Step-by-Step Setup: Deploying Foxit PDF Secure RMS Protector in 2026

How to use Foxit PDF Secure RMS Protector for enterprise document security

1) Prerequisites

• RMS/AIP service: AD RMS on-prem or Microsoft Azure Rights Management / AIP must be deployed and accessible.
• Foxit version: Enterprise Foxit PDF Editor/Reader build with RMS/AIP integration.
• Accounts & licenses: Users require AIP/RMS-enabled accounts and appropriate Microsoft licenses.
• Admin tools: Foxit Configuration Tool (x86/x64) available to administrators; web service/SQL if using extended policies (on-prem setups).

2) Basic workflow (encrypt & apply rights)

1. Open PDF in Foxit PDF Editor/Reader.
2. Protect → Restrict Access (or Protect → Sensitivity for AIP).
3. If first use, choose Connect to Digital Rights Management / Connect to Microsoft Azure Information Protection and sign in.
4. Select an official RMS/AIP template (or choose Restricted Access to set custom permissions).
5. Configure recipients (email addresses or groups) and permissions (view, edit, print, copy).
6. (Optional) Configure extended policies: expiry, allowed IP range, page access, print/access counts, security watermarks.
7. Click OK/Save to encrypt and save the protected PDF.

3) Admin configuration & advanced controls

• Use the Foxit Configuration Tool to: enable/disable features, edit template extended policies, customize wrapper files, perform dynamic revocation, and view audit logs.
• For on-prem extended policies (access/print limits) configure the Foxit web service and SQL backend, then enable extended policy via the configuration tool.
• If integrating with AD RMS mobile-device extensions or custom ADFS, follow the specific PowerShell client registration steps Foxit documents (Add-AdfsClient examples).

4) Distribution, consumption and revocation

• Protected PDFs open in RMS/AIP-aware clients (Foxit, Microsoft Office apps, supported viewers).
• To revoke access, use Foxit Configuration Tool’s dynamic revocation (add user to revocation list) or revoke from the RMS/AIP admin console—changes take effect when clients validate licenses online.
• For offline access, check your template settings (offline access allowed/time-limited).

5) Troubleshooting & recommendations

• Ensure Foxit build supports AIP SDK v2+ if using sensitivity labels.
• Verify user authentication works in Office apps to rule out tenant/consent issues.
• If labels/templates aren’t visible, confirm labels are published in the Microsoft Purview/AIP portal and the user has an eligible license.
• For failed extended-policy enforcement, confirm web service/SQL endpoints and firewall/port settings; update VBScript localhost/port in the unzipped Foxit Configuration Tool as documented.
• Test protected files across target viewers (Foxit, Adobe with MIP support, Office) after deployment.

6) Quick checklist for enterprise rollout

• Deploy/validate RMS/AIP service and publish templates.
• Confirm Foxit enterprise builds are installed and updated.
• Configure Foxit Configuration Tool and web service/SQL (if needed).
• Train admins on template/extended-policy management and revocation.
• Pilot with a small user group, test cross-client compatibility, then roll out broadly.

If you want, I can produce a step-by-step admin runbook (table with exact menu paths and sample template settings) tailored to on-prem AD RMS or Azure AIP—specify which environment.