Enable and configure information rights management (IRM) in SharePoint Online

 77,250 total views,  13 views today

From the document security perspective, the information rights management (IRM) in SharePoint Online (Office 365) is a very vital concept, using that we can control the rights /access of the documents after even downloading from SharePoint online library or oneDrive – I mean in another way we can say how we can protect the business document from the unauthorized access after downloading from SharePoint or oneDrive.  So, in this article, we’ll learn about how we can enable and configure the information rights management (IRM) in SharePoint Online – Office 365. The information rights management works on the document library level, so first we will see whether we can see the information rights management in the document library settings page. The information rights management setting should be available under the permissions and management section, and just beneath the manage files which have no checked-in version setting. However, we don’t see this because of the “Information Rights Management (IRM)” service is not yet enabled in the SharePoint online Tenant settings.

Information Rights Management (IRM) in tenant settings page:

To navigate to the “Information Rights Management (IRM)” in the tenant settings page, follow the below steps: Login to the SharePoint admin center using the below URL.

https://globalsharepoint2020-admin.sharepoint.com/_layouts/15/online/AdminHome.aspx#/settings

Click on the “Settings” link from the left side panel, then click on the “Classic settings page” link from the bottom of the settings page as below.

This will take us to the below tenant settings page.

Scroll down to the middle of the above page. Then, we can see the “Information Rights Management (IRM) section. There, we can see the below two options:

• Use the IRM service specified in your configuration
• Do not use IRM for this tenant

Select the “Use the IRM service specified in your configuration” radio button. By default “Do not use IRM for this tenant” will be selected. Finally, click on the “Refresh IRM Settings” button.

Note:

• Once you click on the IRM Settings button, this will enable IRM service to document libraries in the tenant.
• We cannot see Information Rights Management setting in the document library after just enabling from the tenant settings page, this might take up to 30 minutes, sometimes, it will be activated within just 5 to 10 minutes.

Now, let’s navigate to the same document library settings page that we have seen in the previous step. We can see the link of “Information Rights Management” under the “Permissions and Management” section which was not available just sometimes back.

Once we click on the “Information Rights Management” link, this will take us to the below “Information Rights Management Settings” page.

Click on the “SHOW OPTIONS” link to see the see configuration which has mainly three sections:

• Set additional IRM library settings
• Configure document access rights
• Set group protection and credentials interval

We will elaborate on the above configuration one by one.

Set additional IRM library settings

Set additional IRM library settings section provides additional settings that control the library behavior.

• Do not allow users to upload documents that do not support IRM: If we select this checkbox user cannot upload a document to a library that does not support IRM policy.
• Stop restricting access to the library at the specific date: Using this option we can stop restricting access to the library on the given date.
• Prevent opening documents in the browser for this Document Library: If we select this checkbox, the user cannot open the document in the browser.

Configure document access rights

Configure document access rights section control the document access rights (for viewers) after the document is downloaded from the library; read-only viewing right is the default. Granting the rights below is reducing the bar for accessing the Product Information Management by unauthorized users.

• Allow viewers to print: If we enable this checkbox, the user can take the printout of the document.
• Allow viewers to run script and screen reader to function on downloaded documents: If we enable this check box, users can run the custom script or code on the downloaded document.
• Allow viewers to write on a copy of the downloaded document: If we enable this check box, users can write or edit on a copy of the downloaded document.
• After download, document access rights will expire after these number of days (1-365): Using this option we can set the document access rights expiry day – meaning, after how many days the document access rights management will be expired after downloading the document. It could be any day from 1 to 365. Example – 90 days.

Set group protection and credentials interval

Set group protection and credentials interval section controls the caching policy of the license the application that opens the document will use and allow sharing the downloaded document with users that belong to a specified group.

• Users must verify their credentials using this interval (days): If this option is configured user must verify their credentials at the interval of the configured days. Example: 30, in this every 30 days users must verify their credentials.
• Allow group protection. Default group: This is additional security – after downloading the document if we restrict the document that this should be shared only with the configured groups. Enter a name or email address…  Global SharePoint Diary Members

Key take-away:

• Set document access rights, including rights to print, run scripts to enable screen readers, or enable writing on a copy of the document after downloading.
• Set expiration date – the date after which the document cannot be used after downloading.
• Control whether documents that do not support IRM protection can be uploaded to the library.
• Control whether Office Web Apps can render the documents in the browser from the library.
• Set group protection and credentials intervals which allow sharing only specific group.

Permissions in IRM :

Below are the allowed permission information rights management (IRM).

Permissions	IRM Permissions
Manage Permissions, Manage Web Site	Full control (as defined by the client program): This permission generally allows a user to read, edit, copy, save, and modify permissions of rights-managed content.
Edit Items, Manage Lists, Add and Customize Pages	Edit, Copy, and Save, A user can print a file only if the Allow users to print documents checkbox is selected on the Information Rights Management Settings page for the list or library.
View Items	Read: A user can read the document, but cannot copy or modify its content. A user can print only if the Allow users to print documents checkbox is selected on the Information Rights Management Settings page for the library.

Summary:

Hence, in this article, we have learned the below topics with respect to Information Rights Management (IRM) in SharePoint Online:

• What Information Rights Management in SharePoint Online?
• How to enable information rights management office 365.
• How to configure information rights management office 365.
• How to protect your data with Information Rights Management (IRM) policy.
• How to apply Information Rights Management to a list or library.
• How to configure the Set additional IRM library settings in the document library.
• How to configure the document access rights in the document library.
• How to set group protection and credentials interval.

See Also:

• Manage recycle bin in SharePoint Online – Office 365
• In 4 steps create office 365 trial account – sign up free subscription
• Add more than 5 conditions in InfoPath form’s rule
• How to validate the date column in Infopath form
• How to a copy list item to another list using SharePoint designer workflow
• SharePoint Framework (SPFx) development environment Setup step by step
• 3 ways add a picture library in the communication site – SharePoint Online
• SharePoint generation or version history from the year 2000 to 2020
• Office 365: Getting started with SharePoint PnP PowerShell – installation
• In 2 steps convert a classic SharePoint page to modern using PnP
• Office 365: Retrieve hub sites and associated sites using PnP Powershell
• Create a modern team site using PnP PowerShell in SharePoint
• In 4 steps access SharePoint online data using postman tool
• SharePoint admin center: Learn SharePoint online administration in an hour – step by step
• SharePoint REST API: GET vs POST vs PUT vs DELETE vs PATCH
• Office 365: Understanding the hub site in SharePoint online
• Create SharePoint online list using PnP provisioning template
• List Template IDs In SharePoint Online/SharePoint 2019/2016/2013/2010/2007