SharePoint Pals
 | Sign In
Basics of Information Rights Management (IRM) in Office365
by Senthil Kumaresan 1 Jun 2015
SharePoint Architect
Today  :   10     Total  :    13392

Information Rights Management (IRM) enables you to limit the actions that users can take on files that have been downloaded from lists or libraries. IRM encrypts the downloaded files and limits the set of users and programs that are allowed to decrypt these files. IRM can also limit the rights of the users who are allowed to read files, so that they cannot take actions such as print copies of the files or copy text from them etc.

How and where would does a user protect information/documents in Office365?

  1. There are 2 ways to protect a document.
    1. Using Basic Rights Management features that can be activated in an O365 Admin Center for tenant’s List/Library. When activated this enables site owners to create Basic version of Information Rights Management Policies from the Lists/Library settings Page for the List/Library. Once Policy is created, user can upload and protect documents in a SharePoint List/Library.
    2. Using Advanced Rights Management features that needs an Azure Rights Management Services to be configured for the tenant. Once configured advanced Rights policy templates can be created for a user/group. The policy templates will then be propagated to user desktop’s and office client applications via your Active directory which will be synced with Azure Rights Management Server. From your desktop or office client application, you will then have the option to protect documents for a specific user/group using Rights Policy Template that will be available.
  2. Below are the user actions that can be used to protect Rights of the document created:
    1. Set Read-Only
    2. Disable copying of text
    3. Preventing from Saving a local Copy
    4. Preventing to print a file
  3. Supported File Types
    1. PDF
    2. The 97-2003 file formats for the following Microsoft Office programs: Word, Excel, and PowerPoint
    3. The Office Open XML formats for the following Microsoft Office programs: Word, Excel, and PowerPoint
    4. The XML Paper Specification (XPS) format.

How RMS can help protect your content

  1. Helps to prevent an authorized viewer from copying, modifying, printing, faxing, or copying and pasting the content for unauthorized use
  2. Helps to prevent an authorized viewer from copying the content by using the Print Screen feature in Microsoft Windows
  3. Helps to prevent an unauthorized viewer from viewing the content if it is sent in e-mail after it is downloaded from the server
  4. Restricts access to content to a specified period of time, after which users must confirm their credentials and download the content again

How RMS cannot help protect content

  1. Erasure, theft, capture, or transmission by malicious programs such as Trojan horses, keystroke loggers, and certain types of spyware
  2. Loss or corruption because of the actions of computer viruses.
  3. Digital or film photography of content that is displayed on a screen
  4. Copying through the use of third-party screen-capture programs

Protect documents uploaded to SharePoint Lists/Libraries using Basic Features

  1. IRM Can be enabled on Lists and Libraries
    1. When enabled on Lists it only protects the documents attached to the list Items.
    2. The policy specified on the list/library settings gets applied to all documents uploaded to the list/library
  2. Document Rights Expiration can be set for documents that are downloaded from the libraries.

Protect Documents using Rights Policy Template with Advanced Features

What is Rights Policy Template?

Rights policy template is a set of rules that can be created in a Rights Management Server which will be applied to client desktop machines from the Active Directory.

The template can be created for User/Group that contains a subset of users or the entire organization.

For Office365 you have to use Azure Rights Management Server for Creating and Managing Rights policy templates.

Rights Policy Templates

1. The templates are created by Azure RMS Administrator who has rights to Azure RMS.

2. The templates are then published to end user desktops from Azure RMS. Once the templates are published, it can be also later modified when needed and the templates will be refreshed automatically in user desktops.

3. The Policy templates are then used by document authors to protect their content.

4. By Default the author or Content owner of the document will have full control permissions on the document.

5. There are 2 types of Template that can be applied.


Read or Modify with any or all of the Specific Permissions(View content, Save File, Edit Content, View Assigned Rights)

6. Additional Features include

Content Expiration Setting – This would be set an expiration duration for the content after the template is being applied on the document. You can specify a date or specify a number of days starting from the time that the protection is applied to the file.

Offline Access – This setting is used to allow users to open protected files when they don’t have an Internet connection. If not selected, the protected document will always validate with the Rights Management server to check for content expiration and rights allowed for the user. When offline access is selected for the template, the rights information will be cached in the user machines for offline viewing.

7. The Template is then applied to User or Groups.

Protect documents with Advanced Features using rights policy template created from Azure Rights Management Server in File Explorer of Windows


Protect Email with Advanced Features using rights policy template created from Azure Rights Management Server in the Microsoft Outlook Client


Protect Documents with Advanced Features using rights policy template created from Azure Rights Management Server in Office Client


Governance in IRM

You can build enterprise wide Rights policy templates based on information classification defined in your governance plan

You can build Department wise rights policy templates which allows group of the department to apply the templates for their documents.

Build Site templates with IRM policies setup on Lists/Libraries based on the Information classification defined by your organization.

blog comments powered by Disqus

SharePoint Pals

SharePoint Pals, a community portal for SharePoint developers, Administrators and End Users. Let's join hands and share the point together.
Read this on mobile


Angular Js Training In Chennai
Advanced Angular Js training with real world developer scenarios
Angular Js, Web Api and Ionic for .Net Developers
All in one client side application development for .Net developers
Angular Js For SharePoint Developers
Get ready for the future. Its no more just C#

Get Connected

SharePoint Resources

SharePoint 2013 and 2010 Web Parts
Free Web Parts with Source Code for SharePoint Community

SharePoint 2013 Books and Tutorials
Collection of free SharePoint 2013 books and tutorials (eBooks, pdfs)

Supported By

Contribute your article and be eligible for a one month Free Subscription for Plural Sight. The Author of the most popular New Article (published in the previous month) will be awarded with a Free One month Plural Sight Subscription. Article can be sent to in a word document.

Related Resources

Recent Tweets

Twitter October 23, 22:21
How to Add/Remove User Custom Actions (in Site Actions Menu) Programmatically using CSOM PNP in SharePoint -

Twitter October 21, 21:34
How to Add a JS Link Reference to the Display Form or Any other ASPX Programmatically using CSOM PNP in SharePoint -

Twitter October 20, 13:01
How to Add a JS Link Reference to the NewForm and EditForm Programmatically using CSOM PNP in SharePoint Office 365-

Twitter October 12, 12:15
How to Deploy Provider Hosted Apps (Add-Ins) by App Stapling in SharePoint Office 365 -

Twitter October 11, 13:39
How to Deploy Provider HostedApp programmatically using CSOM in SharePoint Office 365 Activating Developer Feature -

Follow us @SharePointPals
Note: For Customization and Configuration, CheckOutRecent Tweets Documentation