- You could track the name & identity of every individual that opened (or attempted to open) that document… as well as the time & location of the attempt
- You could self-destruct that document if you didn’t want it read any more because it contained old or confidential information
That’s called Document Tracking & Revocation, and it’s a shipping technology (in Public Preview) that comes with Azure Rights Management Services (ADRMS).
(And yes, you folks with Office 365 E3? You get all of this at no additional cost.)
Here’s some words from Dan Plastina, the long time god of Rights Management Services here at Microsoft:
The premise here is simple: You, the IT professional, have very little understanding of what constitutes good sharing, bad sharing, or even abuse of a sensitive document. It’s true. Many like you have said that you do not sit in front of monitors all day watching the several hundred documents leaving your organizations per hour (or second)! Don’t laugh, some vendors are in fact focused on building consoles for the IT staff where they show "document ABC.XLS was opened on an iPad by user Jane". While most of you perform data loss prevention (DLP) and monitoring (SIEM) in the broader parametric domain, you can’t monitor the specific flows of all documents.
The good news is that the users in your organization, those doing the sharing, are actually very well equipped to know both the intent and possible abuse of the documents they share. They are the ones – the only ones – that know which documents were meant for limited use but are being over-circulated (abused).
Simply stated, today we’ve extended our base document protection promise to now be these 4 core points:
- Your users can protect documents and share them both internally as well as with other businesses.
- They can limit who gets access to their documents and can set a document expiration date.
- The sender can (now) monitor the use, and thus abuse, of each of these documents shared using a variety of views.
- If the senders does not like what they see, they can (now) revoke access to the document regardless of where it is stored.
The last two promises are new as of today while the first two are the Azure RMS offer that has been in market for a while now.
Read more about this technology here:
- ANNOUNCEMENT: Welcome to Azure RMS Document Tracking
- VIDEO: Azure RMS Document Tracking and Revocation