Complete Video Transcript

With Office 365 and Information Rights Management, you can set permissions on your emails or office files to help keep company data secure. I’m going to show you how to apply an Information Rights Management policy to an email in Outlook.

First, open a new message window.

Then, select the File tab from the ribbon, and from the Info pane, select the dropdown labeled Set Permissions.

I’m going to choose the Do Not Forward option. Outlook will tell me what this policy entails, and I can hit the Back arrow to return to my message. Outlook will let me know at the top of my message that my policy has been applied and which permissions it will restrict or allow.

I’m going to send this to myself, so we can see how a message that’s been sent with restrictions looks when it arrives in your inbox. I’m also going to send it to a Gmail account, so we can see how it appears when looked at by a non-Outlook or external user.

Here’s the message I’ve just sent, and this red icon here indicates that this message has been received with restrictions. Since I’m the one who sent this message, I will still be able to forward it, but if you tried to forward a message you received with this policy applied, you would get a popup dialogue box letting you know that this action is not allowed.

IRM can also stop recipients from taking screenshots of your message. I’m going to click on this message from a coworker, which you can see by the icon here, has a restriction applied. I am currently recording my screen, so as soon as the message is in view, my recording turns black, preventing me from capturing any of the content in his message. I am able to record the screen in my own message because I have rights to the content as the message creator, so when I click back on my own message, the recording will return.

It’s worth noting that this only works with the Outlook Client, so if your recipient is using the OWA app or another mail service—like Gmail, they will not have forwarding abilities, but they might still be able to capture the content in the body of your message.

It’s always a good idea to make sure you’re sending confidential information only to a trustworthy source. Even if they’re using the Outlook client, nothing can prevent a recipient from recreating your content manually.

Now I’m going to navigate to the Gmail account where I’ve sent this message, so we can see how this works without the Outlook client. In Gmail, I’ve received a notification about the email with a link to view the message. When I click Read the Message, I have two options.

I can either Sign in with Microsoft or Sign in with a One-Time Passcode. Your recipient can choose Sign in with a One-Time Passcode. They’ll get this page that lets them know to check their inbox for the code. I’m going to go back to the Gmail inbox, copy the code, and enter it here to see the message.

And here is the message I sent. You’ll notice that I am able to reply in this window, but the Forward option is greyed out.

That’s how you apply an Information Rights Management policy to a message in Outlook with Office 365.

Information Rights Management and Microsoft Outlook

With Office 365 and Information Rights Management, you can set permissions on your emails or office files to help keep company data secure. First, it’s worth noting that your organization will need to have set up Information Rights Management, which is a part of Azure Rights Management licensing. Information Rights Management is also included in the Office 365 E3 and Office 365 E5 plans or can be purchased as an add on for other Office 365 plans.

Information Rights Management comes with a few default templates, and your IT admins can add and customize policies to fit their needs. The default templates include Confidential \ All Employees and Highly Confidential \ All Employees. For Office 2016 users, you will also have a predefined Do Not Forward option, which will prevent all recipients from forwarding an email message you apply it to.

Display name of templateUsage rights
Highly Confidential \ All Employees or

<organization name> – Confidential View Only

View, Open, Read; Copy; View Rights; Allow Macros; Print; Forward; Reply; Reply All; Save; Edit Content, Edit
Confidential \ All Employees or

<organization name> – Confidential

 

View, Open, Read; Save As, Export; Copy; View Rights; Change Rights; Allow Macros; Print; Forward; Reply; Reply All; Save; Edit Content, Edit; Full Control

Not sure how strong your security practice is? Contact us today for a Security Assessment to identify potential vulnerabilities in your environment!

Here are the available Information Rights Management Permissions in Office 2016 that your IT admins can use to create a custom policy. You can find this chart and more information here.

Full ControlGives the user every right that is listed in this table, and the right to change permissions that are associated with content. Expiration does not apply to users who have Full Control.
ViewAllows the user to open IRM content. This corresponds to Read Access in the Office 2016 user interface.
EditAllows the user to modify the document’s content. This includes the ability to sort and filter content in Excel.
SaveAllows the user to save a file.
ExtractAllows the user to make a copy of any part of a file and paste that part of the file into the work area of another application.
ExportAllows the user to save content in another file format by using the Save As command. Depending on the application that uses the file format that you select, the content might be saved without protection.
PrintAllows the user to print the contents of a file.
Allow MacrosAllows the user to run macros against the contents of a file, as well as perform programmatic access to content from other applications and link to content across worksheets.
ForwardAllows an email recipient to forward an IRM email message and to add or remove recipients from the To: and Cc: lines. This right does not imply the ability to grant rights to additional users, and even if a user is forwarded the content, if that user is not granted rights by the template then the user will be prevented from opening the content. Not granting this right in a template is not equivalent to using the Do Not Forward option in Outlook, since that option grants rights only to the users specified in the To: and Cc: lines of the email.
ReplyAllows email recipients to reply to an IRM email message.
Reply AllAllows email recipients to reply to all users on the To: and Cc: lines of an IRM email message.
View RightsGives the user permission to view the rights associated with a file. Office ignores this right.

Applying an Information Rights Management Policy to an Email in Outlook:

  1. In your email, click on the File tab from the ribbon.
  2. In the Info pane, choose the dropdown menu for Set Permissions.
  3. Select which policy you would like to apply.
  4. Click the Back arrow to return to your message.
  5. You will now have a message at the top of your window to let you know your selected policy has been applied.
  6. Finish writing your message and click Send.

Here are some things to note about using Information Rights Management Policies with emails.

  • Office 2016 files—including documents, workbooks, and presentations—attached to messages where a policy has been applied will also be restricted.
  • If you send a restricted message to a non-Outlook user, your recipient can log into a Microsoft account to view the message online or can elect to receive a temporary password to view the message online.
  • This also stops users from capturing a screenshot using something like the Windows 10 Snipping Tool. The screen with their Outlook client on it will be greyed out when they try to take a screenshot—and the screenshot will appear black.
  • However, these policies cannot stop users from recreating the information manually.

Applying an Information Rights Management Policy to an Office 2016 File

  1. In your document, workbook, or presentation, select the File tab from the ribbon.
  2. In the Info pane, choose the dropdown next to Protect Document, and scroll down to Restrict Access.
  3. Select the policy you would like to apply.
  4. Click the Back arrow to return to your document.
  5. You will now have a message at the top of your window to let you know your selected policy has been applied.

For technical information about setting up and configuring Information Rights Management policies, please see these resources:

Protect Messages and Documents with IRM in Office 2016

Configuring and managing templates for Azure IRM

Configuring usage rights for Azure Rights Management

Award-Winning Microsoft Gold Cloud Productivity Partner

PEI has been a Microsoft Gold Partner since 2005, and our engineers hold multiple Gold and Silver Microsoft Certifications. Our Gold Cloud Productivity Status speaks to our expertise with Microsoft Office 365. We have successfully completed migrations for thousands of Office 365 seats.

We focus our hiring efforts on mid- to senior-level engineers, housing a team with over 120 years of combined experience.  We deliver value by working with you to understand your business objectives and mapping out your technology to enhance these goals.

PEI specializes in long-term relationships where each customer is vital to our success. All of our customers are “customers for life,” and we use our partnerships and experience to help them drive real business results. Read more about what our customers have to say about PEI. 

Have Questions or Want to Get Started?

Contact Us Today!

Learn more about IT Security and how you can protect your business by attending our Security Event!  Not in Colorado?  Register to receive the presentation materials!

Leave a Reply

10 + fifteen =