Microsoft Purview: RMS Connector Shifts to Certificate-Based Authentication

🚨 The Signal: The Microsoft Rights Management (RMS) connector now uses certificate-based authentication instead of shared secrets. This improves security by requiring administrators to configure their own Microsoft Entra app registration and certificate, eliminating Microsoft-managed secrets and enhancing control over authentication.

The Impact

Administrators are affected by a change requiring manual Entra app registration and certificate configuration, increasing security posture.

• Administrators: Must manually configure Microsoft Entra app registrations and certificates, increasing control over authentication.
• Security Teams: Benefit from improved security posture by moving away from shared-secret authentication.
• IT Operations: Need to plan for new PowerShell module usage for certificate configuration across workloads.

The Action

1. Plan to register a Microsoft Entra ID application.
2. Upload a certificate to the registered Microsoft Entra ID application.
3. Use the new PowerShell module to configure the certificate for each workload (Connector, Exchange, SharePoint, FCI).
4. Utilise new PowerShell cmdlets for certificate import, registry configuration, private-key permissions, and validation.

Domain: Purview · Impact: high · Workload: Microsoft Purview · Essential Eight: Restrict Administrative Privileges