Forum Discussion

Rajesh Khanikar's avatar
Rajesh Khanikar
Copper Contributor
Sep 07, 2017

Hi Adrian,

Azure RMS and SharePoint Azure IRM are related but not same.

 

With Azure RMS, https://docs.microsoft.com/en-us/information-protection/deploy-use/configure-policy-templates and apply them to the documents, rights are applied on the document level. How do you apply the templates? As an end user, you do this using https://www.microsoft.com/en-us/download/details.aspx?id=53018(Azure Information Protection) Add-in in Office or you can use backstage of Office application.

Azure RMS templates from Office backstage

 

Azure RMS protection lives within the document, no matter where they are stored and how they are shared (email, DropBox, OneDrive etc.).

 

When you use SharePoint IRM, it is different. You https://support.office.com/en-us/article/Apply-Information-Rights-Management-to-a-list-or-library-3bdb5c4e-94fc-4741-b02f-4e7cc3c54aa1, you define the protection requirements at the library level. You cannot use Azure RMS templates in a SharePoint library. Protection is applied on the document ONLY when the document leaves the library (e.g. when you download a document). This design is to ensure that SharePoint can index the documents, and Search can find the documents. So within SharePoint, the document living within an IRM protected library doesn't have any protection, within SharePoint you control access using SharePoint permission. For example, you can create contributor or viewer group to control who can edit and who can view.

 

Now, if you upload an Azure RMS protected document to a SharePoint library (when you apply the templates using AIP client using Office), rights applied on the document will not be affected. SharePoint search will not be able to index that file, it won't show up in the Search.

 

In general Azure RMS/IRM works on the organisation's domain level. Example, john@contoso.com can apply a template to a document that allows read access to anybody within contoso.com domain, now if someone from the contoso.com forwards that document to someone@xyz.com, that someone@xyz.com will not be able to read the document.

Resources