How to Migrate AD RMS to AIP?
Active Directory Rights Management Services (AD RMS) is a product that is widely used by enterprises to provide admins the capability to control what users can do with files and data, such as preventing users from printing documents or forwarding emails. It has been a part of Windows Servers since 2003 and is one of the front-line protections for data, even when it leaves the organization’s boundaries. Over the years, organizations are beginning to realize that an on-premises AD RMS implementation is growing in complexity, especially when there is a need to collaborate across organizations or support mobile devices. In this article, we will focus on migrating AD RMS to Azure Information Protection (AIP), a cloud-native solution that is built on the capabilities of AD RMS.
How Is AD RMS Migrated to AIP?
The migration of AD RMS to AIP is done in five phases that are often performed by different admins at different times.
-
Preparing for Migration
- The first step is to extract the details of the tenant’s Azure Rights Management service URL. This value can be identified using PowerShell commands in the AIPService module.
- Depending on the number of users, admins might have to use onboarding controls and deploy pre-migration scripts to segregate users into batches.
- If the migration is done in phases, and the Information Rights Management might have to be reconfigured on Exchange Online or Exchange Server, depending on the type of deployment.
-
Configuring AD RMS on Server Side and Client Side
- Configuration data, such as keys, templates, and URLs, are exported from AD RMS to an XML file to the Azure Rights Management service from Azure Information Protection using the Import-AipServiceTpd PowerShell cmdlet.
- Configuration data, such as keys, templates, and URLs, are exported from AD RMS to an XML file to the Azure Rights Management service from Azure Information Protection using the Import-AipServiceTpd PowerShell cmdlet.
- Depending upon the AD RMS key configuration, an appropriate migration method has to be chosen. This could include a software-protected key to software-protected key migration, an HSM-protected key to HSM-protected key migration, or a software-protected key to HSM-protected key migration.
- Activate the Azure Rights Management service and change the status of the imported rights policy templates to ‘published’ in the Azure classic portal.
- Once the server-side configuration is complete, the Windows computers on the client-side can be migrated from AD RMS to the Azure Rights Management service.
-
Configuring Supporting Services
- Configure the IRM integration to complete the AD RMS migration for Exchange Online, so that it can use the Azure Rights Management service. Deploy the Rights Management connector if on-premises Exchange or SharePoint Servers have to use the Azure Rights Management service.
-
Post Migration Activities
- Once the Windows computers are using the Azure Rights Management service, the AD RMS server can be de-provisioned.
- To complete the client migration tasks, the SRV records in DNS that redirect mobile devices such as iOS phones and iPads, Android phones and tablets, Windows phones and tablets, and Mac computers to use AD RMS should be removed.
Apps4Rent Can Help with AD RMS to AIP Migration
As a software as a service solution, Azure RMS in AIP is simpler than that of AD RMS. In most deployments, it does not require any on-premises infrastructure and is easier to manage and scale. Additionally, it minimizes capital expenditure and the expertise required to manage the deployment. However, migrating from AD RMS to AIP still requires technical expertise for enterprises.
As a Microsoft Gold Partner for Cloud Platform and Cloud Productivity, Apps4Rent can help enterprises migrate from legacy on-premises infrastructure to Azure cloud services. Call, chat, or email Apps4Rent Azure specialists, available 24/7 for assistance.
Looking for help with Azure?
Our Azure experts can help you.
