Office 365: Information Rights Management
Information Rights Management is being rolled out to Office 365 right now. I read about it here, and decided to go into my tenant and try it out. This is very exciting! What is Information Rights Management? The quick explanation is that it lets you have tighter control over what happens to your files (mostly just MS Office files) once they have been emailed out or downloaded to people’s computers. You can define things like whether they are allowed to print it, or even set the content to expire after a certain date. This is not a new thing, but it’s always been something out of reach and very expensive, and now I see that it exists right there in my (Office 365 Enterprise E3) tenant!!!!
I tried it out today, and wanted to share with you the steps I went through to turn it on. You need to be an Office 365 admin to be able to do this.
- In Office 365, at the top right, click the Gear or the Admin button and go to Office 365 Admin.
Expand Service Settings on the left, and click Rights Management.
8/2/2016 Update: Expand Settings on the left, click Services and add-ins, and then click Microsoft Azure Rights Management.
- Click Manage Microsoft Azure Rights Management settings.
- On the left it will say Rights Management is not activated. Click the Activate button. Do you want to activate Rights Management, click Activate.
- Back at your Office 365 admin center, expand the Admin section on the left, and choose SharePoint.
- In your SharePoint admin center, click Settings on the left.
- Scroll down to the Information Rights Management section, and choose Use the IRM service specified in your configuration. Click Refresh IRM Settings. Scroll down and click OK. This won’t work if you haven’t done all the previous steps. I know, because this is the part that I tried first.
- Now go to the library in SharePoint that you would like to protect with Information Rights Management. (note that this is something completely different than an information management policy). Go to the Library Settings page.
- Click Information Rights Management.
- Check the box to restrict permissions on this library on download. Give it a name and description.
- Click the Show Options link in gray. THIS IS AWESOME. This stuff only applies to the file when people open it in the client software, and has nothing to do with what can be done with the file if they’re looking at it in the browser.
- You can read all about these additional settings here: Apply Information Rights Management to a list or library. Notice that under the Configure document access rights, I left a bunch of boxes unchecked. This only applies to people who only have SharePoint permissions to read or view these files. I don’t want them to be able to print it, and I don’t even want them to be able to type in it at all. Click OK.
- I logged in as a user who only has read permissions to this library. Notice that when I click the File menu, the options such as Save, Save As, and Print are grayed out:
Also, when I try to type in the file, simply nothing happens. This is so cool, people as for this type of thing ALL the time! Oh, and by the way, when using IRM, apparently there is no more option to edit the file in the browser using Office Web Apps.
Here are some reference links:
Using Azure Rights Management: http://technet.microsoft.com/library/en-us/jj585006
Office 365 trust center: http://trust.office365.com/
Wonderful. Thanks for sharing.
Great Presentation. I’m finding stuff like this on your blog a great resource as an IT admin who’s just started down the sharepoint road.
One thing that is really cool about IRM. Try copying and pasting! it doesn’t work. Try screen print. Try using Windows Snipping tool! It even doesn’t work if you forward the document via email.
The only way we could find to copy the data was taking a picture on our mobile Phone.
There are SO many neat things about IRM, I’m so glad it’s in O365!
Is it possible to achieve something like allowing user to download only when we have user logged in from a specific environment. I know it sounds absurd but is it possible?
I have a requirement where a user shares few design files with other user which are in some format, it is fine if the sharing happens in office environment but the problem is if he logs in from his home system and tries to access the files, ideally he should not be able to do so but how to prevent it as Office 365 is accessible from anywhere.
Just thought IRM could be answer to get around this issue.
I’m not sure, but they are adding to Office 365 and improving it constantly, so something like that may exist now.
Pingback: Power Hour Schedule | @WonderLaura