Manage SharePoint IRM Policy from Office 365

Introduction

 
From the document security perspective, information rights management (IRM) in SharePoint Online (Office 365) is a very vital concept, using that we can control the rights /access of the documents after even downloading from SharePoint online library or OneDrive. In another way, we can say how we can protect the business document from unauthorized access after downloading from SharePoint or OneDrive. In this article, we’ll learn about how we can enable and configure the information rights management (IRM) in SharePoint Online – Office 365.
 

Verify the information rights management in the document library settings page

 
The information rights management works on the document library level, so first we will see whether we can see the information rights management in the document library settings page.
 
The information rights management setting should be available under the permissions and management section, and just beneath the manage files which have no checked-in version setting. However, we don’t see this because of the “Information Rights Management (IRM)” service is not yet enabled in the SharePoint online Tenant settings.
 
Permissions-and-managment-in-document-library-settings
 

Configure Information Rights Management (IRM) in Office 365 Tenant Settings Page

 
To navigate to the “Information Rights Management (IRM)” in the tenant settings page, follow the below steps:
 
Login to the SharePoint admin center using the below URL.
  1. https://globalsharepoint2020-admin.sharepoint.com/_layouts/15/online/AdminHome.aspx#/settings  
Click on the “Settings” link from the left side panel, then click on the “Classic settings page” link from the bottom of the settings page as below.
 
Classic-settings-page-in-SharePoint-admin-center
 
This will take us to the below tenant settings page.
 
Settings-in-TenantSettings-page
 
Scroll down to the middle of the above page. Then, we can see the “Information Rights Management (IRM) section. There, we can see the below two options:
  • Use the IRM service specified in your configuration
  • Do not use IRM for this tenant
Select the “Use the IRM service specified in your configuration” radio button. By default “Do not use IRM for this tenant” will be selected. Finally, click on the “Refresh IRM Settings” button.
 
Information-Rights-Management-IRM-Refresh-IRM-Settings
 
Note
  • Once you click on the IRM Settings button, this will enable IRM service to document libraries in the tenant.
  • We cannot see Information Rights Management setting in the document library after just enabling from the tenant settings page, this might take up to 30 minutes, sometimes, it will be activated within just 5 to 10 minutes. 
Now, let’s navigate to the same document library settings page that we have seen in the previous step.
 
We can see the link of “Information Rights Management” under the “Permissions and Management” section which was not available sometime back.
 
Information-Rights-Management-settings-in-Document-Libray-Settings-Page
 
Once we click on the “Information Rights Management” link, this will take us to the below “Information Rights Management Settings” page. 
 
 
Click on the “SHOW OPTIONS” link to see the see configuration which has mainly three sections,
  • Set additional IRM library settings
  • Configure document access rights
  • Set group protection and credentials interval
Information-Rights-Management-Settings-Show-Options_1
 
We will elaborate on the above configuration one by one.
 
Set additional IRM library settings 
 
Set additional IRM library settings section provides additional settings that control the library behavior.
 
 
Note
  • Do not allow users to upload documents that do not support IRM: If we select this checkbox user cannot upload a document to a library that does not support IRM policy.
  • Stop restricting access to the library at the specific date: Using this option we can stop restricting access to the library on the given date.
  • Prevent opening documents in the browser for this Document Library: If we select this checkbox, the user cannot open the document in the browser.
Configure document access rights
 
Configure document access rights section control the document access rights (for viewers) after the document is downloaded from the library; read-only viewing right is the default. Granting the rights below is reducing the bar for accessing the content by unauthorized users.
 
3_Information-Rights-Management-Settings-Configure-document-access-rights 
Notes
  • Allow viewers to print: If we enable this checkbox, the user can take the printout of the document.
  • Allow viewers to run script and screen reader to function on downloaded documents: If we enable this check box, users can run the custom script or code on the downloaded document.
  • Allow viewers to write on a copy of the downloaded document: If we enable this check box, users can write or edit on a copy of the downloaded document.
  • After download, document access rights will expire after these number of days (1-365): Using this option we can set the document access rights expiry day – meaning, after how many days the document access rights management will be expired after downloading the document. It could be any day from 1 to 365. Example – 90 days.
Set group protection and credentials interval
 
Set group protection and credentials interval section controls the caching policy of the license the application that opens the document will use and allows for sharing the downloaded document with users that belong to a specified group.
 
4_Information-Rights-Management-Settings-Set-group-protection-and-credentials-interval 
Notes
  • Users must verify their credentials using this interval (days): If this option is configured user must verify their credentials at the interval of the configured days. Example: 30, in this every 30 days users must verify their credentials.
  • Allow group protection. Default group: This is additional security – after downloading the document if we restrict the document that this should be shared only with the configured groups.
  • Enter a name or email address… Global SharePoint Diary Members
Key take-away from the above configurations
  • Set document access rights, including rights to print, run scripts to enable screen readers or enable writing on a copy of the document after downloading.
  • Set expiration date – the date after which the document cannot be used after downloading.
  • Control whether documents that do not support IRM protection can be uploaded to the library.
  • Control whether Office Web Apps can render the documents in the browser from the library.
  • Set group protection and credentials intervals which allow sharing only specific group.

Summary

 
In this article, we have learned about configuring and manage IRM policy in SharePoint online from Office 365 tenant.
 
References
 
I have originally published this article here in the Global SharePoint Diary site.


Similar Articles