In order for IRM to work with AD RMS on word documents, do clients need to be added into the domain?
From my testing, this seems self defeating. If I use SP IRM and grant a user view access, if they are on the domain the RMS policy takes effect and applies the appropriate restrictions. Yet, because I have given rights via SP, the user can access the document from any machine since the document library only request the appropriate authentication. Afterward the user can open the document as normal.
I would like to know if its possible to make the document completely restricted if the user is not joined on the domain or am I not configuring something correctly.
From my understanding, if you’re using IRM software, you can control access to the documents and make them completely restricted. With IRM solution, user who has the appropriate authentication can access the documents at any time from any devices and anywhere. While sharing files, it is important to keep your domain confidential. Here is a SharePoint Webinar covers the common challenges in technical data control in SharePoint.
