Set up Information Rights Management (IRM) in SharePoint admin center

Within SharePoint, IRM protection is applied to files at the list and library level. Before your organization can use IRM protection, you must first set up Rights Management. SharePoint Online IRM relies on the Microsoft Azure Active Directory Rights Management (Microsoft Azure AD RM) service to encrypt and assign usage restrictions. Some Office 365 plans include a Microsoft Azure AD RM subscription, but not all. To learn more, read Getting started with Microsoft Azure AD Rights Management

Turn on IRM service using SharePoint admin center

Before your organization can IRM-protect SharePoint lists and libraries, you must first activate the Rights Management service for your organization. To learn how, see Activating rights management.

After activating the Rights Management service, sign in to the SharePoint admin center to turn on Information Rights Management (IRM).

Note:  If Rights Management is not enabled by the Office 365 global administrator, IRM features cannot be used in SharePoint Online.

  1. Sign in to Office 365 as a global admin or SharePoint admin.

  2. Select the app launcher icon The icon that looks like a waffle and represents a button click that will reveal multiple application tiles for selection. in the upper-left and choose Admin to open the Office 365 admin center. (If you don't see the Admin tile, you don't have Office 365 administrator permissions in your organization.)

  3. In the left pane, choose Admin centers > SharePoint.

  4. In the left pane, choose settings.

  5. In the Information Rights Management (IRM) section, choose Use the IRM service specified in your configuration, and then choose Refresh IRM Settings.

Note:  After refreshing IRM settings, people in your organization can now IRM-protect their SharePoint lists and document libraries.

IRM-enable SharePoint document libraries and lists

After refreshing IRM settings, site owners can IRM-protect their SharePoint lists and document libraries. For more information, see Apply Information Rights Management to a list or library.

When site owners enable IRM for a list or library, they can protect any supported file types in that list or library. When IRM is enabled for a library, rights management applies to all of the files in that library.

Note:  When IRM is enabled for a list, rights management applies only to files that are attached to list items, not the actual list items.

When people download files in an IRM-enabled list or library, the files are encrypted so that only authorized people can view them. Each rights-managed file also contains an issuance license that imposes restrictions on the people who view the file. Typical restrictions include making a file read-only, disabling the copying of text, preventing people from saving a local copy, and preventing people from printing the file. Client programs that can read IRM-supported file types use the issuance license within the rights-managed file to enforce these restrictions. This is how a rights-managed file retains its protection even after it is downloaded. To enable IRM on a list or library, see Apply Information Rights Management to a list or library

SharePoint Online supports encryption of the following file types:

  • PDF

  • The 97-2003 file formats for the following Microsoft Office programs: Word, Excel, and PowerPoint

  • The Office Open XML formats for the following Microsoft Office programs: Word, Excel, and PowerPoint

  • The XML Paper Specification (XPS) format

Note: You cannot create or edit Office Online documents in an IRM-enabled library.

Top of Page

The short icon for LinkedIn Learning. New to Office 365?
Discover free video courses for Office 365 admins and IT pros, brought to you by LinkedIn Learning.

Expand your skills
Explore training
Get new features first
Join Office Insiders

Was this information helpful?

Thank you for your feedback!

Thank you for your feedback! It sounds like it might be helpful to connect you to one of our Office support agents.