Discover our new product to help you understand usage and control costs in Azure. Explore Overcast.

VIDEO 6 MIN READ

SharePoint Security Management Tips: RMS - Between Two Farms

Benjamin Niaulin
WRITTEN BY BENJAMIN NIAULIN

SharePoint Security Management is a very large topic and can cover multiple facets of your implementation. In a recent webinar on SharePoint security, we’ve covered some of the lessons learned with SharePoint which also applies to Office 365. During the talk, we briefly covered RMS for Office 365 or for SharePoint in general so I thought we’d go over it quickly in this video.

 

What is IRM for SharePoint on Office 365

What is it? It’s awesome is what it is. I know that I should be keeping a very neutral stance in blog posts, but IRM for SharePoint Libraries helps protect documents and it’s finally easy for us to use it. I say this because RMS has been there for ages, it’s short for Rights Management Service and sometimes, you’ll see it as IRM or Information Rights Management. Actually, RMS is an IRM specific to Microsoft.

A useful SharePoint Security Management toolkit addition

In short, it’s a way of protecting content in ways beyond the simple rights access with permissions levels. IRM allows you to prevent people from printing or forwarding a document and even restricting access after it leaves SharePoint.
Right now, if users who have access to a document and download it on their computer, they can easily send it to anyone in the world. With IRM for SharePoint, it cannot be opened by anyone other than those specifically mentioned. Awesome!

In the past, you could do this On-Premises, but it would require a lot of technical knowhow and a PKI or Public Key Infrastructure. This means Certificates, Certificates, Certificates and if you didn't know how to set that up along with the server required, you were in for a ride. In fact, it is still the case. However, it’s now a checkbox in your Document Library Settings.

 

There are many different ways to ensure your SharePoint content is secured and IRM for Office 365 provides one layer that can quickly be added. I've been using IRM since it was RMS with Windows Server to provide that security to my documents on file shares, what about you? Have you been using IRM for Office 365 to secure content? What else do you use to improve your SharePoint security?

Laura Rogers's blog post mentioned in the video.

 

Video Transcript

In this video we're going to talk about IRM and RMS with SharePoint and Office 365. 

Hi, my name is Benjamin Niaulin. I'm a SharePoint MVP all the way up here in Canada at the Sharegate office. I wanted to talk about RMS and IRM for SharePoint and that's an aspect of security, of course, because of our webinar, and on Between Two Farms, that talked on security just a couple of weeks ago.

Added SharePoint Security with RMS

Now the reason I touch on this subject is that there's not much information out there, or it seems very advanced or very complicated. We know that SharePoint security works in a certain way. We've talked about groups, breaking inheritance, and how you grant SharePoint groups versus active directory groups and all of that good security stuff that you need to know. Awesome!

But what about the security and encryption on the document level? What if you want to send a document to someone but need to restrict printing, need to restrict an email of being forwarded? Now if you're on Office 365 SharePoint and need to manage RMS with security or need to manage that aspect of security, then RMS is a great value that you get with the package. There isn't much additional configuration that is needed. You simply go to your settings, your Office 365 settings, and make sure that you enable IRM or RMS.

This will make it available for each individual document libraries of your SharePoint to add a certain level of rights management. You'll see it in your advanced settings, and you'll be able to say, "I don't want this document to be open after a certain date" or "I do want to remove these aspects of security as restrictions after that certain date." You can also restrict printing, only make it available and viewable in browser. There's many, many advanced settings available, and it works amazingly with Office files.

Full Office 365 Security

Of course, if you're talking different Office files, or sorry, different types of files, it may not work. You'll have to look what it's for. But I mean, if we're talking Word, Excel, PowerPoint, OneNote, these files are meant to work with Office. And that's the beauty of Office 365 is that it all works together. There was a great post by Laura Rodgers at ... The URL will be available in the blog post if you're looking at it or looking for it rather, and it really explains in detail what you can do with this.

So essentially you turn it on. You go to your document library, and you make sure that documents that have to be uploaded have to respect these policies or that you can allow people from their Office files to enhance that security on their documents so that even if it is taken out of SharePoint by email by somebody downloading it offline or anything OneDrive for Business now supports the syncing with these RMS files as well. It is great value that you get.

SharePoint Security On Premises with RMS

Now you're on premises. What about your SharePoint as well? Can you do this? Absolutely. RMS has been there for years, and all you need to do is make sure that you have a server that does this, right? It does require an extra server and set up all of these rules, see what is available. You'll have to make sure that there's a certain level of PKI, wow, infrastructure, public key infrastructure basically certificates. It's just a geek word for it. And make sure you have all of that set up. It is a little complex but if you have it on premises it is available. The value for those of you on Office 365 is you can start using it right now.