Configuring and using IRM with Office 365 and SharePoint Online
Posted
Thursday, March 28, 2013 4:34 PM
by
CoreyRoth
I’ve always founds IRM quite fascinating and the nice thing about Office 365 is that it is really easy to configure and use. There are a few steps involved, but I managed to figure them out without having to go read a heap of documentation. I thought I would share my experience here today so you know what’s possible. This assumes you are on a new Office 365 tenant or one that has been upgraded already (not that any of mine have been. :) ). I know this is only available in certain plans and I need to double-check which ones, but I haven’t had a chance yet. If you set up a trial from MicrosoftOfficeDemos.com, you can definitely try it with that account.
To configure IRM, it requires you turn it on in two places: in the Office 365 Portal and in SharePoint Online tenant administration. Let’s start by going to the Office 365 Portal. You can get there by clicking on Admin –> Office 365 at the top. Then click on Service Settings –> Rights Management. Rights Management is disabled by default, so you need to activate it.
On this screen simply click Manage and you will be taken to the Windows Azure Directory Rights Management site (notice the URL changes). From here, you can start the activation process.
Click the Activate button and you’ll be taken to a screen to confirm.
Click the Activate button again and the process gets started.
Now, you need to go your SharePoint tenant administration to activate it there. Click on Admin –> SharePoint and then Settings. In the middle of the page, look for the Information Rights Management (IRM) section and check Use the IRM service specified in your configuration. Then click Refresh IRM Settings. Now, it takes a few minutes for your activation to take effect in the Office 365 Portal so if you click on this too early, you are likely to see the following error.
Error: RMS Online is configured for this tenant but is turned off, please turn on in Office 365 to enable.
Keep trying and after a few minutes, it should activate. Be sure and click Save when you are done.
At this point, you can actually try things out inside office. I’m working off of the demo sites that I mentioned earlier. Now, one thing to point out is that Office uses whatever account you are signed in with to determine which Rights Management Server to connect to. Therefore, if you are using a test Office 365 account, you need to actually, log into Office with that account. Simply click on your name in the top right and click Switch Account. If you don’t do this, it may time out or try to connect to another RMS server like the one at your company.
To try things out, open up a document on your SharePoint server, click File and then click Protect Document and then Restrict Access. The first time you choose this, there is an option to connect to rights management services. Once it connects, you’ll see options on protecting the document. We’re going to go with Restricted Access.
On the next screen, you will be prompted to assign who can view the document or edit the document. In my example, I am going to grant read permission to Sara Davis. I simply typed in her full Office 365 Id. This means she will be able to open the document and view it, but cannot save or print it.
If you click on More Options, you’ll get a window where you can set even more granular permissions such as expiring the document, allowing printing, as well as an E-mail address that gets used to request additional permissions.
Once we are finished, save the document back to SharePoint. Now, when Sara opens the document, she is going to get a different experience. To test using the document with Sara, I have to sign in to SharePoint with her account. I also have to open Office and sign out with Garth and sign in with Sara’s account. Here’s what it looks like.
Office informs me that access is restricted and if I click View Permission, it will show me what I am allowed to do. Notice I can only view the document. If I try to access the document with a user who does not have access granted through IRM, Office tells me I can’t open the document like this.
When a document is protected with IRM, Office Web Apps will be unable to show a preview of the document’s contents. Here’s what it looks like when that happens.
I really like how easy it is to get started with IRM in Office 365. If you have an interest in this feature, check it out today. It’s definitely much easier to get started with it here than it is on-premises.