In response to market demands for a system with which companies can protect proprietary and sensitive information, Microsoft developed an umbrella of technologies called Information Rights Management (IRM). Outlook 2003 incorporates IRM, which prevents the recipient of any message you send from forwarding, copying from, or printing the message. The recipient can view the message, but the features for accomplishing these other tasks are unavailable.

What IRM can do — and what it can't do

IRM helps protect sensitive information contained in Microsoft Office documents or Outlook e-mail messages from unauthorized viewing or distribution. On a small scale, IRM helps individuals enforce personal preference when it comes to the transmission of personal or private information. On a large scale, IRM helps organizations enforce corporate policy governing the control and dissemination of confidential or proprietary information. No matter the scale of its use, IRM can greatly reduce the risk of certain information finding its way into the wrong hands.

However, IRM is not a silver bullet. It can't protect information from every threat, every person, or every set of circumstances. IRM is a highly effective deterrent to the office busybody, the careless coworker, or the small-time information thief. To a determined, technologically sophisticated, and well-paid corporate spy, IRM might be little more than a temporary setback.

IRM can do the following to protect confidential information:

• Help prevent an authorized recipient of protected information from forwarding, copying, modifying, printing, faxing, or cutting and pasting the information for unauthorized use.
• Help prevent protected information from being copied with the Microsoft Windows Print Screen function.
• Help provide information with the same level of protection wherever it goes. This is referred to as "persistent protection."
• Help to provide the same level of protection to e-mail attachments, as long as the attachments are files created with other Office programs, such as Excel or Word.
• Help protect information in e-mail messages or documents that have been set to expire so that the information can no longer be viewed after a specified period of time.
• Help enforce corporate policies that govern the use and dissemination of information within and outside the company.

IRM can't do the following to protect confidential information:

• Help prevent information from being erased, stolen, or captured and transmitted by malicious programs such as Trojan horses, keystroke loggers, and certain types of spyware.
• Help prevent information from being lost or corrupted due to the actions of computer viruses.
• Help prevent protected information from being hand-copied or retyped from a display on a recipient's monitor.
• Help prevent a recipient from taking a digital photograph of the protected information displayed on a monitor.
• Help prevent protected information from being copied by using third-party screen-capture programs.

Implementing IRM

There are two ways to implement IRM with Office 2003:

• The first way requires a Microsoft .NET Passport, a free authentication service provided by Microsoft. You log on to the IRM service with your Passport credentials to download a digital certificate. Outlook 2003 uses this certificate to verify your identity and activate the IRM features. If you don't have a Passport, you can get one from the Microsoft .NET Passport home page.

  Important  Be sure to remember the e-mail address you use when you sign up for a Passport. You will need it when setting up IRM.

• The second way, which is more suitable for large organizations, is for an administrator to install the Windows Rights Management Services (RMS) add-on on a Microsoft Windows Server 2003 server. Users with domain accounts can authenticate on the RMS server by using Windows or Passport authentication, and then download their IRM certificates to activate the IRM features in Outlook 2003.

  Important  This article explains how to configure and use IRM in Outlook 2003 with the Passport service. If you need to implement RMS, point your browser to the Windows Rights Management Services home page.

The first way is the simplest because it doesn't require that organizations deploy an RMS server. The second way provides more flexibility because the RMS administrator can configure company-specific IRM policies, which are then available to users. For example, an administrator can create a policy template that requires that only users within the company domain can open all e-mail messages protected by the policy. Administrators can create any number of templates to suit the company's need for data rights for the range of Office applications and document types.

Viewing IRM-protected messages without Outlook

Not everyone who receives an IRM-protected message will be running Outlook 2003, so Microsoft has developed the Rights Management Add-on for Internet Explorer, which enables you to view the messages in Internet Explorer. Without this add-on, recipients are unable to view IRM-protected messages. With it, recipients can view but not forward, copy, or print the messages, just as it is in Outlook 2003.

Protecting the contents of messages with IRM

Follow these steps to configure Outlook to create and send IRM-protected messages:

1. Start Outlook and then open a new message.
2. On the File menu, point to Permission, and then click Do Not Forward.

   Clicking the toolbar button does the same thing.

   If the newest version of the Windows Rights Management client (the IRM add-on for client programs) is not installed on your computer, you are prompted to install the update. Click OK to install it. In the Select User dialog box, select the user account you want to use IRM with, or click Add to select a different account. You can select a Passport account or a Microsoft Windows account.

3. If you don't have the Windows Rights Management client installed, Outlook displays the following dialog box. Click Yes and follow the prompts to download and install the Windows Rights Management client.

   

4. In the new message, on the File menu, point to Permission, and then click Do Not Forward. The Service Sign-Up Wizard starts, as shown in the following dialog box.

   Select Yes, I want to sign up for this free trial service from Microsoft, and then click Next.

   

5. The wizard asks if you already have a Passport. If you do, select Yes, click Next to open a sign-in dialog box, and then enter your Passport credentials.

   If you don't have a Passport, select No, click Next and then follow the prompts to obtain a Passport.

6. After you log on with your Passport, the wizard prompts you for the e-mail address associated with your Passport account, as shown in the following dialog box.

   

7. The wizard asks which type of certificate you want to download. Select Standard to obtain a certificate that you can use on your own computer. Select Temporary if you need a certificate only for a limited time, such as when you are working from a public computer.

   

8. Click Next and then click Finish to complete the process.

   Note  You can download an IRM certificate for a given Passport 25 times, or to 25 different computers.

9. After the IRM certificate is installed on your computer, Outlook returns you to the message you opened in step 1. The Outlook InfoBar displays Do Not Forward, indicating that the message is protected by IRM.

   

10. Address the message and add the message body and attachments, if any, as you would for any other message.

    Important  IRM provides the same level of protection to attachments only if they are files created from Office programs.

11. Send the message.

Viewing IRM-protected messages

If the recipient attempts to view an IRM-protected message without first obtaining a certificate, Outlook gives you the option to obtain one. After the certificate is installed, you can view the message, but Outlook indicates in the InfoBar that the message is restricted. The commands for forwarding, copying, and printing the message are disabled.

Note  When you reply to an IRM-protected message in Outlook 2003, the original message is deleted from the body of the reply message.

Working with multiple accounts

It's possible that you use more than one Passport. If you have another Passport and e-mail account, and you need to select a particular account when you send or view an IRM-protected message, complete the following steps:

1. Open the message.
2. On the File menu, point to Permission, and then click Restrict Permission As to open the Select User dialog box.

   

3. Select an account, and then click OK to use that account for the current message.

If you have only one account configured on the computer and want to add another account, click Add to start the Service Sign-Up Wizard and download a certificate for another e-mail address and its corresponding Passport.

About the author:   Jim Boyce has authored over 50 books on software and operating systems, including over a dozen titles on Microsoft Office and Microsoft Outlook. In other lives he has owned and operated an Internet services company, and been a college instructor, engineering technician, CAD systems manager, and UNIX administrator. In his spare time he enjoys flying, both real and model aircraft. See Jim's Web site for other Outlook, Office, and Microsoft Windows® tips.