Securing Your Office Documents

Many of us have moved to using portals for sharing documents with clients and other outside agencies.  If you have not started using portals or have never even heard of them, Portals provide a secure encrypted way to share documents and information with groups and individuals outside your office.  Email has never been a very secure method of transmitting data.  It is too easy for a hacker to pick a message out as it travels through the cloud and begin to hack it, without either party involved in the conversation ever knowing.  Portals take care of that shortcoming.  But what if you need more control?  What if what you are sharing has a shelf life or once it is shared with its intended target you don’t want the document to be shared any further.  Enter Microsoft Information Rights Manager (IRM).    IRM is a technology that allows you to grant rights to a document, allowing you to control what others can and cannot do with the document.

Some features of IRM include the ability to limit access to who can open the file.  Once open, the file can be secured even more by giving some people rights to only read the document and grant others the ability to make changes.  Advanced features include the ability to set an expiration date for a document, very mission impossible.  You can grant or deny the ability to print the document or copy its content.  For the more technical, you can even deny access to content programmatically.  This means I cannot use or write another program to access the information in a spreadsheet for example.  Microsoft IRM is, for the most part, restricted to Microsoft Office Documents: Word, Excel, and PowerPoint to be exact.

So how does all this work?   Microsoft has two solutions.  One for most of us, which is a free service that uses Microsoft Live IDs, and the other is a server an enterprise can use to manage their own IRM.  I am going to talk about the first, free solution.  When you elect to secure your first document using Microsoft IRM, there are a few steps involved. In Office 2010, click File then Info.  Click the Protect Document drop down and hover Restrict Permissions by People and choose Restricted Access.  This will start a short wizard that will ask you if you want to set up IRM for use on your computer.  If you have come this far, the answer will be yes.  As part of the wizard, you will be prompted for a Microsoft Live ID user name and password.  If you already have one great; if not, it is a simple process.  I recommend you use your work email address as your user name and don’t create a new one, which only creates headache and a Hotmail email account.  Once all that is done, you will be able to manage the IRM for the document by entering the email address of the people you wish to grant access.  Once access has been restricted, a yellow bar will appear above your document with a button that will allow you to change permissions.

On the receiving end, those you have granted access to will get a message the first time they open an IRM managed document asking them to go through the same wizard we encountered earlier that set up the IRM client on the machine that created the document.  The person opening the message will only have to go through this process once and verify their identity if they don’t have an existing Windows Live ID.  Once completed, the recipient will be able to open the document with all the rights they have been assigned.  One great thing about IRM is it is in the cloud.  You can require the document check permissions every time it is opened, over the internet, so that its list of permissions is updated.  If you want to remove someone’s access, just make the change to the permissions on your local copy and every copy gets updated the next time it is opened.

Securing Office documents is great, but what about PDF documents? There are several technologies available that do the same thing as IRM, and support PFD documents that I may explore in a future article.  Recently however, I was introduced to a solution from Microsoft and a company called Foxit, the maker of a popular PDF reader, which extends PDF documents.   This solution allows them to be managed by Microsoft SharePoint and IRM when the PDF is shared from an IRM protected SharePoint site.  The Foxit reader is the only reader compatible with this IRM solution at the time this article is being written.  For more information on compatible readers, visit this webpage (  This solution is compatible with SharePoint Online Enterprise E1, E3, and E4 subscriptions and SharePoint Server 2013 Enterprise.

Many times, getting documents securely to their destination is only half the battle.  Managing your intellectual property once it has left the confines of your local network can be difficult.  Microsoft IRM built into Microsoft Office is a simple, cost effective solution for any small business.

Leave a Reply