SharePoint’s Information Rights Management

Posted by

Although Microsoft Ignite is upon us, I want to share with you more information on SharePoint’s Information Rights Management.
Yes, Microsoft Ignite has started! It’s the 24th of September 2018 and I’m writing this from The Hague (The Netherlands) 🙂 But like a lot of people, I’m very curious about any new and improved information protection features Microsoft has in store for us. Ok, being an MVP has its perks…. I know there are going to be a lot of new announcements on this 🙂

But having said this, I just want to remind you about a hidden gem in SharePoint Online: Information Rights Management. Why now, as Microsoft’s has announced (some time ago), the availability of consistent labeling?

Well, for one, SharePoint’s IRM is still going strong. Second, it’s quite powerful and third: you can use it right now – no need for a preview 🙂 And like I said, please regard this as a reminder.

What is IRM?

SharePoint Online IRM is a functionality which enables you to add more protection to information stored in SharePoint. Just to be sure, this is nothing new. IRM’s been around for a very long time and was already available in the on-premise versions of SharePoint Server.

The IRM options become available to the administrators of your sites/libraries when your tenant has been enabled for Rights Management.

IRM settings tenant

Using IRM you can set restrictions on the documents in a library. These restrictions are added to the document when downloaded. This is different from Azure Information Protection where these restrictions/protections remain with the document.


IRM settings document library

These restrictions range from allowing users to print the document, disallowing the use of the browser and restricting uploading unprotected documents. More on that later.

File formats

You do need to know that you can use IRM with some specific types of documents. These types are supported:

  • PDF – you will need a specific client to open a protected PDF;
  • Word, Excel, and PowerPoint (both 97-2003 file formats and the Open XML format) – you will need Microsoft Office for these;
  • The XML Paper Specification (XPS) format.

Some examples

How does this protecting work? Let’s look at the options I selected. I don’t want documents to be opened in the browser, won’t allow any printing of modifications and I want to let the access to document expire.

These settings were added to a very small library. This library contains a Word and PDF document.

Document library

First, let’s try to open the document in the browser. The Word document is not displayed. Instead, I’m prompted to open the Word application. The PDF document seems to be opened. But this is not the case. Any protected PDF, which cannot directly be opened, shows a notification that the PDF is (indeed) protected.

open in browser 1
Open in browser – Word

open in browser 2

When opening the document in Office, the document will be decrypted. Provided that I’m using the same credentials for SharePoint and Office. The PDF document acts somewhat different. As this PDF is protected, I will need a compatible PDF reader. Adobe’s Acrobat is not sufficient.


And here’s a nice touch. Because Azure Information Protection and Office 365 become more intertwined, you can now open these protected PDF’s using the Azure Information Protection Viewer app.

AIP viewer

But there’s still limited integration

One running gag amongst my collegues is to “wait for Ignite”. And this is true. I expect a lot of news from Ignite on the integration between Office 365 and Azure Information Protection. At the moment of writing this, the integration is still limited to the use of Azure AD RMS and the Office 365 message encryption functions.

But there are still differences. One example, try uploading a document which is protected by Azure Information Protection to an IRM library. A library which does not allow documents that do not have IRM protection. You’ll be presented with this message.


Bottom line

In this article I’ve gone back to a proven part of SharePoint: IRM. My main reason for this was to remind you that this function is still here, it works and protects your sensitive information. It’s very different from Azure Information Protection (which I would recommend). But give it a try. And when news from Ignite becomes available, I’ll try to post this as-well.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s