Home > Work > #O365 #SharePoint Online–Information Rights Management #IRM–what works, what doesn’t in a business context-Part 2

#O365 #SharePoint Online–Information Rights Management #IRM–what works, what doesn’t in a business context-Part 2

This article is part of a series:

Part 1: https://spandps.com/2015/09/21/o365-sharepoint-onlineinformation-rights-management-irmwhat-works-what-doesnt-in-a-business-context-part-1/

In the first article of this series we discussed what IRM was, some scenarios and high level device supportability.

Let’s dig a bit deeper with what works in SharePoint Online:

Setup within SharePoint Online.

So I could talk about the Tenant Administration side of things but honestly, its not difficult, and these articles are more business focused.  If you are interested, take a look here:

https://support.office.com/en-us/article/Set-up-Information-Rights-Management-IRM-in-SharePoint-admin-center-239ce6eb-4e81-42db-bf86-a01362fed65c

Assuming you have Information Rights Management (IRM) turned on in your Office 365 tenant, you will have the following options in the settings of your lists and libraries:

image

Do not get confused with Information Management policy settings at the bottom, this is entirely different involving audit trails, bar coding etc.

Once you click, you get a screen as follows (pre-filled in for my example in this blog series)

image

Most of these are fairly self explanatory, but allow me to get into specifics on some of these items:

Set additional IRM library settings > Do not allow users to upload documents that do not support IRM

Seems, kind of vague and initial Google (Bing…) searches did not help me, after some digging however, we find something… only certain file types are supported within SharePoint:

  • PDF
  • The 97-2003 file formats for the following Microsoft Office programs: Word, Excel, and PowerPoint
  • The Office Open XML formats for the following Microsoft Office programs: Word, Excel, and PowerPoint
  • The XML Paper Specification (XPS) format

And in my further research, for Word, Excel and PowerPoint, your standard office suite has been supporting this capability since Microsoft Office 2003 on Windows and since Office for Mac 2011 on OSX.

But what about Multi-factor Authentication I hear you cry out…

Well that was supported in Office 2013 in an update around November 2014 (last year): https://blogs.office.com/2014/11/12/office-2013-updated-authentication-enabling-multi-factor-authentication-saml-identity-providers/

The end result of this is fairly painless to the user.  They upload unprotected files (that are supported).  SharePoint protects the files and when you open them from SharePoint, you get this:

image

Word opens the file, checks the RMS server for the permissions against the user opening the file and if you have the rights, you can see the document.

If you don’t have the rights, you get this:

image

Further Gotcha’s / Things we need to know: PDF Support

Essentially what we are seeing here is that we need to have a level of support for IRM in both the server (to set the policy) and on the client (to enforce the policy)

As stated above, Microsoft Office has been supporting this in some form since 2003 for Windows and 2001 for the Mac.

On the Adobe Reader side of things, it is a little different.

Adobe Reader does not support IRM protected PDF’s unfortunately and when you try you get this response:

image

So for the well initiated or hacker minded, I know what you are thinking… Microsoft Word can open PDF’s… what happens then:

Well they thought of everything:

image

Thankfully you can use some alternative PDF Readers.  Here is the run down on supportability:

image

Foxit Reader (Free) does display the PDF but with a suggestion that you should buy the RMS plugin:

image

I can confirm that you can view the whole document with the free product with the IRM restrictions in place.  However the watermark shown above appears on every page.

Lastly, just to confirm the security Foxit supports for IRM PDF files:

image

Further Gotcha’s / Things we need to know: Other / Unsupported File Types

If you attempt to upload a file that is unsupported, you get the following message from SharePoint.

image

File Type Conclusions

So bottom line is, if you need to protect Word, Excel & PowerPoint files than this solution provides a way to protect content without much trouble to the end user.

If you want to use PDF files as well then you will need to use Fixit or NitroPDF on Windows and unfortunately for OSX, it won’t be supported.

Lastly, all examples so far shown are using a standard custom list with attachments.  The functionality in a document library is the same in 99% of cases.

The Next Post

As I look further and further into this topic, more and more questions are unraveling.  In the next post(s), I shall be exploring:

  • What happens when we use Windows Explorer view with a document library?
  • How does the Microsoft RMS plugin help us for unsupported file types?

I am sure there will be more questions as I look further, but as this is a pressing concern for my company, you will see more posts soon.  Till the next time…

Useful Links:

Microsoft Office Compatibility (older information): https://technet.microsoft.com/en-us/library/dd772650(v=ws.10).aspx

Microsoft Office 2007 IRM support: https://support.office.com/en-ca/article/Information-Rights-Management-in-the-2007-Microsoft-Office-system-afd5c5a9-e6fb-4ce7-b24c-eadcc9ee3fe8

Microsoft Office 2003 IRM support: https://support.office.com/en-au/article/Information-Rights-Management-in-Microsoft-Office-2003-495d2755-3c0d-44fb-9fcd-451c1c0e8c9e

Microsoft Office 2013 MFA Support: https://blogs.office.com/2014/11/12/office-2013-updated-authentication-enabling-multi-factor-authentication-saml-identity-providers/

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: