Packt+ | Advance your knowledge in tech

You're reading from Microsoft SharePoint Server 2019 and SharePoint Hybrid Administration Deploy, configure, and manage SharePoint on-premises and hybrid scenarios

Product type Paperback

Published in Oct 2020

Publisher Packt

ISBN-13 9781800563735

Length 536 pages

Edition 1st Edition

Tools

SharePoint Framework

Concepts

System Administration

Author (1):

Aaron Guilmette

View More author details

Planning for IRM

IRM is the set of policies and protections used to govern the actions that users can take on documents stored in SharePoint. IRM relies on some form of Rights Management Services. SharePoint Server, depending on the version, supports the use of Active Directory Rights Management Services (all on-premises versions) or the corresponding cloud version, Azure Rights Management (through the use of the Rights Management Services connector for SharePoint Server 2010, SharePoint Server 2013, and SharePoint Server 2016) to protect assets. Additionally, Azure Information Protection is a rights management-based protection that can be applied at the individual file level (whether a file is in a SharePoint library or not), making it an ideal method for protecting data across an enterprise.

Determining which solution is best for your organization depends on both your current infrastructure and knowing what the technology roadmap for your organization entails. Most organizations will leverage more cloud services over the course of time, so it is best to understand what direction your particular organization will take.

While it is important to understand that both the Active Directory Rights Management and Azure Rights Management platforms are supported by SharePoint Server 2016, this book will focus on utilizing Azure Rights Management and Azure Information Protection. Both Azure Rights Management and Azure Information Protection are available cross-premises.

All of the rights management protection schemes allow document owners (or document library owners) to protect supported documents—typically, this includes Microsoft Office formats as well as the XML Paper Specification (XPS). The information protection technology that is deployed determines what file formats and types can be protected. For example, native SharePoint Server 2016 or 2019 IRM only supports Office file formats and XPS, while Azure Rights Management supports many additional common document formats. For more information on the exact file formats supported, see https://docs.microsoft.com/en-us/azure/information-protection/rms-client/client-admin-guide-file-types.

Depending on the product that is implemented (Active Directory Rights Management, Azure Rights Management, or Azure Information Protection) and the location (document library, document, or email), some or all of the features, permissions, or usage rights may be able to be applied:

Edit: Allows a user to modify the content stored in a document's associated application. It does not natively grant the ability to save the document.
Save: Allows the user to save the document to the current location. Depending on the application, users may also be able to save the document to a new location.
Comment: Enables the option to add comments or annotations.
Save As or Export: Allows the user to save the content to a different filename or export content. This also supports exporting content to different applications (such as Send to OneNote).
Forward: Enables the user to forward an email to additional users and modify the To or Cc lines. Note that this only applies to an actual email message and has no bearing on the rights present in any attached document.
Full Control: Enables all rights to a document, including the ability to add or remove protections and restrictions.
Print: Enables the option to print content.
Reply: Enables the ability for users to reply to the sender of a rights-protected email.
Reply All: Enables the ability for users to reply to all To or Cc recipients in a rights-protected email.
View, Open or Read: Allows the user to open a document or email and see the content. This does not allow users to change the contents of a document (for example, sorting or filtering a column in Excel). Clicking on the content in a protected document frequently requires some form of the Edit permission.
Copy: Allows the ability to copy the content or perform screen captures.
View Rights: Enables a user to view the rights assigned to a document.
Change Rights: Enables a user to change the rights policy applied to a document, including the ability to remove all protection from a document.
Allow Macros: Enables a user to run a macro or enable other programmatic access in a protected document.

With that being said, when planning for IRM, you'll need to understand the SharePoint environment, what software clients or applications will be used, where the rights need to be applied, and which supported technologies are available.