RMS Account

A Rights Management services (RMS) account is an account that Cloud App Security requires to be granted the ability to access Azure RMS protected files shared in SharePoint Online, OneDrive, and Microsoft Teams (Teams). Azure RMS protects your organization's sensitive information from unauthorized access and controls how this information is used. It uses the Windows Azure Active Directory Service to enforce access restrictions on files.


Cloud App Security no longer supports provisioning RMS accounts. It is recommended that you provision a Microsoft Information Protection (MIP) account instead. The MIP account allows Cloud App Security to not only scan encrypted files, but also scan encrypted emails and apply sensitivity labels to files. For details, see MIP Account.

If you have already provisioned an RMS account, Trend Micro recommends you migrate to a MIP account.

If you have provisioned both the RMS and MIP accounts, Cloud App Security uses only the MIP account and you can remove the RMS account.

After provisioning a SharePoint Online, OneDrive, or Microsoft Teams service account, Cloud App Security leverages the RMS account to obtain a tenant key to access files in a SharePoint or OneDrive list or library that gets RMS protection. In this way, it can then get access to and scan the content for ATP and DLP policy enforcement when users upload, create, synchronize, or modify the files.

For more information on Azure RMS, see https://docs.microsoft.com/en-us/information-protection/.