Microsoft Purview: Information Protection - Rights Management connector – Certificate-based authentication
The RMS connector is transitioning from shared-secret to certificate-based authentication. Administrators must manually provision their own Entra app registration and certificate, replacing the previous automatic service principal provisioning. New PowerShell cmdlets manage certificate import, registry configuration, and validation.
Key dates
- 2024 — preview (Feature in development; general availability date not specified)
Microsoft's description
The Microsoft Rights Management (RMS) connector is moving from shared-secret authentication to certificate-based authentication, improving its security posture. With this update, administrators configure their own Microsoft Entra app registration and certificate, then use the new PowerShell module to configure the certificate for each workload (Connector, Exchange, SharePoint, and FCI). New PowerShell cmdlets handle certificate import, registry configuration, private-key permissions, and validation. As part of this change, the connector setup no longer provisions an Entra service principal or issues a shared secret on the customer's behalf. Customers should plan to register an Entra ID application and upload a certificate before installing or upgrading the connector.