Information Rights Management (IRM) in Microsoft Office 2003 is a new feature that allows individual authors to specify permission for who can access and use documents or e-mail messages, and helps prevent sensitive information from being printed, forwarded, or copied by unauthorized people. Once permission for a document or message has been restricted with this technology, the access and usage restrictions are enforced no matter where the information is, since the permission to access an e-mail message or a document are stored in the file itself.
IRM in Office 2003 helps corporations and knowledge workers address two fundamental needs:
- Restricted permission for sensitive information Most corporations today rely on firewalls, log-in security, and other network technologies to protect their sensitive intellectual property. The fundamental limitation of these technologies is that, once legitimate users have access to the information, they can share it with unauthorized people, potentially breaching security policies. IRM helps prevent the sensitive information itself from unauthorized access and reuse.
- Information privacy, control, and integrity Information workers often deal with confidential or sensitive information, relying on the discretion of others to keep sensitive materials in-house. IRM eliminates the temptation to forward, copy, or print confidential information by disabling those functions in documents and messages with restricted permission.
IRM in Outlook 2003
IRM can be used in Outlook 2003 to help prevent messages from being forwarded, printed, or copied. Messages with restricted permission are automatically encrypted before they are sent. An Office 2003 document attached to a message with restricted permission is automatically restricted unless permission is already restricted for the attached document, in which case the attachment retains its existing permission.
IRM in Word 2003, Excel 2003, and PowerPoint 2003
Permission for Office 2003 documents can be restricted on a per-user or per-group basis (group-based permissions require Active Directory for group expansion). Each user or group can be given a set of permissions according to the access levels defined by document authors: Read, Change, or Full Control. Document authors have Full Control access. Just like document authors, those with Full Control access can select to restrict printing, set expiration dates, and even give permission to others or change permission for existing users. Once permission for a document has expired for authorized users, the document can only be opened by the document author or users with Full Control access to the document.
If a document with restricted permission is forwarded to an unauthorized person, a message appears with the document author's e-mail address so that the individual can request permission for the document. If the document author chooses not to include an e-mail address, unauthorized users simply get an error message.
Windows Rights Management client
To take advantage of this new technology, you must first install the Windows Rights Management client. You will need administrative rights to install this client on your computer and ensure it functions properly.
Rights Management Add-on for Internet Explorer
Because permissions are granted in an Office 2003 program, Office 2003 documents with restricted permission can only be opened by Office 2003. However, the Rights Management Add-on for Internet Explorer allows authorized people without Office 2003 to read content with restricted permission.
Additional server requirements for IRM
Microsoft Windows Server 2003 with Windows Rights Management Services is required to enable IRM in Office 2003. Microsoft also hosts a free trial IRM service for customers who do not have Windows Server 2003. This service will enable users to share documents and messages with restricted permission using Microsoft .NET Passport as the authentication mechanism, as opposed to Active Directory.
For more information about Information Rights Management, visit Microsoft TechNet.