in

Dot Net Mafia

Group site for developer blogs dealing with (usually) .NET, SharePoint 2013, SharePoint 2010, Office 365, SharePoint Online, and other Microsoft products, as well as some discussion of general programming related concepts.

This Blog

Syndication

Archives

Corey Roth [MVP]

A SharePoint MVP bringing you the latest time saving tips for SharePoint 2013, Office 365 / SharePoint Online and Visual Studio 2013.

Configuring Information Rights Management (IRM) on a document library in Office 365

Last year, I wrote a post on how to get started using Information Rights Management in Office 365.  That post covered what you need to get started as well as how to enable IRM at an individual file level.  This post is a follow-up to that one and covers how to configure IRM on a document library.

If you haven’t enabled Rights Management in your Office 365 subscription, you’ll need to do that first.  My previous post can walk you through the steps.  You’ll find Rights Management under Service Settings now on the administration site.  Once IRM is configured on you subscription, go to the document library and view the Library Settings.  From there, click the Information Rights Management link.  When you configure IRM for the first time on a library, it will prompt you for a policy name and description.  This message here will be visible to users when viewing the document.

IRMDocumentLibraryConfigureDefault

Click the SHOW OPTIONS link to view the settings we can configure on the document library.

IRMDocumentLibraryAdvancedSettings

You have quite a bit of flexibility to configure what users can do to your files from here.  However, you don’t quite have the level of granularity on permissions that you do when configuring Rights Management from within Office.  In the first section, you can prevent users from allowing documents that don’t support IRM.  For example, if you upload an XML file (at least I am pretty sure you can’t do IRM on that), the file upload will be blocked. 

You can also turn IRM after a period of time.  This setting is good if you know that the documents are only sensitive for a period of time.  For example, maybe an acquisition is occurring on a certain date and then the documents are no longer sensitive.

You can also prevent users from viewing the documents in the browser.  You may have various reasons for why you would want to do this.  It’s not enabled by default, but you can turn it on.  When you do have it enabled, the Document Preview panel will not show in the document library and clicking on the document opens it directly in Office.

IRMDocumentLibraryOWADisabled

If you do allow your users to view documents in the browser, they will get an error message when using the document preview functionality.  However, they can still view the document in the browser using Office Online (formerly Office Web Apps) when clicking on the OPEN link.

IRMDocumentLibraryPreviewDenied

In the Configure document access rights section you can prevent users from printing the document.  This simply disables the print dialog inside Office.  Users could still find ways to get around this if they tried hard enough.  Remember that the settings in this section affect viewers and not users with full control permissions.

You can also set how long the user’s rights are valid before they expire on the document.  This setting is important.  If a user downloads the document and copies it to a flash drive, he or she will be prompted once to get rights to the document.  Now, if the user left the company but still had the file they won’t be able to open it once the rights expire.  You just need to pick the number of days before the license expires.  The higher the value, the less often the user has to login to get rights again.  However, if the value is too small, you may annoy the user by prompting them more often to get rights.

In the set group protection and credentials settings, you can specify how often users must verify their credentials.  You can also specify a security group where users are allowed to share the documents with other members of the group.  This is completely different from the security settings on the document library.  For example, a user might not have access to the document library, but they received a file from it on a flash drive.  If the user is in the security group you specify here, he or she will be able to open the file.

Once you have configured, IRM on your document library you can test it.  Clicking on the document will show it in Office Online.  The message you configured for the policy at the top.

IRMDocumentLibraryOfficeOnlineWithMessage

When you click on OPEN IN WORD, we’ll see the document with additional settings in the tool tip.  Since I have full control of the document library, I have permissions to edit the rights management policy from within Word using the Change Settings button.

IRMDocumentLibraryWordMessage

To really verify functionality, we will want to login with another user account.  In my example, I logged in with a user that has Viewer permissions.

IRMDocumentLibraryWordMessageViewOnly

Clicking View Permissions, I can see what permissions the user has exactly.  It also tells you when your permissions expire.

IRMDocumentLibraryWordPermissionsView

When you look at the back stage in Office, you’ll see that many of the links are disabled such as Print

IRMDocumentLibraryBackStagePermissionsDenied

If your expiration date is getting near, you’ll see a message inside Office notifying you.

IRMDocumentLibraryExpiration

The settings for Information Rights Management have matured quite a bit since SharePoint 2010.  You have a lot more control of what you can specify as defaults in your document library.

IRMDocumentLibrary2010Mode

Information Rights Management is a great feature in Office 365 and easy to set up.  I find it is still highly under utilized by most organizations.

Comments

 

Configuring Information Rights Management (IRM) on a document library in Office 365 | Marcel's SharePoint / Office365 / Mobile blog said:

Pingback from  Configuring Information Rights Management (IRM) on a document library in Office 365 | Marcel's SharePoint / Office365 / Mobile blog

February 28, 2015 7:18 AM
 

Vamsi said:

What is meant by viewers? is that viewers group or permission level?

is this applicable to Read permission?

October 13, 2015 11:17 AM

Leave a Comment

(required)  
(optional)
(required)  
Add

About CoreyRoth

Corey Roth is an independent SharePoint consultant specializing in ECM, Apps, and Search.
2015 dotnetmafia.
Powered by Community Server (Non-Commercial Edition), by Telligent Systems