Enable and configure information rights management (IRM) in SharePoint Online

By Global SharePoint in Information Rights Management (IRM), Microsoft 365 Admin Center, O365, Office 365, SharePoint, SharePoint admin center on March 15, 2020August 14, 2020

26,360 total views, 2 views today

From the document security perspective, the information rights management (IRM) in SharePoint Online (Office 365) is a very vital concept, using that we can control the rights /access of the documents after even downloading from SharePoint online library or oneDrive – I mean in another way we can say how we can protect the business document from the unauthorized access after downloading from SharePoint or oneDrive. So, in this article, we’ll learn about how we can enable and configure the information rights management (IRM) in SharePoint Online – Office 365.

The information rights management works on the document library level, so first we will see whether we can see the information rights management in the document library settings page.

The information rights management setting should be available under the permissions and management section, and just beneath the manage files which have no checked-in version setting. However, we don’t see this because of the “Information Rights Management (IRM)” service is not yet enabled in the SharePoint online Tenant settings.

Permissions and management in document library settings

Information Rights Management (IRM) in tenant settings page:

To navigate to the “Information Rights Management (IRM)” in the tenant settings page, follow the below steps:

https://globalsharepoint2020-admin.sharepoint.com/_layouts/15/online/AdminHome.aspx#/settings

Click on the “Settings” link from the left side panel, then click on the “Classic settings page” link from the bottom of the settings page as below.

Classic settings page in SharePoint admin center — Classic settings page in the SharePoint admin center

This will take us to the below tenant settings page.

Scroll down to the middle of the above page. Then, we can see the “Information Rights Management (IRM) section. There, we can see the below two options:

Use the IRM service specified in your configuration
Do not use IRM for this tenant

Select the “Use the IRM service specified in your configuration” radio button. By default “Do not use IRM for this tenant” will be selected. Finally, click on the “Refresh IRM Settings” button.

Information Rights Management (IRM) - Refresh IRM Settings — Information Rights Management (IRM) – Refresh IRM Settings

Note:

Once you click on the IRM Settings button, this will enable IRM service to document libraries in the tenant.
We cannot see Information Rights Management setting in the document library after just enabling from the tenant settings page, this might take up to 30 minutes, sometimes, it will be activated within just 5 to 10 minutes.

Now, let’s navigate to the same document library settings page that we have seen in the previous step.

We can see the link of “Information Rights Management” under the “Permissions and Management” section which was not available just sometimes back.

Information Rights Management settings in Document Library Settings Page

Once we click on the “Information Rights Management” link, this will take us to the below “Information Rights Management Settings” page.

Click on the “SHOW OPTIONS” link to see the see configuration which has mainly three sections:

Set additional IRM library settings
Configure document access rights
Set group protection and credentials interval

Information Rights Management Settings - Show Options — Information Rights Management Settings – Show Options

We will elaborate on the above configuration one by one.

Set additional IRM library settings

Set additional IRM library settings section provides additional settings that control the library behavior.

Do not allow users to upload documents that do not support IRM: If we select this checkbox user cannot upload a document to a library that does not support IRM policy.
Stop restricting access to the library at the specific date: Using this option we can stop restricting access to the library on the given date.
Prevent opening documents in the browser for this Document Library: If we select this checkbox, the user cannot open the document in the browser.

Configure document access rights

Configure document access rights section control the document access rights (for viewers) after the document is downloaded from the library; read-only viewing right is the default. Granting the rights below is reducing the bar for accessing the content by unauthorized users.

Allow viewers to print: If we enable this checkbox, the user can take the printout of the document.
Allow viewers to run script and screen reader to function on downloaded documents: If we enable this check box, users can run the custom script or code on the downloaded document.
Allow viewers to write on a copy of the downloaded document: If we enable this check box, users can write or edit on a copy of the downloaded document.
After download, document access rights will expire after these number of days (1-365): Using this option we can set the document access rights expiry day – meaning, after how many days the document access rights management will be expired after downloading the document. It could be any day from 1 to 365. Example – 90 days.

Set group protection and credentials interval

Set group protection and credentials interval section controls the caching policy of the license the application that opens the document will use and allow sharing the downloaded document with users that belong to a specified group.

Users must verify their credentials using this interval (days): If this option is configured user must verify their credentials at the interval of the configured days. Example: 30, in this every 30 days users must verify their credentials.
Allow group protection. Default group: This is additional security – after downloading the document if we restrict the document that this should be shared only with the configured groups.
Enter a name or email address… Global SharePoint Diary Members

Key take-away:

Set document access rights, including rights to print, run scripts to enable screen readers, or enable writing on a copy of the document after downloading.
Set expiration date – the date after which the document cannot be used after downloading.
Control whether documents that do not support IRM protection can be uploaded to the library.
Control whether Office Web Apps can render the documents in the browser from the library.
Set group protection and credentials intervals which allow sharing only specific group.

Permissions in IRM :

Below are the allowed permission information rights management (IRM).

Permissions	IRM Permissions
Manage Permissions, Manage Web Site	Full control (as defined by the client program): This permission generally allows a user to read, edit, copy, save, and modify permissions of rights-managed content.
Edit Items, Manage Lists, Add and Customize Pages	Edit, Copy, and Save, A user can print a file only if the Allow users to print documents checkbox is selected on the Information Rights Management Settings page for the list or library.
View Items	Read: A user can read the document, but cannot copy or modify its content. A user can print only if the Allow users to print documents checkbox is selected on the Information Rights Management Settings page for the library.

Summary:

Hence, in this article, we have learned the below topics with respect to Information Rights Management (IRM) in SharePoint Online:

What Information Rights Management in SharePoint Online?
How to enable information rights management office 365.
How to configure information rights management office 365.
How to protect your data with Information Rights Management (IRM) policy.
How to apply Information Rights Management to a list or library.
How to configure the Set additional IRM library settings in the document library.
How to configure the document access rights in the document library.
How to set group protection and credentials interval.