Information Rights Management in the Cloud

Information Rights Management (IRM) is a persistent file-level technology from Microsoft. It uses permissions and authorization to help prevent sensitive information from being printed, forwarded, or copied by unauthorized people. After permission for a document or message is restricted by using this technology, the usage restrictions travel with the document or email message as part of the contents of the file. It enables you to limit the actions that users can take on files that have been downloaded from lists or libraries. IRM encrypts the downloaded files and limits the set of users and programs that are allowed to decrypt these files. IRM can also limit the rights of the users who are allowed to read files, so that they cannot take actions such as print copies of the files or copy text from them.
The key to IRM is encryption. When IRM is applied to a document, one part of a security certificate is attached to the document and the other is stored in Active Directory Rights Management Services. Microsoft Office and Office Web Apps can read this certificate and then connect back to the Information Rights provider. Once your credentials are verified, the document is then decrypted for view. That same certificate that gives you the right to view a document can also restrict how you use it.
The new Office 2013 brings document protection using Information Rights Management (IRM) services to the cloud. Information Rights Management in Cloud allows Office 365 users to get a service plan that includes IRM capabilities powered by a new document protection service also known as Windows Azure AD Rights Management (AADRM) , that is part of Office 365 Enterprise Plan 3 and Plan 4, and Academic Plan 3 and Plan 4. This capability is symmetric to the ability to assign a Windows Right Management Server (RMS Server) to an on premises SharePoint installation. Users can configure SharePoint Online to work with the service in their SharePoint Online Tenant Setting Page.
IRM Office 365 Plans:
  • Enterprise Plan (E3)
  • Enterprise Plan (E4)
  • Academic Plan (A3)
  • Academic Plan (A4)

IRM Features:

  • IRM settings can be configured on individual document libraries
  • Settings apply to all the document library content
  • IRM only protects documents in document libraries, attachments to list items – it does not protect the list items
  • New improves UI on document libraries with options to
    • Set access rights, including rights to print, run scripts to enable screen readers, or enable writing on a copy of the document (new to Office 2013)
    • Set expiration date (the date after which the document cannot be used
    • Control whether documents that do not support IRM protection can be included in the library
    • Control whether Office Web Apps can render the documents in the library (new in Office 2013)
  • Protect documents for a group
  • IRM now also supports pdf documents
  • Protected documents can be rendered in the browser ( Office Web Apps)
  • Better programmatic control (Power Shell/object model)

To activate Rights Management in the Office 365 admin center:

  • Sign up for your Office 365 account and login to the Office 365 admin center.
  • In the left pane, click Service Settings.
  • From the Service Settings page, click Rights Management.
  • Under Protect your information, click Manage.
  • Under Rights Management, click Activate.
  • When prompted Do you want to activate rights management, click Activate.

SharePoint Online supports encryption of the following file types:

  • PDF
  • The 97-2003 file formats for the following Microsoft Office programs: Word, Excel, and PowerPoint
  • The Office Open XML formats for the following Microsoft Office programs: Word, Excel, and PowerPoint
  • The XML Paper Specification (XPS) format

Apply IRM to a list or library:
Note: To apply IRM to a list or library, you must have at least the Design permission level for that list or library.

  • Go to the list or library for which you want to configure IRM.
  • On the ribbon, click the Library tab, and then click Library Settings (If you are working in a list, click the List tab, and then click List Settings).
  • Under Permissions and Management, click Information Rights Management.
  • On the Information Rights Management Settings page, select the Restrict permission to documents in this library on download check box to apply restricted permission to documents that are downloaded from this list or library.
  • Specify other settings as deemed necessary

IRM helps to protect restricted content in the following ways:

  • Helps to prevent an authorized viewer from copying, modifying, printing, faxing, or copying and pasting the content for unauthorized use
  • Helps to prevent an authorized viewer from copying the content by using the Print Screen feature in Microsoft Windows
  • Helps to prevent an unauthorized viewer from viewing the content if it is sent in e-mail after it is downloaded from the server
  • Restricts access to content to a specified period of time, after which users must confirm their credentials and download the content again
  • Helps to enforce corporate policies that govern the use and dissemination of content within your organization
  • How IRM cannot help protect content

IRM cannot protect restricted content from the following:

  • Erasure, theft, capture, or transmission by malicious programs such as Trojan horses, keystroke loggers, and certain types of spyware
  • Loss or corruption because of the actions of computer viruses
  • Manual copying or retyping of content from the display on a screen
  • Digital or film photography of content that is displayed on a screen
  • Copying through the use of third-party screen-capture programs
  • Copying of content metadata (column values) through the use of third-party screen-capture programs or copy-and-paste action

Supported Client Matrix:

App​ SharePoint Online 2013​ RMS Online
​Word, PowerPoint, Excel 2013 (windows) ​Yes ​Yes
​Word, PowerPoint, Excel 2013 RT ​Yes ​Yes
​Word, PowerPoint, Excel 2010 ​Yes (After you install the Office 365 sign-on assistant.) ​Yes
​Office for Mac 2010 ​ No ​No
​Outlook on Windows Phone 7 ​NR ​No
​Word on Windows Phone 7 ​No ​No
​Foxit PDF reader on Windows ​Yes (After you install the Office 365 sign-on assistant.) ​Yes

Related Post

1 thought on “Information Rights Management in the Cloud”

  1. IRM is the only way to restrict users with view only permissions to print, download a copy of the documents in a document library.
    This holds true for both office docs and PDF docs. But to read PDF docs, I need to have another licensed product – Foxit, not used mostly in enterprises.

    Though IRM covers my requirement of restricting users from printing/downloading the documents for office docs. Please suggest the best possible support for PDF with Adobe.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.