No RMS templates are available in your organization

By David | June 21, 2018 | Comments 27 comments

Problem:

When configuring a transport rule for ‘Apply Office 365 Message Encryption and rights protection to the message with…” you receive the following error when attempting to select a label:

“No RMS templates are available in your organization”

Solution:

You need to configure Exchange Online for RMS. See below for powershell commands:

#Configure Credentials
$cred = Get-Credential

# Configure Exchange Online PS Session
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $Cred -Authentication Basic –AllowRedirection

# Import Exchange Online PS Session
Import-PSSession $Session

# Configure the RMS Online Key Sharing Location (Note that this url changes based on location – See the bottom of this article for locations)
Set-IRMConfiguration –RMSOnlineKeySharingLocation “https://sp-rms.eu.aadrm.com/TenantManagement/ServicePartner.svc”

# Import the RMS Trusted Publishing Domain
Import-RMSTrustedPublishingDomain -RMSOnline -name “RMS Online”

# Test the IRM Configuration to ensure that Exchange is configured correctly
Test-IRMConfiguration -RMSOnline

The output of this command should look something like this, with the overall result as PASS.
Results : Checking organization context …

– PASS: Organization context checked; running as tenant administrator.
Loading IRM configuration …
– PASS: IRM configuration loaded successfully.
Checking RMS Online tenant prerequisites …
– PASS: RMS Online tenant prerequisites passed.
Checking RMS Online authentication certificate …
– PASS: The RMS Online authentication certificate is valid.
Checking that a Trusted Publishing Domain can be obtained from RMS Online …
– PASS: Trusted Publishing Domain successfully obtained from RMS Online. Templates available:
Confidential \ All Employees, Highly Confidential \ All Employees, Secure Email.
Checking that the Trusted Publishing Domain obtained from RMS Online is valid …
– PASS: Trusted Publishing Domain obtained from RMS Online is valid.

OVERALL RESULT: PASS

# Set the IRM Internal Licencing to True
Set-IRMConfiguration -InternalLicensingEnabled $true

Give Exchange Online 20 minutes to see the update and you should then be able to see the Templates.

Global policy issue:

Currently there is a bug with Exchange Online not being able to see labels that are NOT included in the ‘Global’ Azure Information Protection Policy. This is being investigated by Microsoft at the time of writing this article.

RMS Key Sharing Location URLs:

North America
https://sp-rms.na.aadrm.com/TenantManagement/ServicePartner.svc

European Union
https://sp-rms.eu.aadrm.com/TenantManagement/ServicePartner.svc

Asia
https://sp-rms.ap.aadrm.com/TenantManagement/ServicePartner.svc

South America
https://sp-rms.sa.aadrm.com/TenantManagement/ServicePartner.svc

Office 365 for Government (Government Community Cloud)
https://sp-rms.govus.aadrm.com/TenantManagement/ServicePartner.svc

[amazon_link asins=’1509304789,1509304797,B07DFPMXX9′ template=’ProductGrid’ store=’412294wp-21′ marketplace=’UK’ link_id=’cfcdc236-7528-11e8-809a-dfacb79ea481′]

Password Managers – Be Safer Online.

By David | May 26, 2017 | Comments 0 Comment

I created this Article about Password Managers back in 2015 and published it to a well known Tech Forum called Experts Exchange. The Article is still relevant so I’ve decided to publish it on my blog as well. Happy Reading.

A brief insight into online Password Managers – Be Safer Online.

A few customers have recently asked my thoughts on Password Managers. As Security is a big part of our industry I was initially very hesitant and sceptical about giving a program all of my secret passwords. But as I was getting asked about them more and more I decided to trial one so I could offer a better opinion. The one I decided to trial was called ‘LastPass’. It came highly recommended from a couple of my Web Developer friends who now use it for every website that requires some form of login!

In addition to the recommendation I did some research on the program to give me a little more confidence and understanding – I suggest reading a few reviews prior to jumping into anything.

What is a Password Manager?

A password manager is a program that helps a user to better manage and organise their passwords for online accounts. Most Password managers store your passwords and then encrypts them. The programs then require the user to enter a Master Password to decrypt them before they can be access.

What is the benefit of having a Password Manager?:

If you’re anything like me you will have lots of online logins, then over time this can become difficult to manage. I found myself trying multiple login credentials on sites before finding the one that works, eventually getting there but sometimes I would have to do a password reset.

Using a Password Manager takes away this problem. All you have to do is remember the one password and the program does the rest.

Getting Starter – The Master Password:

The first thing that a Password Manager will ask you to do is to create a ‘Master Password’. This is the password that you will use to access the program and the access your ‘Password Vault’ (where your passwords are kept). Because this is the password that allows you to access your other online accounts I would highly suggest making this as Complex as possible. The password needs to be completely unique and not used anywhere else – I can’t stress this enough. Make sure that you remember this password. If you forget it you will not be able to access your account.

Master Password tips:

– Make the password as long as possible. At least 12 Characters long would be a good goal.

– The password should contain Lower and Upper case letters

– The password should contain Numbers (0-9)

– The password should contain Special Characters – e.g. £ * ( ) $

– The password must be Unique

First thoughts:

I started using the program for some of sites that I don’t really care about – Mostly online games and a couple of forums etc. I found it was easy to add the sites to the ‘Password Vault’ and it replicated to all of my other devices (PC/Mobile/Laptop) where LastPass was installed. One great feature is that when you’re logged into LastPass and visit a site that you’ve saved it will auto-complete the login fields for you – Saves time which is great and stops the ‘which password is this’ problem.

Boosting my online security with The ‘Security Challenge:

LastPass has a built-in ‘Security Challenge’ which ranks you based on the type of usernames and passwords that you’ve used on the stored online sites. My rating was pretty low. This didn’t surprise me much as the sites I’d stored were of little importance so wasn’t using any of my secure passwords. What did surprise me is that it gave me an option to visit the site and change the password to something randomly generated and more secure.

I visited a couple of my ‘weak’ sites and let the program generate a new random/secure password which boosted my security rating and technically made me safer online. The password was then saved into the password vault and again updated to all of my other machines that had the program on.

An example of one of the automatically generated passwords is: !dDOoDgLs8Jp

Why Random passwords are such a good thing:

A lot of the people that I speak with tend to have one or two passwords for everything that they use online. The reason that this is a problem is because if an attacker gained access to one of your accounts then they could potentially use the information to get into any of your other online accounts.

For example:

Say you register on a website to play an online game. You register with your normal email address and password. One week later the website is hacked and your username and password are in the hands of a hacker. I can almost guarantee that these people will try your username and password on other well-known sites to see if they can get in… They will try accessing your facebook, email, twitter etc. I know this because if I was a hacker, I would do the same.

There are literally hundreds of cases where people’s lives have been ruined because they’ve used the same password everywhere. The random password generator solves this problem. With the random password, if my details where leaked that could try accessing any of my accounts but because all the passwords are different they will fail.

After the trial:

Since trying LastPass I’ve added most of my online accounts into it and I’m now using it on all of my devices. I’ve updated my passwords on various sites to improve the security and I’m happy that everything can be managed from one place. The program also allows me to create various sub folders in the Password Vault so that I can easily find any details I may need in the future. Another nice feature is that if I want to I can share my login details with other LastPass users which gets around the sending passwords via email problem.

Other Password Managers:

There are plenty of other Password Managers to choose from. As I said previously, I used LastPass because it came recommended and I was happy with the features that it offered. I would advise you to have a look at the others on the market before making a decision on using one. The features on most of the Password Managers are very similar but some do offer more than others. For example, one feature that I would like to see on LastPass is fingerprint authentication for the mobile devices, this is something that others offer.

Unable to update Windows 10 with DESlock+ Full Disk Encryption (FDE) enabled

By David | May 11, 2017 | Comments 0 Comment

Problem:

Unable to install the latest build of Windows 10 when DESlock+ Full Disk Encryption (FDE) is enabled on the System Disk.

When installing it brings up an error stating:
Disable encryption to continue or run windows setup with the /reflectdrivers command-line option

Background:

As Security is a big portion of what I do, I have both my Work and Home Windows 10 machines Encrypted with FDE. Its definitely overkill for my home PC but it serves a purpose on my work machine. I can sleep happily knowing that if the machine is ever stolen – They’re not getting to my data. It’s probably also worth mentioning that I recommend having FDE in place for businesses.

Resolution:

I used the following article to get round it:
https://support.deslock.com/index.php?/Default/Knowledgebase/Article/View/379

You need to Download the Media Creation tool, save an ISO and then install the DESlock+Win10Update utility:
https://support.deslock.com/resources/KB379/DESlock+Win10Updater.exe

When the Utility Runs, you need to point it at the mounted Win10 ISO. It will then complete the upgrade as normal.

What is Encryption? and how can it help to better secure your data against theft and loss.

By David | September 30, 2016 | Comments 0 Comment

The purpose of this article is to introduce you to the concept of Encryption and how it can be used to better secure your data in the event that it is lost or ends up in the wrong hands.

What is Encryption?

Encryption is the term for the process of encoding information in a way that only those authorised to access it, can read it. Encryption is the most effective way of securing your data.

How does Encryption Work?

Basically, Encryption works by scrambling the original information with a very long digital key or password. For anyone without this key, the information appears as gobbledygook and is inaccessible. Those who authenticate with the key or password can unlock the information and view it as intended.

What can I encrypt?

Pretty much anything, including:

• Removable Media

• Single Folders and Files

• Entire Hard Drives

• Emails

• Mobiles Devices

Why should I Encrypt?

The main reason to encrypt your data, is to protect it in the event of it ending up in the hands of someone who is not authorised to look at it. The amount of information that is stored on our laptops and mobile phones is phenomenal. Most users have their entire digital lives on a single device and they may have a range of information stored on them, including; their bank details, Facebook logins, family photos, website logins and more. If someone else had access to this, the damage that can be done could be life changing.

But I have a password on my device?

A lot of you are probably thinking now that you have a password on your device that will stop people from accessing your information. Although it is correct that having a password does make your device more secure from most of the population, it can be very easily reset or removed by someone who knows what they are doing. Encryption on the other hand could take years or decades to be broken if the right password is used.

What should I Encrypt?

From a security perspective you should encrypt as much as possible, both for businesses and individuals. However, this isn’t often feasible; so to answer that question more realistically…it would be best to encrypt:

– ANY information, that if in the wrong hands, could damage you, your business, your staff, your clients or anyone!

Example:

A lot of companies have staff who take their laptops or devices out of the office. In this example the staff member is a Salesman and he’s left his laptop on an exhibition stand. It gets stolen! To a lot of us the financial loss and inconvenience of a laptop being stolen is bad enough. Now imagine that the laptop got into the wrong hands, maybe even a competitor and that they were able to access the information on it (Quotes, financial figures, client information – Whatever). This could, if delivered into the right hands, cause a massive issue for your company. Your company could even face legal action, a damaged reputation or even the loss of a client. The ramifications could be far-reaching.

However, say the salesman had encrypted his laptop. Yes, it would still be a bad day with the loss of the laptop but the likelihood of someone being able to access the information is greatly reduced.

Thank you for reading if you’re interested, some of my other Articles featuring Encryption can be found here:
Encryption Articles