Information Rights Management in Office 365 Documents

Information Rights Management (IRM) provides the world of Office 365 with far more control over the degree of document access and security allowed. For example, one workaround used by users to extract data from a confidential, view only document, is to open the document in read mode and then use the print screen option to save a copy of the data. This workaround can be prevented when IRM is enabled in Office 365 content and can:

  • Prevent an authorised recipient from forwarding, copying, modifying, printing, faxing, or pasting the content for unauthorised use.
  • Prevent content from being copied by using Print Screen.
  • Prevent and restrict content access, wherever it is copied or emailed to.
  • Prevent content in documents, workbooks or presentations from being viewed after a set period of time.
  • Enforce corporate compliance policies that govern the use and dissemination of confidential or proprietary information.

Microsoft has two methods to enable IRM within the Office 365 productivity suite (Word, Excel and PowerPoint). The first is to install the IRM services on a Windows 2003 or 2008 server, which enables integration within a corporate Windows domain. This integration allows a content author to select which users and groups from Active Directory have access to their content. The second method is to use a Windows Live ID. This enables companies without an Active Directory environment to restrict user access based on a user's email address. Once the IRM services or the Windows Live ID certificate has been installed, the steps to dictate the IRM permissions for each user is the same for Word, Excel and PowerPoint 2010:

  1. Click on File:Info:Protect Document/Spreadsheet/Presentation.
  2. Select Restrict Permission by People.
  3. Select Restricted Access.

When Restricted Access is selected, the Permission dialog box will appear. There are three permission levels that can be set: Read, Change and Full Control. Full Control is available when the More Options button is selected.

Permission levels

Each permission level works as follows:

  • Read

Users with Read permission can read a document, workbook or presentation, but cannot edit, print or copy it.

  • Change

Users with Change permission can read, edit and save changes to a document, workbook or presentation, but cannot print it.

  • Full Control

Users with Full Control permission can do anything with the document, workbook or presentation that an author can. For example, any user with Full Control can set expiration dates for content, prevent printing, and give permissions to users.

Clicking on the More Options button will enable the content author to give another user the Full Control permission and other types of content access.

The more options dialog box has several options that enables users to:

  • - Set the access level to Full Control.
  • - Set the date that content access will expire for each user. Once this date is reached, users will no longer be able to access the content. The document, workbook or presentation can be opened only by the author or by users with Full Control permission to the content.
  • - Print the content.
  • - Copy the content.
  • - Provide an email address for users to send permission access requests. When this email is set, if any document, workbook or presentation with restricted permission is forwarded to an unauthorised person, a message will appear with the author's e-mail address. The unauthorised person can then request permission for the content. If the author chooses not to include an e-mail address, unauthorized users will get an error message when trying to open the content.

Once you have set the appropriate access, click on OK twice to apply your information rights setting. Now when the document, spreadsheet or presentation is accessed, a Message Bar will appear to let users know that the content is rights-managed. Only the author or users with Full Control will be able to change the permissions.

The Office 365 Information Rights Management implementation is a useful component for providing additional protection to content created in Word, Excel and PowerPoint. However, it cannot prevent:

  • Content from being erased, stolen or captured and transmitted by malicious programs such as Trojan horses, keystroke loggers and certain types of spyware.
  • Content from being lost or corrupted by computer viruses.
  • Content from being hand-copied or re-typed from a display.
  • Content displayed on a screen from being photographed.
  • Content from being copied by third-party screen-capture programs.