How to protect your data with Information Rights Management in Office 365

In the past few months we’ve put together a few Data Rooms for our clients – virtual places where internal and external parties can be invited to view confidential, or commercially sensitive data. One of the features of Office 365 that’s allowed us to protect these files is Information Rights Management.

Information Rights Management is a feature that is only available on the Enterprise Office 365 Plans. It allows you control the security of your data, and prevent users from printing, marking up your documents or even accessing them after a specified period of time. When used in conjunction with the existing security features of SharePoint Online or OneDrive for Business, Information Rights Management can be used to lock down your important and sensitive data quite comprehensively.

In order to get this set up, you must be using an Office 365 Enterprise plan, like Office 365 E1, Office 365 E3, Office 365 E4 or Office 365 E5.

Office 365 Small Business, Small Business Premium, Midsize Business, Business Essentials, Business or Business Premium miss out on the extra security measures available in Information Rights Management.

Information Rights Management is not enabled by default, it needs to be manually configured. Here’s how it’s done.

1. Log into Office 365 as an administrator at https://portal.office.com.
2. If you’re not already taken to the Office 365 Admin center, click the App Launcher on the top left, then click the Admin tile.
3. Under Service Settings, click Rights Management.
4. Click Manage, under Protect your information.
5. Click Activate, to activate Rights Management for your organisation
6. Click Activate again.
7. Wait for Rights Management to activate.
8. Navigate to the SharePoint Admin Center, by clicking SharePoint under Admin, on the left menu.
9. Click Settings in the SharePoint admin center.
10. Click Use the IRM service specified in your configuration, then Refresh your settings.
11. Wait for the settings to be applied.
12. Navigate to the SharePoint Document Library that you want to apply Information Rights Management to, then click the Library tab at top, followed by Library Settings.
13. Under Permissions and Management, choose Information Rights Management.
14. Tick the box to restrict permissions on this library on download. Then, give your Permission Policy a name and a description that you’d like to appear for the users. Choose the settings of the policy for this document library.
15. Any Office documents uploaded to this document library will have the IRM policy added when they are opened or downloaded. If you would prefer that users cannot download documents, and can only view them in the browser, give them View Only permission in SharePoint Online.

A note about Information Rights Management and PDF files

In our experience, Information Rights Management works best when working with Office documents, because they can be securely opened in the browser and don’t have to be downloaded to the computer. PDF documents can also have IRM policies applied to them, though since there is no way to open these in the browser, they must be downloaded and opened with a PDF reader that supports IRM. There are a couple of options for this, though the experience may not be ideal for the user who is accessing the data, since they may have to install a supported PDF reader.

For the best user experience, you may decide to secure PDF files using the dedicated PDF security features. You can still store these PDFs on SharePoint Online on OneDrive, though it is best to keep these in a separate document library without IRM applied.

Alternatively, you can convert your PDF documents to Word Documents, for consistent IRM policies and security for all of your files.