SharePoint IRM question regarding "Users must verify their credentials using this interval"

%3CLINGO-SUB%20id%3D%22lingo-sub-19265%22%20slang%3D%22en-US%22%3ESharePoint%20IRM%20question%20regarding%20%22Users%20must%20verify%20their%20credentials%20using%20this%20interval%22%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-19265%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%3ESharePoint%20IRM%20question%20regarding%20%22Users%20must%20verify%20their%20credentials%20using%20this%20interval%22%3C%2FSPAN%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3CSPAN%3EDoes%20this%20mean%20that%20only%20users%20that%20had%20permissions%20in%20the%20first%20place%20can%20open%20the%20file%3F%20Or%20is%20it%20only%20looking%20for%20users%20within%20our%20company%3F%20So%20someone%20could%20download%20the%20file%2C%20and%20email%20it%20to%20someone%20else%20that%20didnt%20originally%20have%20permissions%20in%20the%20first%20place%3F%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-19265%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EDocument%20Library%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EPermissions%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESharePoint%20Online%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-20112%22%20slang%3D%22en-US%22%3ERe%3A%20SharePoint%20IRM%20question%20regarding%20%22Users%20must%20verify%20their%20credentials%20using%20this%20interval%26amp%3B%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-20112%22%20slang%3D%22en-US%22%3E%3CP%3EIt%20means%20that%20the%20license%20(key)%20they%20get%20to%20open%20the%20file%20is%20time-bound%20and%20they%20need%20to%20periodically%20authenticate%20to%20O365%20in%20order%20to%20renew%20it.%20The%20default%20is%2030%20days.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIf%20you%20have%20played%20with%20the%20RMS%20sharing%20app%2C%20it%20has%20a%20similar%20option%20-%20%22Allow%20me%20to%20instantly%20revoke%20access%20to%20these%20documents%22.%20In%20other%20words%2C%20it's%20%22online%22%20protection%2C%20requires%20the%20user%20to%20connect%20to%20the%20service%20every%20time%20they%20try%20to%20open%20the%20document.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-19489%22%20slang%3D%22en-US%22%3ERe%3A%20SharePoint%20IRM%20question%20regarding%20%22Users%20must%20verify%20their%20credentials%20using%20this%20interval%26amp%3B%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-19489%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fsupport.office.com%2Fen-gb%2Farticle%2FApply-Information-Rights-Management-to-a-list-or-library-3bdb5c4e-94fc-4741-b02f-4e7cc3c54aa1%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fsupport.office.com%2Fen-gb%2Farticle%2FApply-Information-Rights-Management-to-a-list-or-library-3bdb5c4e-94fc-4741-b02f-4e7cc3c54aa1%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIn%20the%20above%20article%20it%20mentions%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CUL%3E%3CLI%3E%3CP%3E%3CSTRONG%3EHelps%20to%20prevent%20an%20unauthorized%20viewer%20from%20viewing%20the%20content%20if%20it%20is%20sent%20in%20e-mail%20after%20it%20is%20downloaded%20from%20the%20server%3C%2FSTRONG%3E%3C%2FP%3E%3C%2FLI%3E%3CLI%3E%3CP%3E%3CSTRONG%3ERestricts%20access%20to%20content%20to%20a%20specified%20period%20of%20time%2C%20after%20which%20users%20must%20confirm%20their%20credentials%20and%20download%20the%20content%20again%3C%2FSTRONG%3E%3C%2FP%3E%3C%2FLI%3E%3C%2FUL%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESo%20unauthorised%20users%20still%20cannot%20view%20the%20document.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2940355%22%20slang%3D%22en-US%22%3ERe%3A%20SharePoint%20IRM%20question%20regarding%20%22Users%20must%20verify%20their%20credentials%20using%20this%20interval%26amp%3B%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2940355%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F58%22%20target%3D%22_blank%22%3E%40Vasil%20Michev%3C%2FA%3E%26nbsp%3BAnyway%20to%20restrict%20opening%20the%20IRM%20protected%20documents%20that%20were%26nbsp%3Bdownloaded%20by%20users%3F%20We%20have%20shared%20files%20%26amp%3B%20folders%20with%20some%20external%20users%20and%20need%20to%20revoke%20access%20as%20such%20that%20they%20should%20not%20be%20able%20to%20open%20the%20downloaded%20file.%20I%20have%20currently%20configured%20above%20setting%20to%20%220%22%20days%20but%20still%20can%20open%20downloaded%20file.%20Also%2C%20tried%20blocking%20guest%20user%20account%20sign-in%20%26amp%3B%20revoked%20sessions%20from%20Azure%20AD%20but%20it%20doesn't%20make%20any%20difference.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Valued Contributor

SharePoint IRM question regarding "Users must verify their credentials using this interval"

Does this mean that only users that had permissions in the first place can open the file? Or is it only looking for users within our company? So someone could download the file, and email it to someone else that didnt originally have permissions in the first place?

3 Replies

https://support.office.com/en-gb/article/Apply-Information-Rights-Management-to-a-list-or-library-3b...

 

In the above article it mentions:

 

  • Helps to prevent an unauthorized viewer from viewing the content if it is sent in e-mail after it is downloaded from the server

  • Restricts access to content to a specified period of time, after which users must confirm their credentials and download the content again

 

So unauthorised users still cannot view the document. 

It means that the license (key) they get to open the file is time-bound and they need to periodically authenticate to O365 in order to renew it. The default is 30 days.

 

If you have played with the RMS sharing app, it has a similar option - "Allow me to instantly revoke access to these documents". In other words, it's "online" protection, requires the user to connect to the service every time they try to open the document.

@Vasil Michev Anyway to restrict opening the IRM protected documents that were downloaded by users? We have shared files & folders with some external users and need to revoke access as such that they should not be able to open the downloaded file. I have currently configured above setting to "0" days but still can open downloaded file. Also, tried blocking guest user account sign-in & revoked sessions from Azure AD but it doesn't make any difference.