Control 1.16: Information Rights Management (IRM) for Documents
Control ID: 1.16
Pillar: Security
Regulatory Reference: GLBA 501(b), SEC Reg S-P (2024 amendments), FINRA Rule 4511, FINRA Regulatory Notice 25-07, SOX 404, NIST SP 800-53 AC-21 / SC-28
Last UI Verified: April 2026
Governance Levels: Baseline / Recommended / Regulated
Objective
Implement persistent document protection for content accessed by Copilot Studio agents using Information Rights Management (IRM) to control viewing, editing, copying, printing, and forwarding rights, with content expiration and revocation capabilities.
Why This Matters for FSI
- GLBA 501(b) Safeguards Rule: Persistent encryption and rights enforcement on documents containing nonpublic personal information (NPI) help meet the requirement to maintain administrative, technical, and physical safeguards that protect customer information from unauthorized access or use — including egress paths (copy, print, forward, screen capture) that file-share permissions alone do not control.
- SEC Regulation S-P (2024 amendments): IRM document tracking and revocation capability aid the incident response program required for covered institutions — the access log identifies who viewed customer financial information, and revocation supports containment when an incident is detected. Required notification timelines depend on the impact assessment IRM telemetry helps inform.
- FINRA Rule 4511 (Books and Records) and Regulatory Notice 25-07: IRM access logs contribute to the audit trail of who accessed firm records, including content surfaced by AI agents. FINRA 25-07 expects that AI agent interactions with protected content are supervised and that egress controls are commensurate with the sensitivity of the information being processed.
- SOX Section 404 (Internal Control over Financial Reporting): Restrictions on copying, printing, and forwarding of documents containing financial reporting data help meet the management assertion that controls over information used in ICFR are designed and operating effectively.
- NIST SP 800-53 AC-21 (Information Sharing) and SC-28 (Protection of Information at Rest): Sensitivity labels with encryption provide the persistent, identity-bound protection envisioned by these controls and aid in meeting cross-mapped requirements (CIS Controls v8 3.11, ISO/IEC 27001 A.8.10).
No companion solution by design
Not all controls have a companion solution in FSI-AgentGov-Solutions; solution mapping is selective by design. This control is operated via native Microsoft admin surfaces and verified by the framework's assessment-engine collectors. See the Solutions Index for the catalog and coverage scope.
Control Description
Information Rights Management (IRM) extends document protection beyond the boundary of the SharePoint or OneDrive permission model. Permissions on a library control who can open a file from the library; IRM controls what a user (or AI agent) can do with the file once it has been opened or downloaded — view, edit, copy, print, forward, take a screenshot — and for how long that access remains valid offline. For Copilot Studio and Microsoft 365 Copilot agents that ground responses in SharePoint content, IRM is the layer that prevents an authorized agent caller from extracting protected source material out of the agent response and out of the tenant.
This control implements protection through six coordinated mechanisms:
- Azure Rights Management Service activation — Enable Azure RMS (the encryption back end for sensitivity labels and SharePoint IRM) at the tenant level. Required before any encryption-enabled label or library IRM setting will function.
- IRM-enabled sensitivity labels — Create labels (in Microsoft Purview) that apply encryption with explicitly assigned permissions, content marking (header, footer, watermark with viewer identity), and offline / expiration limits.
- SharePoint document library IRM — Apply library-level IRM so that documents downloaded from libraries used as agent knowledge sources are wrapped with the configured permission policy at egress, even when the document itself was not pre-labeled.
- Agent service identity rights — Grant the agent's service principal or Microsoft 365 Copilot identity the minimum rights required (typically Viewer) so the agent can ground on the content without becoming a path that strips protection.
- Document tracking and revocation — Enable usage tracking and the super-user feature so compliance can audit who opened a protected document and revoke active sessions when an incident is detected.
- Auto-labeling for sensitive content — Layer auto-labeling policies (client identifiers, account numbers, MNPI patterns) on top of the manual labels so that protection is applied without depending on user action.
IRM does not replace least-privilege permissions, DLP, or sensitivity labeling — it composes with them. It is the egress-control layer that closes gaps left when an authorized user (or an AI agent acting on their behalf) needs to read protected content but should not be able to redistribute it.
Key Configuration Points
- Activate Azure Rights Management Service in the Microsoft 365 Admin Center (Settings → Org settings → Microsoft Azure Information Protection) or via
Enable-AipService. - Create IRM-enabled sensitivity labels in Microsoft Purview with explicit "Assign permissions now" rights mapping.
- Grant the agent's service identity (Copilot Studio service principal or Microsoft 365 Copilot identity) Viewer rights in label permissions — never Co-Owner / Co-Author.
- Enable IRM on every SharePoint document library used as an agent knowledge source ("Restrict permission to documents in this library on download").
- Configure content expiration on encryption (recommended: 90 days for Zone 3, 180 days for Zone 2).
- Set offline access limits ("Number of days the content is available without an internet connection" — recommended 7 days for Zone 3, 14 days for Zone 2).
- Enable dynamic watermarking with the viewer's email address for high-sensitivity labels.
- Configure the Azure RMS super-user feature and limit membership to a dedicated compliance group for eDiscovery and incident response.
- Apply auto-labeling policies that detect FSI-relevant sensitive information types (account numbers, SSN, MNPI keywords) and apply the IRM-enabled label without user action.
- Audit the agent's service identity does not appear in any group with elevated rights ("Co-Owner", "Co-Author", "Print", "Save As").
Zone-Specific Requirements
| Zone | Requirement | Rationale |
|---|---|---|
| Zone 1 (Personal Productivity) | IRM optional; if applied, print/copy permitted; no content expiration; 30-day offline access; static header marking only. Auto-labeling not required. | Personal-scope agents operate against the user's own content and benefit more from least-friction collaboration than from egress restriction. Heavy IRM here typically degrades the Copilot experience without proportional risk reduction. |
| Zone 2 (Team Collaboration) | IRM required on libraries grounding shared agents; print and copy blocked; 180-day content expiration; 14-day offline access; static watermark with team identifier; auto-labeling for account numbers and SSN. Agent service identity scoped to Viewer. | Team agents surface content to a defined audience and may be queried by users whose role does not entitle them to redistribute the source. Egress controls aid in meeting GLBA 501(b) and FINRA 4511 expectations for shared workspaces. |
| Zone 3 (Enterprise Managed) | IRM mandatory on all knowledge-source libraries; print, copy, forward, and screen capture blocked; 90-day content expiration; 7-day offline access (or online-only for the highest-sensitivity label); dynamic watermark with viewer email; auto-labeling enabled for all FSI-relevant sensitive information types; document tracking and revocation enabled; super-user group restricted to compliance. Quarterly review of agent-identity permissions required. | Enterprise-managed agents handle customer NPI, financial reporting data, and material non-public information. Egress controls, identity-bound watermarks, and revocation are required to support SEC Reg S-P incident response, FINRA 25-07 supervision expectations, and SOX 404 information-integrity assertions. |
Roles & Responsibilities
| Role | Responsibility |
|---|---|
| Purview Info Protection Admin | Create, publish, and maintain IRM-enabled sensitivity labels and label policies; configure auto-labeling rules; review label usage telemetry. |
| Purview Compliance Admin | Approve label taxonomy and protection policies; review document tracking dashboards; authorize revocation events; manage the super-user group. |
| SharePoint Admin | Activate Azure RMS for SharePoint; enable IRM on agent knowledge-source libraries; configure tenant-level IRM defaults. |
| Entra Global Admin | Activate the Azure Rights Management Service at tenant level (one-time, with Privileged Identity Management just-in-time elevation); validate tenant-level IRM configuration after activation. |
| AI Governance Lead | Maintain the inventory of agents and their grounding libraries; verify each library has IRM enabled and that the agent service identity is scoped to Viewer; chair the quarterly access review for Zone 3. |
Related Controls
| Control | Relationship |
|---|---|
| 1.5 - DLP and Sensitivity Labels | Label-based protection |
| 1.15 - Encryption | Underlying encryption |
| 1.3 - SharePoint Governance | Library permissions |
| 4.1 - SharePoint IAG | Content discovery control |
Implementation Playbooks
Step-by-Step Implementation
This control has detailed playbooks for implementation, automation, testing, and troubleshooting:
- Portal Walkthrough — Step-by-step portal configuration
- PowerShell Setup — Automation scripts
- Verification & Testing — Test cases and evidence collection
- Troubleshooting — Common issues and resolutions
Verification Criteria
Confirm control effectiveness by verifying:
- Azure RMS reports
Enabled(Get-AipService) and the Microsoft 365 Admin Center shows "Protection is activated". - At least one IRM-enabled sensitivity label is published in an active label policy and assigned to the user populations that author or consume agent content.
- Every SharePoint document library used as an agent knowledge source has "Restrict permission to documents in this library on download" enabled with the Zone-appropriate settings.
- A test grounding query against a Zone 3 agent returns the expected content, and an attempt to copy / print / forward the underlying document by the calling user is blocked by IRM as configured.
- Document tracking events for the test access appear in Microsoft Purview and the Unified Audit Log within the expected latency, and a revocation issued from the tracking dashboard takes effect within the expected propagation window.
- The Azure RMS super-user group exists, contains only approved compliance members, and is reviewed at the cadence defined in Control 1.18.
Additional Resources
- Microsoft Learn: Microsoft Purview Information Protection overview
- Microsoft Learn: Apply Information Rights Management to a list or library
- Microsoft Learn: Restrict access to content by using sensitivity labels to apply encryption
- Microsoft Learn: Activate the Azure Rights Management service
- Microsoft Learn: Track and revoke protected documents (admin)
- Microsoft Learn: Configure Azure Rights Management super users
- Microsoft Learn: Microsoft Purview Information Protection and Microsoft 365 Copilot
Updated: April 2026 | Version: v1.4.0 | UI Verification Status: Current