From the document security perspective, the information rights management (IRM) in SharePoint Online (Office 365) is a very vital concept, using that we can control the rights /access of the documents after even downloading from SharePoint online library or oneDrive – I mean in another way we can say how we can protect the business document from the unauthorized access after downloading from SharePoint or oneDrive. So, in this article, we’ll learn about how we can enable and configure the information rights management (IRM) in SharePoint Online – Office 365.
How does information rights management (irm) work in SharePoint Online?
The information rights management works on the document library level, so first, we will see whether we can see the information rights management on the document library settings page. The information rights management setting should be available under the permissions and management section, and just beneath the manage files which have no checked-in version setting. However, we don’t see this because the “Information Rights Management (IRM)” service is not yet enabled in the SharePoint online Tenant settings.
Information Rights Management (IRM) on the tenant settings page:
To navigate to the “Information Rights Management (IRM)” in the tenant settings page, follow the below steps: Log in to the SharePoint admin center using the below URL.
Click on the “Settings” link from the left side panel, then click on the “Classic settings page” link from the bottom of the settings page as below.
This will take us to the below tenant settings page.
Scroll down to the middle of the above page. Then, we can see the “Information Rights Management (IRM) section. There, we can see the below two options:
- Use the IRM service specified in your configuration
- Do not use IRM for this tenant
Select the “Use the IRM service specified in your configuration” radio button. By default “Do not use IRM for this tenant” will be selected. Finally, click on the “Refresh IRM Settings” button.
- Once you click on the IRM Settings button, this will enable the IRM service to document libraries in the tenant.
- We cannot see Information Rights Management setting in the document library after just enabling it from the tenant settings page, this might take up to 30 minutes, sometimes, it will be activated within just 5 to 10 minutes.
Now, let’s navigate to the same document library settings page that we have seen in the previous step. We can see the link of “Information Rights Management” under the “Permissions and Management” section which was not available just sometimes back.
Once we click on the “Information Rights Management” link, this will take us to the below “Information Rights Management Settings” page.
Click on the “SHOW OPTIONS” link to see the see configuration which has mainly three sections:
- Set additional IRM library settings
- Configure document access rights
- Set group protection and credentials interval
We will elaborate on the above configuration one by one.
Set additional IRM library settings – information rights management (irm)
Set additional IRM library settings section provides additional settings that control the library behavior.
- Do not allow users to upload documents that do not support IRM: If we select this checkbox users cannot upload a document to a library that does not support IRM policy.
- Stop restricting access to the library at a specific date: Using this option we can stop restricting access to the library on the given date.
- Prevent opening documents in the browser for this Document Library: If we select this checkbox, the user cannot open the document in the browser.
Configure document access rights – information rights management (irm)
Configure document access rights section control the document access rights (for viewers) after the document is downloaded from the library; read-only viewing right is the default. Granting the rights below is reducing the bar for accessing the Product Information Management by unauthorized users.
- Allow viewers to print: If we enable this checkbox, the user can take the printout of the document.
- Allow viewers to run script and screen reader to function on downloaded documents: If we enable this check box, users can run the custom script or code on the downloaded document.
- Allow viewers to write on a copy of the downloaded document: If we enable this check box, users can write or edit on a copy of the downloaded document.
- After download, document access rights will expire after these number of days (1-365): Using this option we can set the document access rights expiry day – meaning, after how many days the document access rights management will be expired after downloading the document. It could be any day from 1 to 365. Example – 90 days.
Set group protection and credentials interval – information rights management (irm)
Set group protection and credentials interval section controls the caching policy of the license the application that opens the document will use and allow sharing the downloaded document with users that belong to a specified group.
- Users must verify their credentials using this interval (days): If this option is configured user must verify their credentials at the interval of the configured days. For example 30, in this every 30 days users must verify their credentials.
- Allow group protection. Default group: This is additional security – after downloading the document if we restrict the document that this should be shared only with the configured groups. Enter a name or email address… Global SharePoint Diary Members
Key take-away: Information rights management (irm)
- Set document access rights, including rights to print, run scripts to enable screen readers or enable writing on a copy of the document after downloading.
- Set expiration date – the date after which the document cannot be used after downloading.
- Control whether documents that do not support IRM protection can be uploaded to the library.
- Control whether Office Web Apps can render the documents in the browser from the library.
- Set group protection and credentials intervals that allow sharing only specific groups.
Permissions in IRM: Information rights management (irm)
Below are the allowed permission information rights management (IRM).
|Manage Permissions, Manage Web Site||Full control (as defined by the client program): This permission generally allows a user to read, edit, copy, save, and modify permissions of rights-managed content.|
|Edit Items, Manage Lists, Add and Customize Pages||Edit, Copy, and Save, A user can print a file only if the Allow users to print documents checkbox are selected on the Information Rights Management Settings page for the list or library.|
|View Items||Read: A user can read the document, but cannot copy or modify its content. A user can print only if the Allow users to print documents checkbox is selected on the Information Rights Management Settings page for the library.|
Summary: Information rights management (irm)
Hence, in this article, we have learned the below topics with respect to Information Rights Management (IRM) in SharePoint Online:
- What Information Rights Management in SharePoint Online?
- How to enable information rights management office 365.
- How to configure information rights management office 365.
- How to protect your data with Information Rights Management (IRM) policy.
- How to apply Information Rights Management to a list or library.
- How to configure the Set additional IRM library settings in the document library.
- How to configure the document access rights in the document library.
- How to set group protection and credentials interval.
See Also: Information rights management (irm)
You may also look into the below sensitivity sensitivity labels (SharePoint Governance) articles:
- Enable Sensitivity label for Groups, Sites & Teams
- Get sensitivity labels using PowerShell script
- Apply sensitivity label in SharePoint using Postman tool
- [Fixed]: The sensitivity label is published by label policies and cannot be deleted
- Set up Information Rights Management (IRM) in SharePoint admin center
If this article helps you, please appreciate our efforts by writing a comment below or if you have a better idea/solution to this topic, please write a comment, we will include that in this article. Thank you, happy reading, learning, and Sharing. 🙂