Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science

true-Xtended Reporting for Microsoft Azure RMS

advertisement 
keyon
true-Xtended Reporting
for Microsoft Azure RMS
Admin Manual
keyon AG
Schlüsselstrasse 6
8645 Jona
Switzerland
V1.10
Phone +41 55 220 64 00
Fax
+41 55 220 64 01
https://www.keyon.ch/
info@keyon.ch
Contents
1.
Introduction .........................................................................................................................................3
2.
Prerequisites ........................................................................................................................................3
3.
Installation ............................................................................................................................................4
4.
Use Cases .............................................................................................................................................6
5.
Upgrade Instructions ...................................................................................................................... 11
6.
Reference Material .......................................................................................................................... 11
Page 2
1. Introduction
true-Xtended Reporting for Microsoft Azure RMS is a powerful solution to visualize Azure RMS
meta data based on Splunk®. It enables to track user activities and usage trends, shows
document and template usage, identifies potential data leakage and much more in a powerful
yet simple UI.
true-Xtended Reporting is provided as freemium model. It consists of
Free of charge version
Provides basic functionality as described in this document
Premium version

Data aggregation from many sources (e.g. AD, databases,
etc.)

Additional diagrams (sunburst, map, etc.).

Role based diagrams (operations, audit, etc.)
Contact info@keyon.ch for details.
2. Prerequisites
1) Windows 7 SP1 / Windows Server 2008 R2 or above to run the provided script.
2) Ensure you have Windows PowerShell 4.0 installed.
(Details on how to install Windows PowerShell 4.0 can be found under
http://social.technet.microsoft.com/wiki/contents/articles/21016.how-to-install-windowspowershell-4-0.aspx)
3) Install Windows PowerShell for Azure Rights Management.
(See https://technet.microsoft.com/en-us/library/jj585012.aspx)
4) Enable logging of Azure RMS by following the steps described in
https://technet.microsoft.com/en-us/library/dn529121.aspx (according to Microsoft
blogs.technet.com/b/rms/archive/2016/01/25/ringing-in-the-new-year.aspx logging
should be enabled automatically by end of January 2016)
Page 3
3. Installation
In order to include the Azure RMS data in the Keyon Azure RMS Splunk app, the log files need
to be exported from Azure RMS, converted into a format better understood by the app, and
uploaded into Splunk. Keyon provides a PowerShell script to automate such tasks.
The script is provided with the app and can be found in the bin folder of the app. (e.g.
$SPLUNK_HOME\etc\apps\keyon_tX-Rep-RMS\bin\GrabAndConvertAzureRMSLogs.ps1).
Keyon recommends the following setup to automate the log import:
1)
In order to connect to Azure the script requires appropriate user credentials.
a) Set up a user in Azure accordingly.
b) Store the user password encrypted on the file system of the server so that the
PowerShell script can use it later.
I.
Start Windows PowerShell ISE with the Run as administrator flag.
II.
Change the directory to the folder containing the script, e.g.
cd “C:\Program Files\Splunk\etc\apps\keyon_tX-Rep-RMS\bin\”
III.
Execute the following command
Read-Host -AsSecureString | ConvertFrom-SecureString | OutFile .\AzureUserPassword.txt
IV.
2)
Enter the password of the user in the input field and click OK.
For better readability a mapping between the Azure RMS Template ID and a
description can be established. This step is optional. If there is no mapping, the
Template ID is displayed.
a) Open the lookup file azureRMSTemplate_lookup.csv located in the bin folder of
the app (e.g. C:\Program Files\Splunk\etc\apps\keyon_tX-RepRMS\bin\azureRMSTemplate_lookup.csv).
b) Start Windows PowerShell ISE with the Run as administrator flag.
c) Connect to Azure RMS with the PowerShell command
Connect-AadrmService and your credentials
d) Display all the templates with the PowerShell command Get-AadrmTemplate
e) For each Azure RMS template find out the corresponding ID and add a line with
the ID and the name separated by a comma to the lookup file
Example:
TemplateId,Name
ce1584ed-3033-4a43-a76b-5aed8594329d,Internal
6d9371a6-4e2d-4e97-9a38-202233fed26e,Confidential
f)
Save and close the lookup file
Page 4
3)
Create a scheduled task to periodically execute the log export and conversion.
(Details on how to create a scheduled task can be found under
https://technet.microsoft.com/en-us/library/cc748993.aspx).
a) Open the task scheduler
b) Select a task folder, e.g. create a new one called “keyon”.
c) Right click on the folder and choose Create Basic Task…
d) Choose a name, e.g. “Azure Log Export”, and description. Click Next
e) Choose the trigger. Keyon recommends a daily schedule with execution during
times of low load, e.g. during the night.
f)
Choose Start a program and click Next.
g) For program/script enter PowerShell
Set Add arguments (optional) to -NoProfile -NoLogo -NonInteractive ExecutionPolicy Bypass -File GrabAndConvertAzureRMSLogs.ps1 userName <username> -logPath <myfolder> -templateFilePath
<templateFilePath>
Where <username> is the name of the Azure user for the log export , <myfolder>
is the path to the folder where the logs are stored, <templateFilePath> is the
path to the .csv file that contains the names for the Azure RMS template (optional)
Example:
-NoProfile -NoLogo -NonInteractive -ExecutionPolicy Bypass -File
GrabAndConvertAzureRMSLogs.ps1 -userName
admin@company.onmicrosoft.com -logPath C:\data -templateFilePath
"C:\Program Files\Splunk\etc\apps\keyon_tX-RepRMS\bin\azureRMSTemplate_lookup.csv"
Set Start in (optional) to the folder containing the Script (e.g. C:\Program
Files\Splunk\etc\apps\keyon_tX-Rep-RMS\bin\).
h) Finish the task.
4)
i)
Open the properties dialog for the newly created task.
j)
Choose Run whether user is logged on or not, check Do not store password. The
task will only have access to local computer resources. and then click OK.
Set up Splunk to monitor the converted logs:
a) Log into Splunk using an admin user.
b) Select Settings -> Add Data -> Monitor -> Files & Directories.
Set the File or Directory to the folder containing the converted logs (default is
C:\temp\AzureRMSLogs\Splunk)
Click Next.
c) Set Source type to Select and choose Custom -> AzureRMS.
d) Set App Context to tX Reporting for Microsoft Azure RMS.
e) Click Review.
f)
Click Submit.
Page 5
4. Use Cases
The app provides various reports based on the Azure RMS log data.
At the top of the app you find the Time Range selector. The values selected here apply to all
reports.
Available Reports:
1)
The User Activity report shows the number of active users over the selected time
range. The report can be tailored to your needs by selecting specific Request Types.
2)
The Trend report shows a trend calculated over 30 days for the number of active
users.
Page 6
3)
The Admin Activity report shows the number of active administrators over the
selected time range. The report can be tailored to your needs by selecting specific
Request Types.
4)
The Total Active Users report shows the total number of unique active users over
the selected time range.
5)
The Success Access Requests report shows the relationship of access requests that
were successful or failed over the selected time range.
Page 7
6)
The Access Denied by User report shows how many access requests were denied
by user over the selected time range.
7)
Page 8
The User Activity report shows how many times access was granted or denied by
user for a specific contentid over the selected time range. The contentid is an
identifier assigned to a document that was protected by Azure RMS.
8)
The Active Users report shows a list with active users (email address) over the
selected time range.
9)
The Template Usage report shows how many times RMS templates are used over
the selected time range. The RMS templates are represented by the GUID assigned
to the template by Azure RMS. The name of the RMS template can be show
alternatively.
Page 9
10)
The Template Usage report shows the distribution of the template usage by a
specific user over the selected time range. The RMS templates are represented by
the GUID assigned to the template by Azure RMS. The name of the RMS template
can be show alternatively.
11)
The Top Applications report shows the distribution of applications which have been
used to process RMS protected documents over the selected time range.
Page 10
12)
The Top Operating System report shows the distribution of operating systems
which have been used to process RMS protected documents over the selected time
range.
5. Upgrade Instructions
No upgrade provided yet.
6. Reference Material
-
Page 11
Related documents
Windows Azure Active Directory Overview
Windows Azure Active Directory Overview
Getting Started - Microsoft Azure Platform Academic 150 day Pass.ppt
Getting Started - Microsoft Azure Platform Academic 150 day Pass.ppt
About true-Xtended Reporting for Microsoft Rights Management
About true-Xtended Reporting for Microsoft Rights Management
Open Source In State and Local Government - Mil-OSS
Open Source In State and Local Government - Mil-OSS
Creating Storage Account Using Azure Resource Group
Creating Storage Account Using Azure Resource Group
Letter - Bells Line of Road temporary speed limit change – due to
Letter - Bells Line of Road temporary speed limit change – due to
CloudBrew 2013- Connecting IoT
CloudBrew 2013- Connecting IoT
Windows Azure Websites
Windows Azure Websites
Quiz #2 Genomics and Bioinformatics
Quiz #2 Genomics and Bioinformatics
Download
advertisement