IRM in Sharepoint and Azure Information Protection - solid model files, step files

Information Rights Management can be applied to a SharePoint Document Library:

https://support.office.com/en-us/article/Set-up-Information-Rights-Management-IRM-in-SharePoint-admin-center-239CE6EB-4E81-42DB-BF86-A01362FED65C

https://support.office.com/en-gb/article/Apply-Information-Rights-Management-to-a-list-or-library-3bdb5c4e-94fc-4741-b02f-4e7cc3c54aa1

https://docs.microsoft.com/en-gb/information-protection/understand-explore/office-apps-services-support

"When people download files in an IRM-enabled list or library, the files are encrypted so that only authorized people can view them."

Where I think this falls down, is sharing these IRM protected documents externally has some complications, assuming this still to be true.

From https://www.itpromentor.com/rms-sp-onedrive/

"The second major caveat you have to be aware of is that sharing IRM-protected documents with external users is a bit of a pain in the you-know-what. For starters, external users cannot download and open rights protected documents. In order to do that, they will need an identity in your Office 365 organization.

Indeed, it appears that this limitation has been confirmed by others, and Microsoft support explicitly states that IRM-protected documents sent to external users cannot be downloaded. External users must authenticate using at least a Microsoft Live ID just in order to view the document in a web browser."

Moving on to Azure Information Protection, this can also be used to protect documents with https://docs.microsoft.com/en-gb/information-protection/understand-explore/what-is-azure-rms This article describes the https://docs.microsoft.com/en-us/information-protection/rms-client/client-admin-guide-file-types.

These files can be shared externally and if the recipient uses Office 365 or some other Azure AD service, I think it's meant to be seamless. For other cases, the recipient can setup https://docs.microsoft.com/en-gb/information-protection/understand-explore/rms-for-individuals:

"RMS for individuals is a free self-service subscription for users in an organization who have been sent sensitive files that have been protected by the Azure Rights Management service from Azure Information Protection. If these users cannot be authenticated because their IT department does not manage an account for them in Azure, they can use this free sign-up service. For example, the IT department doesn't have Office 365 or use Azure services."

The external sharing features were set to be significantly improved in AIP, for example supporting consumer email services and the consumption of protected files, though I don't know if that ever materialised.  The main documentation landing page is well worth dipping into for more info:

https://docs.microsoft.com/en-gb/information-protection/

There is a nice demo on Microsoft Mechanics as well and and a presentation from https://channel9.msdn.com/Events/Ignite/Australia-2017/CLD336b.

Hopefully, that gets you started!