Home > Work > #O365 #SharePoint Online–Information Rights Management #IRM–what works, what doesn’t in a business context-Part 1

#O365 #SharePoint Online–Information Rights Management #IRM–what works, what doesn’t in a business context-Part 1

I know I said I would get to the new features of Document Management in SharePoint 2016, and the plan is still do to that… but at work I have come across the need to use IRM for one of my internal customers.  So without further ado…

The Scenario

Migrating a site with Restricted Confidential data from On-Premise to SharePoint Online.  Everything within the network is nice and secure requiring two factor authentication to connect to the VPN from a domain connected laptop.  It is nice and secure!  Couple that with strict password and domain communication policies, security within the network seems good.

Of course, now as a company we want to take advantage of the great savings offered by Office 365.  Office 365 doesn’t require a VPN to connect any more and suddenly the need for information rights management feels way more important than ever.

Multi Factor Authentication

So combat some of this, we can require multi-factor authentication to connect to the Office 365 tenant.  If you do this properly, then you will have a nice, unhindered experience within your corporate network and a multi-factor authentication login from outside your network.  (Please note you will need Microsoft Office 2013 as a client for outside your network).

This is all well and good but that doesn’t stop you logging into your personal PC and downloading the file using your corporate account.  That is where IRM comes in…

Information Rights Management (IRM)


As a brief overview, IRM essentially controls what a user can do in a client application regarding a document based on who they are logged in as and the group they belong to.

For Example:

Corporate Network

You have a protected Word document and you are authenticated inside your corporate network.  You have permissions to View, Print, Edit the file etc…


You have a protected Word document and you open the file on your personal computer.  You cannot View, Print or Edit the file regardless of how you received the file (link to a SharePoint site, an Email Attachment or perhaps via a USB drive).

Personal Computer

So ideally what we are looking for is this:


And just so we know what I mean by the Red, Amber, Green symbols above…



Guest Devices

Of course in this very modern bring your own device to work world, guest devices means a lot of different platforms and form factors.

  • iPhone
  • iPad
  • Android
  • Windows Phone
  • Windows RT (Maybe…)
  • Windows
  • Mac OSX
  • + others no doubt (blackberry for example…)
  • Thankfully, thanks to Microsoft view on being portable in this world is not tied to device, they have for the most part covered all devices with their Microsoft Office suite which fully covers IRM protection standards across the above listed platforms.

      However, in this changing world, there are always some caveats…  this series of articles will begin to discuss…

    Stay tuned for the next article when we talk about:

  • SharePoint specifics such as setup, file type support, unsupported file types…
  • What you can do about unsupported file types etc.

Useful links for learning…


Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: