers must be configured to use SSL/TLS with a valid x.509 certificate that is trusted by the mobile device clients. The account that you will use to install the mobile device extension must have sysadmin rights for the SQL Server instance that you're using for AD RMS. AD RMS must be using a full Microsoft SQL Server-based database on a separate server and not the Windows Internal Database that is often used for testing on the same server. RequirementĪn existing AD RMS deployment on Windows Server 2019, 2016, 2012 R2, or 2012, that includes the following: - Your AD RMS cluster must be accessible from the Internet. Prerequisites for AD RMS mobile device extensionīefore you install the AD RMS mobile device extension, make sure the following dependencies are in place. Use your internally developed AIP-enlightened apps that were written by using the MIP SDK.īe sure to read and configure the prerequisites before you install the mobile device extension.įor additional information, download the "Microsoft Azure Information Protection" white paper and accompanying scripts from the Microsoft Download Center.Use an AIP-enlightened PDF viewer for cross-platform viewing or to open PDF files that were protected with any AIP-enlightened application.Use the Azure Information Protection app to open protected email messages (.rpmsg) and protected PDF files on Microsoft SharePoint.Use the Azure Information Protection app to open an Office file (Word, Excel, PowerPoint) that is a PDF copy (.pdf and.Use the Azure Information Protection app to open any file that has been generically protected (.pfile format).Use the Azure Information Protection app to consume protected image files (including.Use the Azure Information Protection app to consume protected text files in different formats (including.For example, users can do the following on their mobile devices: ![]() This lets users protect and consume sensitive data when their device supports the latest API-enlightened apps. You can download the Active Directory Rights Management Services (AD RMS) mobile device extension from the Microsoft Download Center and install this extension on top of an existing AD RMS deployment. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |