Special Edition Using Microsoft Office Outlook 2003
Information rights management is slightly different. It deals with the transfer of confidential or sensitive information between individuals. If you send a private email to your boss informing him of theft of company materials by another employee, you do not want him to forward your email to that employee. You probably don't even want him to print a copy of that email. IRM gives the author control over the content she creates. The author can use IRM to prevent an email from being forwarded, printed, copied, or otherwise distributed. IRM is present in all Office 2003 applications. For documents and spreadsheets, you can control the access permissions even further. You can allow or disallow users from reading, editing, and printing a document, or even set a document to expire on a certain day and time. When the expiration time passes, the document can no longer be opened by anyone. IRM works by authenticating the sender as someone who can restrict access to a message or a document. The message is restricted, and then the recipient must authenticate to be able to view the message. For example, if Sally sends a restricted email to joe@e-mail.com, Sally must authenticate to a rights management (RM) server to secure the message, and Joe must authenticate to an RM server in order to view the email. That means Joe must be connected to the Internet (or to the Intranet if authenticating to an internal RM server). Joe must then present valid credentials (usually a Passport username and password) to the RM server before he can open the email. If Joe cannot authenticate, or tries to authenticate with invalid credentials, he cannot view the email. Authentication against a RM server can take two forms. You can use a corporate rights management server or you can use Passport. When Office 2003 is released, Microsoft will also release a server application that enables you to configure a server as a rights management server. You can then authenticate against this server to use IRM. This is probably the most secure way to use IRM. If you leave your current company, you'll no longer be able to authenticate against your corporate RM server and read secured messages. If your company does not want to invest in a RM server, you can use Microsoft Passport and authenticate against public RM servers Microsoft has set up for this application. The major drawback to using a public RM server is that you must setup a Passport account with the email address you use to read your email. Many people use generic Passport accounts, such as Hotmail accounts, to cut down on spam. To use public RM servers, you must create a new Passport account with the email address you use to read your email. You can, however, choose to opt out of all mailings and not share any of your information with Passport other than your name and email address. Configure IRM
The first time you use IRM, you must configure it. To configure and use IRM for the first time, use the following steps:
After you complete the initial setup, permissions will be automatically set on your message. IRM Permissions
In Outlook 2003, IRM is either on or off. You cannot exert the same sort of fine control over an email that you can over a Word document. By restricting access to an email, you're preventing users from forwarding or printing the email. You're also preventing them from editing the email or cutting or copying text. To secure a message using IRM, use the following steps:
Reading Messages Using IRM
When you receive a message sent with restrictions, it won't be viewable in the Reading Pane. You must open the item to be able to view its contents. The item might take a few minutes to open because it must authenticate to the RM server to verify your identity. If you've received an RM message but haven't yet downloaded and installed the RM client, you'll need to follow the steps previously listed to install the RM client software. When the message opens, it will look similar to Figure 25.27. The Forward button is dimmed, as are the Print button and the Copy button. You cannot forward the message to another user or edit the message for any reason. The Permissions button on the toolbar is selected, but it's also dimmed, so you cannot turn permissions off. If you select the Edit menu, you'll find that the Edit Message option is also dimmed and unavailable. If you try to use Alt+Prt Scrn to make a copy of the message, you won't be able to do so. Figure 25.27. A message with IRM properties cannot be forwarded, printed, or copied.
IRM Limitations
As with any security feature, there are limitations to IRM. For example, you cannot stop someone from using a screen capture program to copy the image of the email. You also can't stop someone from taking a digital picture of the screen and distributing the content that way. You definitely can't stop a recipient from picking up the phone and telling someone else what that content is. IRM only makes it significantly more difficult to distribute private or restricted content. Even though IRM uses Passport authentication to verify your identity, you can actually use it offline. You must have previously installed the client software and obtained an end user license (EUL). As long as you meet those conditions, you can access content offline or online. Outlook will synchronize the licensing information automatically so that the license is available offline. If you're running against a corporate RM server, you can configure additional levels of restrictions. You can prevent reply to a message, prevent reply to all, and enable any of the blocked features such as copying and pasting. If you use Passport authentication against a public RM server, you're limited to one level of restriction on email messages. IRM isn't designed to completely prevent the spread of unauthorized information. It is, however, designed to make the dissemination of that information extremely difficult. |