Blog › Cyber Security Resources

Rights Management (IRM) in Word, Excel, and PowerPoint: Why It Matters and How to Set It Up

18 September 2025 6 min read By jamcyber
Rights Management (IRM) in Word, Excel, and PowerPoint: Why It Matters and How to Set It Up

Rights Management in Word, Excel, and PowerPoint: Why It Matters and How to Set It Up

Information is one of the most valuable assets in any business. For small to medium businesses, documents such as client proposals, financial reports, HR records, and product designs are often shared and stored in Microsoft Word, Excel, and PowerPoint files. While standard file security measures such as passwords or access permissions are useful, they often stop working once a file leaves your network or device.

Information Rights Management (IRM) gives you control over your files wherever they go. It is a Microsoft 365 feature that protects documents by applying restrictions directly to the file. These restrictions can prevent unauthorised copying, forwarding, or printing. They can even set expiry dates so a file stops being accessible after a certain point in time.

In this article we review what is IRM and why most businesses should consider how they manage this.

Jump ahead

Why IRM is Worth Implementing


Small and medium businesses face many of the same data risks as large corporations, but without the same budget for complex security systems. Cloud storage and online collaboration tools make it easier than ever to share documents with staff, contractors, and clients. However, once a file is downloaded or emailed, you lose visibility and control.

Consider these examples:

  • A project proposal is accidentally sent to a competitor.
  • A confidential financial report is shared outside the finance team.
  • A presentation for an upcoming product launch is leaked before the official announcement.

In each case, IRM could have restricted who could open the file, what they could do with it, and how long they could keep it. The protection is embedded in the file itself, so it travels with the document no matter where it goes.

This makes IRM especially valuable for businesses that work with sensitive information, intellectual property, or personal data. It can also support compliance with data privacy regulations and help you prepare for certifications such as ISO 27001, where information access controls are a key requirement.

If you are not sure which of your documents need this level of protection, Jam Cyber can help you assess your risks and set up IRM as part of your broader cyber security approach. Contact us to get started.

Rights Management (IRM)

How IRM Works

IRM integrates directly into Microsoft Word, Excel, and PowerPoint. Once activated, it uses encryption and access permissions to control what recipients can do with a file. You can:

  • Prevent recipients from printing or copying the file
  • Restrict editing to specific people
  • Block forwarding to other recipients
  • Set an expiry date for file access
  • Limit viewing to within your organisation

You choose these settings before sending the file. The person receiving it will only be able to perform the actions you allow.

microsoft365

Setting Up IRM in Microsoft 365

You can use IRM with most Microsoft 365 business plans. Some older plans may require enabling Azure Rights Management, which is included in certain licences. While Microsoft Purview offers more advanced protection options, it is often more expensive and may be unnecessary for many small to medium businesses. Jam Cyber can help you choose a cost-effective setup that meets your needs.

Step 1: Activate IRM in Microsoft 365

  1. Sign in to the Microsoft 365 admin centre using your admin account.
  2. Go to Settings > Org settings > Services.
  3. Look for Azure Rights Management or Information Rights Management and make sure it is turned on.
  4. If it is not activated, follow Microsoft’s on-screen prompts to enable it.

Step 2: Apply IRM to a Document in Word, Excel, or PowerPoint

  1. Open the document you want to protect.
  2. Go to File > Info.
  3. Select Protect Document (or Protect Workbook or Protect Presentation depending on the application).
  4. Choose Restrict Access.
  5. Select the permission level you need:
    • Do Not Forward: Stops recipients from forwarding, copying, or printing the file.
    • Read-Only: Allows viewing but no editing or printing.
    • Custom: Lets you set specific permissions for individual people.
  6. Add the email addresses of those who should have access.
  7. Save the file and share it as usual.

Step 3: Automate with Labels (Optional)

If you frequently apply the same restrictions, you can set up labels that apply IRM automatically. For example:

  • “Confidential – Finance” label allows access only to finance staff.
  • “Internal Only” label blocks sharing outside your organisation.

This automation requires some setup in your Microsoft 365 admin tools. Jam Cyber can configure these for you so that IRM protection is applied consistently without extra work for your team.

Need help? Contact our team about supporting your IT and security needs. Restricting USB

Best Practices for Using IRM

IRM works best when it is part of a broader governance and security strategy. Decisions about when and how to use IRM should be made at a management level, not left to individual staff to decide on a case-by-case basis.

  • Include IRM in your cyber security policies: Your policies should clearly state which types of documents require IRM and how restrictions should be applied.
  • Build IRM into governance frameworks: This ensures that sensitive documents are always protected, even during busy or high-pressure periods.
  • Train your team: Staff should know how to recognise documents that require IRM and how to apply it correctly. Jam Cyber offers practical cyber awareness training that covers tools like IRM.
  • Review permissions regularly: Over time, roles and responsibilities change. Make sure access controls reflect current needs.
  • Integrate IRM into compliance programs: If your business is working towards ISO 27001 or similar certifications, IRM can be part of meeting your information security control requirements.

By embedding IRM into your governance processes, you avoid relying on ad hoc decisions that can lead to inconsistent protection.

Talk to us about building IRM into your cyber strategy The Menace of Malware

When IRM is Not Enough


While IRM is powerful, it is not a complete solution on its own. If accounts are not secured with strong passwords and multi-factor authentication, or if your Microsoft 365 setup has other vulnerabilities, someone could still access your files. IRM is most effective when combined with other security layers such as secure email gateways, endpoint protection, and regular security monitoring.

Jam Cyber offers complete Microsoft 365 security assessments that look at your entire environment. We identify gaps, strengthen your defences, and make sure tools like IRM work as part of an overall protection strategy.

Next Steps

If your business uses Microsoft 365 but has not set up IRM, you may be missing a simple and cost-effective way to secure your most sensitive files. Jam Cyber can help you:

  • Identify which documents need IRM protection
  • Set up and configure IRM for Word, Excel, and PowerPoint
  • Train your staff so IRM becomes part of everyday workflows
  • Support your compliance efforts for standards such as ISO 27001

Contact Jam Cyber today to discuss your needs and secure your business documents before they leave your network. You can also explore our Cyber Security Services for more ways to protect your business.

// Need more help?

Contact our team today.



    This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

    Protect your business from cyber threats.

    Jam Cyber helps Australian businesses stay secure with practical, expert-led guidance and managed security services.

    Book a Free Strategy Session