Enable and configure information rights management (IRM) in SharePoint Online

No comments

From the document security perspective, the information rights management (IRM) in SharePoint Online (Office 365) is a very vital concept, using that we can control the rights /access of the documents after even downloading from SharePoint online library or oneDrive – I mean in another way we can say how we can protect the business document from the unauthorized access after downloading from SharePoint or oneDrive.  So, in this article, we’ll learn about how we can enable and configure the information rights management (IRM) in SharePoint Online – Office 365.

 

The information rights management works on the document library level, so first we will see whether we can see the information rights management in the document library settings page.

The information rights management setting should be available under the permissions and management section, and just beneath the manage files which have no checked in version setting. However, we don’t see this because of the “Information Rights Management (IRM)” service is not yet enabled in the SharePoint online Tenant settings.

Permissions and management in document library settings
Permissions and management in document library settings

Information Rights Management (IRM) in tenant settings page:

To navigate to the “Information Rights Management (IRM)” in the tenant settings page, follow the below steps:

Login to the SharePoint admin center using the below URL.

https://globalsharepoint2020-admin.sharepoint.com/_layouts/15/online/AdminHome.aspx#/settings

Click on the “Settings” link from the left side panel, then click on the “Classic settings page” link from the bottom of the settings page as below. 

Classic settings page in SharePoint admin center
Classic settings page in the SharePoint admin center

This will take us to the below tenant settings page.

Settings in TenantSettings page
Settings in TenantSettings page

Scroll down to the middle of the above page. Then, we can see the “Information Rights Management (IRM) section. There, we can see the below two options:

  • Use the IRM service specified in your configuration
  • Do not use IRM for this tenant

Select the “Use the IRM service specified in your configuration” radio button. By default “Do not use IRM for this tenant” will be selected. Finally, click on the “Refresh IRM Settings” button.

Information Rights Management (IRM) - Refresh IRM Settings
Information Rights Management (IRM) – Refresh IRM Settings

Note:

  • Once you click on the IRM Settings button, this will enable IRM service to document libraries in the tenant.
  • We cannot see Information Rights Management setting in the document library after just enabling from the tenant settings page, this might take up to 30 minutes, sometimes, it will be activated within just 5 to 10 minutes.

Now, let’s navigate to the same document library settings page that we have seen in the previous step.

We can see the link of “Information Rights Management” under the “Permissions and Management” section which was not available just sometimes back. 

Information Rights Management settings in Document Library Settings Page
Information Rights Management settings in Document Library Settings Page

Once we click on the “Information Rights Management” link, this will take us to the below “Information Rights Management Settings” page.

Information Rights Management Settings
Information Rights Management Settings

Click on the “SHOW OPTIONS” link to see the see configuration which has mainly three sections:

  • Set additional IRM library settings
  • Configure document access rights
  • Set group protection and credentials interval
Information Rights Management Settings - Show Options
Information Rights Management Settings – Show Options

We will elaborate on the above configuration one by one.

Set additional IRM library settings

Set additional IRM library settings section provides additional settings that control the library behavior.

Information Rights Management Settings - Set additional IRM library settings
Information Rights Management Settings – Set additional IRM library settings
  • Do not allow users to upload documents that do not support IRM: If we select this checkbox user cannot upload a document to a library that does not support IRM policy.
  • Stop restricting access to the library at the specific date: Using this option we can stop restricting access to the library on the given date.
  • Prevent opening documents in the browser for this Document Library: If we select this checkbox, the user cannot open the document in the browser.

 

Configure document access rights

Configure document access rights section control the document access rights (for viewers) after the document is downloaded from the library; read-only viewing right is the default. Granting the rights below is reducing the bar for accessing the content by unauthorized users.

Information Rights Management Settings - Configure document access rights
Information Rights Management Settings – Configure document access rights
  • Allow viewers to print: If we enable this checkbox, the user can take the printout of the document.
  • Allow viewers to run script and screen reader to function on downloaded documents: If we enable this checkbox, users can run the custom script or code on the downloaded document.
  • Allow viewers to write on a copy of the downloaded document: If we enable this checkbox, users can write or edit on a copy of the downloaded document.
  • After download, document access rights will expire after these number of days (1-365): Using this option we can set the document access rights expiry day – meaning, after how many days the document access rights management will be expired after downloading the document. It could be any day from 1 to 365. Example – 90 days.

Set group protection and credentials interval

Set group protection and credentials interval section controls the caching policy of the license the application that opens the document will use and allow sharing the downloaded document with users that belong to a specified group.

Information Rights Management Settings - Set group protection and credentials interval

  • Users must verify their credentials using this interval (days): If this option is configured user must verify their credentials at the interval of the configured days. Example: 30, in this every 30 days users must verify their credentials. 
  • Allow group protection. Default group: This is additional security – after downloading the document if we restrict the document that this should be shared only with the configured groups.
    Enter a name or email address…  Global SharePoint Diary Members

 

Key take-away:

  • Set document access rights, including rights to print, run scripts to enable screen readers or enable writing on a copy of the document after downloading. 
  • Set expiration date – the date after which the document cannot be used after downloading. 
  • Control whether documents that do not support IRM protection can be uploaded to the library. 
  • Control whether Office Web Apps can render the documents in the browser from the library.
  • Set group protection and credentials intervals which allow to share only specific group. 

Permissions in IRM :

Below are the allowed permission information rights management (IRM).

Permissions

IRM Permissions

Manage Permissions, Manage Web Site

Full control (as defined by the client program): This permission generally allows a user to read, edit, copy, save, and modify permissions of rights-managed content.

Edit Items, Manage Lists, Add and Customize Pages

Edit, Copy, and Save, A user can print a file only if the Allow users to print documents checkbox is selected on the Information Rights Management Settings page for the list or library.

View Items

Read: A user can read the document, but cannot copy or modify its content. A user can print only if the Allow users to print documents checkbox is selected on the Information Rights Management Settings page for the library.

 

Summary:

Hence, in this article, we have learned the below topics with respect to Information Rights Management (IRM) in SharePoint Online:

  • What Information Rights Management in SharePoint Online?
  • How to enable information rights management office 365.
  • How to configure information rights management office 365.
  • How to protect your data with Information Rights Management (IRM) policy.
  • How to apply Information Rights Management to a list or library.
  • How to configure the Set additional IRM library settings in the document library.
  • How to configure the document access rights in the document library.
  • How to set group protection and credentials interval.

See Also:

Free download SharePoint Online & Office 365 Administration eBook(238 Pages)

Get the PDF eBook from here:




 

 
FREE DOWNLOAD

Send download link to:

Subscribe to get exclusive content and recommendations every month. You can unsubscribe anytime.