IRM in SharePoint Online

I’ve been working on IRM in SharePoint Online lately and wanted to share to you what I have discovered. The last experience that I had with IRM was back in 2012. We implemented AD RMS (Active Directory Rights Management Services) using Windows Server 2008 and integrated it to SharePoint 2010. So it’s more than 5 years since I handled that project.

SharePoint Online Information Rights Management (IRM) secure your files in the SharePoint list and document libraries. When the user downloads the file with IRM-enabled list or libraries, the file is encrypted and only the authorize user can view the file. The restrictions of the IRM-enabled includes making a file read-only, disabling the print, disabling copying of text, and preventing of saving a local copy. When you download a file, it will retain the restrictions.

To enable IRM in SharePoint Online, you need to check in SharePoint Admin Center.

1. If you are under the new SharePoint admin center, select the Classic SharePoint admin center.

New SharePoint Admin Center

2. Select Settings in the left navigation, and then look for Information Rights Management (IRM)

Information Rights Management Settings in SharePoint Admin Center
  • In the radio button, select Use the IRM service specified in your configuration.
  • Click Refresh IRM Settings

If you have this error:

“Error RMS Online is not enabled for this tenant, please contact Office 365 to enable. “

Check your service plan if it includes Azure Rights Management. You can check this link for more information on how to activate.

After enabling the IRM in admin center, we need to enable the IRM in one of the the document libraries.

In the library settings of document libraries, under Permissions and Management category, select Information Rights Management.

Information Rights Management in Document Library
Information Rights Management in Document Library

Fill in the policy title and policy description, which is required and select your settings and configuration for your requirements.

Creating a policy

For my testing, I selected “After download it will expire the document after 1 day”  under the “Configure document access rights”. I use one user who has a read permission to the document library.  Take note, the restrictions of the file when it is downloaded are based on the individuals permission on the list or libraries. For example, if the user has a read permission in SharePoint list or libraries, the user can only read the file and cannot copy or edit the file. So you need to assess your user on what permission you’re going to grant. Going back to my testing, here are the awesome features that I have discovered:

Restrictions in IRM

If you have a read permission in SharePoint document libraries or list, you will have these example permissions.

Using Snipping Tool

User cannot snip the file when downloaded. The application will turn to black. I use the Snipping Tool (Microsoft application) in the first image below.  I thought it will only applies to Microsoft programs but does not. It is also the same with third party snipping tools. In the second image, I used the Screenpresso and the third one is Jing.

Snipping Tool

Print Screen

Also, using Print Screen (PrtScr) turns the application to black. In the left side of the screen, I launched the file in Microsoft Word and did the print screen command. (I have two screens).

Print Screen command showing two screens

Video Screening

It doesn’t show anything when I did the video screening in using the snipping tool. Observe the snipping tool cursor. It feels like I’m snipping an invisible document.

Video Screening
Observe the Snipping tool cursor

Expire after Download

I set my policy to expire after a day when I download. I tried to open the file the next day and I have this this prompt when I open the file.

Protected PDF

PDF file needs a pdf reader to open the protected pdf file. There are some lists of pdf viewer that can be found in this link.

Protected PDF
Opening IRM-enabled PDF file in browser

In my case I use the Azure Information Protection Viewer to open the PDF file. The user that I used for opening the PDF file has a contribute permission. That’s the reason why I can highlight the text in the file.

If you don’t have a permission to the PDF file. You will see a prompt below.

Opening the file online

If you are opening the file using the Word, Excel, and PowerPoint online. You can do print screen command and use snipping tool to copy the file.

I would recommend if you don’t want to have this scenario, you can set your policy in IRM to prevent the opening in browser. This will automatically open your file in your local Microsoft programs (Word, Excel and PowerPoint).

Set Additional IRM library settings

These are the amazing features that I really like when exploring the IRM in SharePoint Online. What’s yours?

#ApplaudHer #HumansofIT #LessCodeMorePower #MicrosoftIgnite #MSTechCommunityAPACOnline #PowerAddicts AD RMS AI AIBuilder AI Builder Azure Community Diversity in Tech Form-Processing Form Processing Get Attachment InfoPath IRM IWD Microsoft Microsoft365 MicrosoftForms Microsoft List Microsoft Lists Microsoft Teams MicrosoftTechCommunity MixedReality Mixed Reality Office 365 Office365 Policy Power Apps PowerApps Power Automate PowerBI Power BI PowerPlatform Power Platform Power Virtual Agent Security SharePoint Solutions Women In Tech Women Who Code WWCode