Within SharePoint, IRM protection is applied to files at the list and library level. Before your organization can use IRM protection, you must first set up Rights Management. SharePoint Online IRM relies on the Microsoft Azure Active Directory Rights Management (Microsoft Azure AD RM) service to encrypt and assign usage restrictions. Some Office 365 plans include a Microsoft Azure AD RM subscription, but not all. To learn more, read Getting started with Microsoft Azure AD Rights Management
Turn on IRM service using SharePoint admin center
Before your organization can IRM-protect SharePoint lists and libraries, you must first activate the Rights Management service for your organization. To learn how, see Activating rights management.
After activating the Rights Management service, you must sign into the SharePoint admin center to turn on Information Rights Management (IRM).
Note: You’ll need SharePoint Online administrator privileges to turn on the IRM service. If Rights Management is not enabled by the Office 365 global administrator, IRM features cannot be used in SharePoint Online.
Sign in to the Office 365 Admin Center (http://portal.office.com).
Choose Admin > SharePoint. You’re now in the SharePoint admin center.
On the Settings page, in the Information Rights Management (IRM) section, choose Use the IRM service specified in your configuration, and then choose Refresh IRM Settings.
Note: After refreshing IRM settings, people in your organization can now IRM-protect their SharePoint lists and document libraries.
IRM-enable SharePoint document libraries and lists
After refreshing IRM settings, site owners can IRM-protect their SharePoint lists and document libraries. For more information, see Apply Information Rights Management to a list or library.
When site owners enable IRM for a list or library, they can protect any supported file types in that list or library. When IRM is enabled for a library, rights management applies to all of the files in that library.
Note: When IRM is enabled for a list, rights management applies only to files that are attached to list items, not the actual list items.
When people download files in an IRM-enabled list or library, the files are encrypted so that only authorized people can view them. Each rights-managed file also contains an issuance license that imposes restrictions on the people who view the file. Typical restrictions include making a file read-only, disabling the copying of text, preventing people from saving a local copy, and preventing people from printing the file. Client programs that can read IRM-supported file types use the issuance license within the rights-managed file to enforce these restrictions. This is how a rights-managed file retains its protection even after it is downloaded. To enable IRM on a list or library, see Apply Information Rights Management to a list or library
SharePoint Online supports encryption of the following file types:
The 97-2003 file formats for the following Microsoft Office programs: Word, Excel, and PowerPoint
The Office Open XML formats for the following Microsoft Office programs: Word, Excel, and PowerPoint
The XML Paper Specification (XPS) format