A Rights Management services (RMS) account is an account that Cloud App Security requires to be granted the ability to access Azure RMS protected files shared in Office 365 services. Azure RMS protects your organization's sensitive information from unauthorized access and controls how this information is used. It uses the Windows Azure Active Directory Service to enforce access restrictions on files.
In this release, the RMS feature applies to only SharePoint Online and OneDrive for Business.
After provisioning a SharePoint Online Delegate Account, Cloud App Security leverages the RMS account to obtain a tenant key to access files in a SharePoint or OneDrive list or library that gets RMS protection. In this way, it can then retrieve and scan the content for ATP and DLP policy enforcement when users upload, create, synchronize, or modify the files.
For more information on Azure RMS, see https://docs.microsoft.com/en-us/information-protection/.