Information Rights Management (IRM) in SharePoint protects sensitive documents by restricting access, editing, printing, and sharing. It helps organizations secure confidential data within document libraries and lists.
This guide explains:
✔ What IRM is and why it’s important
✔ How to enable IRM in SharePoint
✔ How to configure IRM for document libraries
✔ Best practices for using IRM
1. What is Information Rights Management (IRM) in SharePoint?
IRM is a security feature that allows organizations to:
🔹 Prevent unauthorized users from copying, printing, or forwarding documents
🔹 Enforce document access policies
🔹 Secure files even after they are downloaded
Example: A company shares financial reports with employees but restricts printing or forwarding to prevent data leaks.
2. How IRM Works in SharePoint
IRM is applied at the document library level, meaning all files within an IRM-enabled library follow the same protection rules.
🔹 When a document is downloaded from an IRM-protected library:
✔ It is encrypted
✔ It retains protection even if moved to another location
✔ It follows restrictions set by the SharePoint administrator
IRM uses Microsoft Azure Rights Management (Azure RMS) for encryption.
3. Enabling IRM in SharePoint Online
Prerequisite: IRM in SharePoint Online requires Microsoft Purview Information Protection (formerly Azure Information Protection – AIP).
A. Activate IRM in Microsoft Purview
1️⃣ Sign in to Microsoft Purview Compliance Center (https://compliance.microsoft.com)
2️⃣ Go to Information Protection ➝ Labels
3️⃣ Create a new sensitivity label
4️⃣ Configure permissions (e.g., Restrict printing, Disable editing)
5️⃣ Publish the label to SharePoint and OneDrive
B. Enable IRM in SharePoint Admin Center
1️⃣ Sign in to SharePoint Admin Center (https://admin.microsoft.com)
2️⃣ Navigate to Settings ➝ Classic Settings Page
3️⃣ Under Information Rights Management (IRM), select Use the IRM service specified in Microsoft 365
4️⃣ Click OK
4. Configuring IRM for a SharePoint Document Library
Once IRM is enabled at the SharePoint Admin Center, you can apply it to individual libraries.
1️⃣ Navigate to the SharePoint site where the library is located
2️⃣ Open the document library
3️⃣ Click on Library Settings
4️⃣ Under Permissions and Management, select Information Rights Management
5️⃣ Check Restrict permissions on this library
6️⃣ Choose restrictions such as:
✔ Prevent users from printing documents
✔ Restrict copying and editing
✔ Set an expiration date for document access
7️⃣ Click Save
Now, any document uploaded to this library inherits IRM protection.
5. Managing IRM-Protected Documents
🔹 When a user downloads a document from an IRM-protected library:
✔ The file is encrypted
✔ The user must authenticate to access it
✔ Restrictions (print, copy, edit) apply even outside SharePoint
IRM does not apply to:
❌ Lists (only document libraries)
❌ Folders (only files within folders)
❌ External sharing (guest users may not access protected documents)
6. Best Practices for Using IRM in SharePoint
✔ Apply IRM only to highly sensitive libraries (avoid overuse to prevent workflow disruptions)
✔ Use different sensitivity labels for different document types
✔ Educate employees about IRM and its restrictions
✔ Combine IRM with Data Loss Prevention (DLP) for enhanced security
✔ Review and update IRM policies regularly
7. Limitations of IRM in SharePoint
❌ IRM does not support all file types (only Office documents, PDFs, and some image files)
❌ IRM-protected files cannot be co-authored in real time
❌ IRM does not work with external users unless they have Azure AD authentication
❌ Files cannot be indexed by search when IRM is applied