true-Xtended Reporting
for Azure Rights Management
www.keyon.ch, info@keyon.ch
V1.1c
About Microsoft Rights Management
• Rights Management is a solution for organizations that want
to classify and protect their data in today's challenging
working environment (on-prem, in the cloud, on mobile devices)
• Comprehensive technology to protect confidential data across
major platforms (Windows, iOS, Mac OS X, Android, Linux)
• Security is intrinsically tied to the data, independent of any
technology used for data at rest or data in motion
• Flexible management of users and roles (joiners / movers /
leavers / deputies / auditors / legal investigators)
About Secure Islands IQP
• Extends the capabilities of the Microsoft RMS
• Protection any classification of any file-types
• RMS enlightening of any application
• Classification of data
• Automation of classification and security processes
• Automated protection for Web Applications or File Shares
• Automated protection based on content specific patterns
• Comprehensive User GUI
Secure Islands has been acquired by Microsoft by end of 2015
About tX Reporting for MS RMS
• true-Xtended Reporting for Microsoft Azure RMS is a
powerful solution to visualize Azure RMS meta data based on
Splunk®
• Many dashboards are available
• track user and RMS related activities
• shows document and template usages,
trend lines and much more
• shows the success rate of users who
tried to get access to documents
• identifies potential data leakage
Licensing model
• tX Reporting for Azure RMS is available as freemium version
• Free of charge:
• Splunk App with PowerShell scripts
• Basic reports based on Azure RMS logs
• Premium version:
• Splunk App with PowerShell scripts and true-Xtended Data Engine
• Extended reports based on Azure RMS logs and other sources (e.g. AD, DB)
• Advanced diagrams (sunburst, maps, etc.).
• Role based access control (operations, audit, etc.)
Availability
• The free version of tX Reporting for Azure RMS can be
downloaded as Splunk App
• From the Splunkbase
https://splunkbase.splunk.com/app/3040/
• From Keyon
https://www.keyon.ch/en/Produkte-Loesungen/Microsoft-ADRMS/tX-Rep-RMS/index.php
https://www.keyon.ch/de/Produkte-Loesungen/Microsoft-ADRMS/tX-Rep-RMS/keyon_tX-Rep-RMS.zip
Dashboards explained
• The Time Range selected here applies to all reports
Dashboards explained
• The User Activity report shows the number of active users over the selected time
range. The report can be tailored to your needs by selecting specific Request
Types
• Acquire License
• Decrypt
• Certify
• Etc.
Dashboards explained
• The Trend report shows the 30 day moving average about the RMS usage based
on the user activities
Dashboards explained
• The Admin Activity report shows the number of active administrators over the
selected time range. The report can be tailored to your needs by selecting
specific Request Types
• Add Template
• Update Template
• Get Configuration
• Etc.
Dashboards explained
• The Total Active Users report shows the total number of unique active users over
the selected time range
Dashboards explained
• The Success Access Requests report shows the relationship of access requests
that were successful or failed over the selected time range.
Dashboards explained
• The Access Denied by User report shows how many access requests were
denied by user over the selected time range.
Dashboards explained
• The User Activity report shows how many times access was granted or denied by
user for a specific contentid over the selected time range. The contentid is an
identifier assigned to a document that was protected by Azure RMS.
Dashboards explained
• The Active Users report shows a list with active users (email address) over the
selected time range
Dashboards explained
• The Template Usage report shows how many times RMS templates are used
over the selected time range. The RMS templates are represented by the GUID
assigned to the template by Azure RMS. The name of the RMS template can be
show alternatively.
Dashboards explained
• The Template Usage report shows the distribution of the template usage by a
specific user over the selected time range. The RMS templates are represented
by the GUID assigned to the template by Azure RMS. The name of the RMS
template can be show alternatively.
Dashboards explained
• The Top Applications report shows the distribution of applications which have
been used to process RMS protected documents over the selected time range.
Dashboards explained
• The Top Operating System report shows the distribution of operating systems
which have been used to process RMS protected documents.
Premium version
Insight into the premium version of
true-Xtended Reporting for Azure RMS
Scope, Application area
• Business reporting
• Distribution and usage of classified / RMS protected documents
• Policy violation by OU, location or any other attributes
• Legal investigation / Audit
• Policy violation by user, OU, location or any other attributes
• User activities by time, location, or any other attributes
• Extended reports based on other data sources (e.g. DLP, E-Mail, other
systems)
• Operations, incident management
Architecture, technical processes
• true-Xtended Reporting for MS RMS – Data Engine
• Collects log-files and events from many
sources, especially from Microsoft AD-RMS,
Azure RMS and IQ Protector
• Enriches log-files and events from further
sources (e.g. AD, LDAP, DB’s, DLP Systems,
other Applications)
• Periodically copies enriched log-files and
events into Splunk
• Data collection and reports can be customized
Microsoft
IQProtector
Microsoft
AD-RMS or
Azure RMS
AD / LDAP / DB
DLP
Keyon /
tX-RT
Any
Applications
Splunk
Premium Dashboards explained
• Depending on the availability of additional data the user activities can be related
to e.g.
• organizational units
• countries
• etc.
Q&A
Thank you for your attention
www.keyon.ch, info@keyon.ch