Migration Assessment Scan: IRM Enabled Lists

Learn how to mitigate issues with IRM enabled lists during migration.


Information Rights Management [IRM] is a feature that enables you to encrypt content when a user accesses it to ensure it cannot be forwarded or manipulated. The files are stored in an unencrypted format in SharePoint. When a user accesses a file in an IRM protected list, the file is protected prior to transit. The file can only be opened in an IRM supported client application such as Microsoft Office.

There are two main components to the IRM migration process:

  • Configure the target environment to support Microsoft Azure Active Directory Rights Management.

  • Disable IRM on the source and target SharePoint libraries. This is required as the migration tooling will access the files in the same manner as a user. If IRM is enabled on the source, the migration tooling will receive an encrypted file and upload that encrypted file to the target environment. This results in a file that can no longer be opened successfully.

Data Migration

IRM settings associated with lists and libraries are not migrated. The following process is required to enable the migration tooling to properly handle IRM protected libraries. This process ensures that the content is transferred and accessible post migration.

  1. Disable IRM on the source and target list.

  2. Migration tooling will copy the files from the source and place them in the target.

  3. Enable IRM on the source and target list.


Any site that is configured as "No Access" (locked), in SharePoint will be skipped. To see a list of locked site collections see the Locked Sites scan output.

Preparing for Migration

  1. IRM will need to be configured for SharePoint Online.

  2. IRM will need to be disabled on the source list prior to the migration event for that site collection.

Post Migration

  1. Enable IRM on the migrated content list.

  2. Perform the following steps to ensure documents in IRM protected libraries are protected.

  • Download a document from an IRM protected list.

  • Open the document on the client machine.

  • If the document is protected, there will be a status displayed beneath the ribbon.

Scan Result Reports

The following table describes the columns in the IRMEnabledLibrary-detail.csv report. This scan report contains lists and libraries that have IRM enabled. If IRM is disabled on the farm, the scan will not execute and the output file will indicate this.

Column Description
Unique identifier of the impacted site collection.
URL to the impacted site collection.
Owner of the site collection.
List of people listed as site collection administrators.
Size of the size collection in megabytes [MB]
Number of webs that exist in the site collection.
Name of the content database hosting the site collection.
SQL Server hosting the content database.
Size of the content database hosting the site collection.
Date/Time the site collection had content modified.
Total number of items found in the site collection.
Number of requests logged for the site collection. Relies on data from the usage logging service. If the usage logging service is disabled this row will show N/A.
Number of distinct users that have accessed the site collection. Relies on data from the usage logging service. If the usage logging service is disabled this row will show N/A.
Number of days the usage logging service retains data. This provides context for Hits and DistinctUsers. For example, if this is 14 days, the Hits and DistinctUsers data is for the last 14 days.
Title of the list or library with IRM enabled.
URL to the default list view.
Number of items in the list.
Unique identifier assigned to a specific execution of the SharePoint Migration Assessment Tool.