Microsoft just announced a Legal Agent in Word, an AI assistant built to support the precision and rigor that legal work demands. Brad Smith, Microsoft's Vice Chair, framed it well: every clause matters, every redline tells a story, and the agent is designed to follow the structured workflows lawyers use while keeping them fully in control.
It's a genuinely exciting step forward. But, it also surfaces important questions the legal profession has been wrestling with for decades: what happens after the file leaves your possession? Can you still control it? Can you audit it? Can you revoke it? Expire it?
The Last Mile Problem in Legal Work
A lawyer can now draft, redline, and refine a privileged memo or M&A term sheet with AI-assisted precision. But the moment that document needs to be shared with outside counsel, counterparties, regulators, or clients, it crosses organizational boundaries. The author typically loses all control over who can access it, forward it, copy it, or retain it.
This isn't a new problem. It's the defining tension of modern legal practice: sensitive data has to move, but the tools designed to protect it were built to keep it locked down.
Every lawyer knows the friction. You need to share a sensitive draft with co-counsel at another firm. You need to send diligence materials to a counterparty. You need to transmit CJIS-sensitive case files to a government agency. In each case, the document leaves your environment; and, your ability to govern it effectively ends at the boundary.
Microsoft Has Been Trying to Solve This for 20 Years
To Microsoft's credit, they recognized this problem early. In 2003, Microsoft launched Windows Rights Management Services (RMS) with a genuinely powerful premise: attach persistent permissions directly to the data itself, so that access controls travel with the file regardless of where it goes. In theory, you could revoke access to a document even after it had been emailed outside your organization.
Revolutionary idea. But in practice, it never fully delivered.
RMS was trapped inside the Microsoft ecosystem. Key management was brittle. It required every party (sender and recipient) to be enrolled in a compatible RMS infrastructure. For a law firm sharing documents with clients across dozens of different technology environments, that was a non-starter.
Microsoft evolved the approach into Azure Information Protection, then folded it into Purview. Each iteration was more capable. But the fundamental constraint remained: the protection model was tethered to the Microsoft universe and notoriously difficult to deploy at enterprise scale across heterogeneous environments.
A former senior Microsoft engineering leader, now a security architect at one of the world's largest banks, recently reviewed Virtru's architecture and summarized the situation candidly: Microsoft's approach to RMS "was painful."
The Architectural Difference That Matters
Why did Microsoft's approach struggle where Virtru's succeeds? It comes down to a fundamental architectural choice.
Microsoft tried to solve a data-centric problem with a platform-centric approach. If everyone is on Microsoft, the protection works. The moment data crosses a platform or organizational boundary (which is the entire point of legal collaboration) the model breaks down.
Virtru's co-founder, Will Ackerly, took a fundamentally different approach when he created the Trusted Data Format (TDF), an open standard that wraps the file itself in a cryptographic envelope. Encryption, policy, and access controls travel with the data object; not with the network, not with the application, not with the platform.
In simple terms: instead of trying to get the whole world onto one platform and then protecting files within that walled garden, TDF protects the file itself and lets it move freely across any platform, any organization, any environment.
This is what makes TDF a natural complement to what Microsoft just announced:
Protection that travels with the document. Whether the Word file is emailed, uploaded to a cloud drive, shared via a portal, or downloaded locally, the protection doesn't stop at the Microsoft boundary. The cryptographic envelope goes wherever the file goes.
No enrollment required for recipients. This is where Microsoft's RMS consistently broke down. With TDF, outside counsel, clients, and counterparties don't need to be on the same platform or enrolled in any special infrastructure. The rights travel with the data. Recipients simply authenticate and access, regardless of what tools they use.
Instant revocation and expiry. If a deal falls through, an engagement ends, or a document was shared in error, access can be revoked instantly even after delivery. Lawyers can also set expiration dates on sensitive drafts so they don't live forever in someone's inbox or cloud drive.
Full audit visibility. Every access event is logged: who opened the document, when, and from where. This is critical for privilege logs, regulatory compliance, ethical walls, and litigation hold obligations.
Granular cryptographic key control. The sending organization maintains control over the encryption keys that govern who can decrypt the data. This is NOT a feature bolted on at the perimeter. It's the architectural foundation, and it's what gives organizations genuine, enforceable sovereignty over their most sensitive information.
What This Means for Legal Teams
The combination of Microsoft's Legal Agent and data-centric governance powered by TDF creates something the legal profession has never had: the ability to draft with AI-assisted precision and then share the output with anyone, across any platform and any organizational boundary, without sacrificing security, control, or productivity.
Consider the practical scenarios:
M&A transactions. Deal teams can share sensitive term sheets and diligence materials with counterparties, knowing that access can be revoked the moment a deal falls through. That every access event is logged for regulatory purposes.
Litigation. Privileged communications and work product can be shared with co-counsel at other firms with persistent protection, expiration policies, and a complete audit trail without requiring the receiving firm to deploy any special infrastructure.
Regulatory compliance. Legal teams handling CJIS-sensitive materials, HIPAA-protected health information, or ITAR-controlled data can share documents with the confidence that protection travels with the file and that access controls are enforced regardless of where the data lands.
Client communications. Sensitive legal advice can be delivered to clients with the assurance that the document remains under the firm's cryptographic control—revocable, auditable, and protected even if the client's own environment is compromised.
Recommended Reading: What Is a Blind Subpoena, and How Can You Protect Your Data?
The Promise RMS Was Always Meant to Deliver
Microsoft deserves credit for recognizing two decades ago that persistent, data-level rights management was the right idea. The vision was correct. The architectural approach (requiring the world to run on a single platform) was the constraint that prevented it from being realized.
TDF was designed from the ground up to solve that constraint. It's an open standard, not a proprietary lock-in. It works across Microsoft, Google, and any other environment. It doesn't require recipients to be customers of anything. And it gives the data owner genuine, cryptographically enforced control that persists for the entire lifecycle of the data, wherever it travels.
Microsoft raised the bar on intelligent legal drafting with the new Legal Agent. TDF and Virtru can help ensure that the trust and rigor Brad Smith described extends beyond the four corners of the document and into every hand it reaches.
That's the promise RMS was always meant to deliver. And for the first time, the architecture to deliver it actually exists.
/blog%20-%20microsoft%20legal%20AI/miscrosoftlegal%20copy.webp)
/blog%20-%20anthropic%20boat/anthropic-boat.webp)
/blog%20-%20mythos%20john/ai-john-mythos.webp)
/blog%20-%20pubsec%20AI/pubsecAI.webp)
/blog%20-%20RSA%202026/RSA-BLOG.webp)