Microsoft Purview: Information Protection - Rights Management connector – Certificate-based authentication

🚨 The Signal: The Microsoft Rights Management (RMS) connector now uses certificate-based authentication instead of shared secrets. This improves security by requiring administrators to configure their own Microsoft Entra app registration and certificate, eliminating Microsoft-managed secrets and enhancing control over authentication.

The Impact

Security and Identity teams are affected, reducing the risk of credential compromise for the RMS connector.

• Security Teams: Reduced risk from shared secret compromise.
• Identity Teams: New process for Entra app registration and certificate management.
• Compliance Teams: Improved alignment with secure credential management policies.

The Action

1. Register a new Microsoft Entra application for the RMS connector.
2. Upload a certificate to the newly registered Microsoft Entra application.
3. Install or upgrade the RMS connector using the new PowerShell module.
4. Utilise new PowerShell cmdlets to configure the certificate for each workload (Connector, Exchange, SharePoint, FCI).

Domain: Purview · Impact: high · Workload: Microsoft Purview · Essential Eight: Restrict Administrative Privileges · ISM: ISM-0445, ISM-1175, ISM-1380, ISM-1507, ISM-1508, ISM-1509, ISM-1647, ISM-1648, ISM-1650, ISM-1686, ISM-1688, ISM-1689, ISM-1883, ISM-1897, ISM-1898