Skip Navigation
  1. BlackBerry Docs
  2. BlackBerry Enterprise Mobility Server 3.7
  3. Configuring the BlackBerry Docs service
  4. Steps to configure the Docs service
  5. Managing Repositories
  6. Configuring Docs for Rights Management Services

Configuring
Docs
 for Rights Management Services

Active Directory
 Rights Management Services (AD RMS) and
Entra
-IP RMS from
Microsoft
 allows documents to be protected against access by unauthorized people by storing permissions to the documents in the document file itself. Access restrictions can be enforced wherever the document resides or is copied or forwarded to. For documents to be protected with AD RMS or
Entra
-IP RMS, the app that the document is associated with must be RMS aware. For more information about AD RMS and
Entra
-IP RMS, visit Comparing Azure Information Protection and AD RMS.
For this release,
BEMS
 doesn't support both the AD RMS and
Entra
-IP RMS in the same environment.
Support for RMS protected documents is provided through two methods:
  • In
    Docs
     and
    BlackBerry Work
    , support for RMS protected documents is provided through the
    Microsoft Office Web Apps
     and
    Office Online
     Server with viewing and editing enabled through the
    BlackBerry Access
     browser. Note that while
    BlackBerry Access
     browser is a
    BlackBerry Dynamics
     app with all the secure features it provides, it has only partial support for RMS features. 
  • In
    BlackBerry Work
    , support for RMS protected documents is provided directly in
    BlackBerry Work
     and through
    BlackBerry Work
The following table compares the features of RMS protected documents in
BlackBerry Work
 and through
BlackBerry Access
. These features require a client that is RMS aware.
RMS protected documents directly in
BlackBerry Work
RMS protected documents through
BlackBerry Access
Features
  • View protected documents directly in
    BlackBerry Work
    .
  • Protect unprotected documents in
    BlackBerry Work
    .
  • Change permissions for documents in
    BlackBerry Work
    .
  • Upload a new file and save it as protected. 
View and edit protected documents in
Docs
 and
BlackBerry Work
 through the
BlackBerry Access
 browser.
Security
Users can save what is on screen as a web clip and this screenshot file can be shared with other
BlackBerry Dynamics
 apps. Mitigation is to disable web clips in the
BlackBerry Access
 policy.
  • Share the
    Microsoft Office Web Apps
     or
    Office Online
     Server URL that is used to render the document viewing or editing with other
    BlackBerry Dynamics
     apps. The URL expires in thirty minutes but during this time, other
    BlackBerry Dynamics
     apps might be able to access it without any authentication. For example, if it is shared with
    BlackBerry Work
    , the URL can be emailed to others. If it is shared with a
    BlackBerry Dynamics
     app that allows printing, then the page that is rendered might be printed. Mitigation would be to enable user agent in the
    BlackBerry Access
     policy and then use it to create filtering rules in the
    Microsoft Office Web Apps
     or
    Office Online
    Server so that only
    BlackBerry Access
     is able to access the URL. The
    Microsoft
     IIS URL Rewrite extension can be used to create the rules.
  • Users can save what is on screen as a web clip and this screenshot file can be shared with other
    BlackBerry Dynamics
     apps. Mitigation is to disable web clips in
    BlackBerry Access
     policy.
  • When editing a document, by default, copy and paste of content would be possible by default polices only within the
    BlackBerry Dynamics
     secure container environment. Ensure that the protection provided is adequate given these limitations and satisfies your RMS protection requirements before enabling this support.