Blog Post

Automatically Securing Word, Excel, PowerPoint and PDF Files

Clavin Fernandes
Illustration: Automatically Securing Word, Excel, PowerPoint and PDF Files

We recently announced the ability to automatically apply watermarks to MS-Word, Excel, PowerPoint and PDF Files. When applying such watermarks, you usually want to make sure that users cannot easily remove these watermarks or change the document in any way, which is why it is essential to secure documents at the same time.

We have offered the ability to secure PDF Files for many years, including restrictions such as disable print and disable clipboard copy. We are happy to announce that this same facility is now available for MS-Word, Excel and PowerPoint files as well.

As always, we make new functionality available throughout our entire stack, so it doesn’t matter how you use our software, being it from the SharePoint on-premise user interface (SP2007-2019), the SharePoint Online one, Nintex Workflow, K2, traditional SharePoint Designer workflows, Workflow Manager workflows, UiPath, Power Automate, Azure Logic Apps, Power Apps or our on-premise and online APIs, the same facilities are available everywhere.

This new functionality is available with immediate effect in our SharePoint Online, Power Automate and REST API. There is nothing to do or install, it is available automatically to all new and existing users.

The on-premise version of the Muhimbi PDF Converter for SharePoint and the Muhimbi PDF Converter Services  include this new technology starting with version 10.1, which is available right now.

Common use cases for securing PDF and Office files are:

  • Ensuring document content and watermarks cannot be modified.

  • Preventing piracy and unauthorised use, protect intellectual property.

  • Making sure that ‘Final’ documents remain unaltered.

  • Preventing printing of documents (PDF only)

  • Disabling copying of content (PDF only)

Office Security DialogsVarious security dialogs and related facilities displayed by MS-Office when encountering secured files.

SharePoint Designer Workflows

Regardless of platform used, applying security to documents using SharePoint Designer Workflows, Workflow Manager and SharePoint Online pretty much looks and works the same everywhere.

Specify the document to process, where to write it to the optional password required to open the document ( open password), and the optional password required to edit the document ( owner password).

The various ‘disable’ options such as ‘disable printing’ and ‘copying using the clipboard’, is exclusive to PDF files. The various MS-Office file formats do not support these restrictions.

SharePoint Designer - Secure

For more details about securing documents using SharePoint Designer, see this blog post.

Nintex Workflow

Muhimbi supports all common Nintex Workflow versions (SP2007-SP2019), an ideal platform for beginners and professionals to create and visualise workflows. Applying security restrictions is a matter of filling in the blanks.

Specify the document to process, where to write it to, the optional password required to open the document ( open password), and the optional password required to edit the document ( owner password).

The various ‘disable’ options such as ‘disable printing’ and ’disable content copying, is exclusive to PDF files. The various MS-Office file formats do not support these restrictions.

Nintex Secure

For details about how to enable our Nintex Workflow actions, see this Knowledge Base article. A detailed blog post about how to use the Secure Document Nintex action can be found here.

Power Automate, Power Apps and Logic Apps

The fastest growing workflow platform in the world is Microsoft Power Automate (and by extension Power Apps and Logic Apps). We provide extensive support for this platform by exposing all features provided by our core engine including Document Conversion, File Security, PDF Merging, OCR and watermarking.

Specify the document to process, where to write it to, the optional password required to open the document ( open password), and the optional password required to edit the document ( owner password).

The various ‘disable’ options such as ‘disable printing’ and ‘copying using the clipboard’, is exclusive to PDF files. The various MS-Office file formats do not support these restrictions.

Power Automate Secure

For an overview of our Power Platform Tutorials and videos, see this Knowledge Base article.

Applying security in real-time (‘on open’)

One of the most powerful features provided by Muhimbi’s range of software and services is the ability to apply watermarks in real-time when documents are opened.

But this blog post is about security, why are we talking about watermarking?

Well, quite often you want to make sure that watermarks cannot easily be removed or modified by users. This can be achieved by applying an owner password to the document. This doesn’t stop users from opening the documents, but without the appropriate password they cannot edit the file. From this release onwards, this works for PDF, MS-Word, Excel and PowerPoint files.

Naturally there are other good reasons to apply security settings, in real-time, when a file is opened by a user. Perhaps you want to make sure that documents marked as ‘Final’ cannot be edited, or that members of a certain group require a special password in order to view or edit a file.

There are many other use cases, but the most common one we see is what we call ‘DRM Light’. User details such as full name, user id, ip-address and time stamp are embedded in the document, either visibly or hidden, after which a file is secured using an owner password to prevent editing. If a document then shows up in a place where it is not supposed to (e.g. in a data leak) then you know exactly who to reach out to and have a bit of a difficult conversation with.

For more details see the blog posts about this technology for SharePoint on-premise, and SharePoint Online. The screenshot below illustrates how this can be enabled for the different document types.

Secure On Open - SP2016

If real-time processing is of interest, especially in combination with SharePoint Online, then please familiarise yourself with Watermark & Secure ‘OnOpen’ in SharePoint Online - FAQ.

Differences between file formats

Although we allow various different file formats to be secured, each file type has its own strengths and weaknesses. For example the PDF standard allows a range of individual restrictions to be applied to a PDF File, whereas MS-Office has a much simpler security model.

All supported files formats have the following in common:

  • Open Password: By specifying an optional open password, users need to provide the password in order to see the contents of the document. Once opened, the file can be edited unless an owner password is specified as well.

  • Owner Password: When the optional owner password is specified, users can open the file without needing to know the password, but they cannot make changes to the document unless they have access to the owner password. Please note that in order to apply restrictions to PDF files (disable print etc), an owner password must be specified and that owner password must be different from the open password.

The main differences between the various file types, in the context of applying security, can be found below:

  • PDF: The PDF standard supports additional security features such as restrict printing, restrict content copying, etc. These restrictions are not supported by the various Office file formats. Please note that in order to apply restrictions to PDF files, an owner password must be specified and that owner password must be different from the open password.

  • MS-Word: MS-Word supports the standard open and owner passwords described above. If the source document is already encrypted by means of an open password then it is not possible to change the open or owner password.

  • Excel: Excel supports the standard open and owner passwords described above. If the source document is already encrypted by means of an open password then it is not possible to change the open or owner password.

  • PowerPoint: PowerPoint supports the standard open and owner passwords described above. If the source document is already encrypted by means of an open password then it is not possible to change the open or owner password. In addition, if the source presentation is already secured using an owner password (read-only) then it is not possible to add an open password or update the owner password.

Caveats

Different file formats all have their own peculiarities so it is important to be aware of the limitations and potential issues that may arise.

  1. Modern Office formats only: Applying security  is only supported in modern Office formats (DOCX, XLSX, PPTX), legacy formats (DOC, XLS, PPT) are not supported. If this is a problem then use the Muhimbi PDF Converter’s other facilities to convert old style documents to their modern equivalents.

  2. Real-time security in SP on-premise: The interaction between MS-Office and different SharePoint on-premise versions is extremely complex. To keep things manageable our software disables co-authoring (multiple people editing the same document at the same time) on libraries that have real-time watermarking or security enabled, and where our ‘Apply when editing’ setting is enabled.

    Due to the way Office files are fetched, for the more modern SharePoint versions it is recommended to enable the ‘Apply when editing’ setting to make sure watermarks and security settings are consistently applied. This only applies to our real-time processing facilities, applying watermarks and security via workflows does not suffer from this limitation.

  3. Real-time facilities on read-only files recommendation: It is important to put some serious thought in how your documents will be used. Imagine that automatic security is applied every time a document is opened. A user opens the document for editing purposes and then saves it back into SharePoint… INCLUDING THE NEW PASSWORD. From this point forward the password protection is permanent and can no longer be changed unless manually removed by someone with access to the appropriate password. It is for this reason that we recommend using either a filter to only apply real-time security in certain situations, or to only enable it on read-only documents or folders specially created and maintained for sharing these documents.

  4. Office Web Apps: When using real-time watermarking and Internet Explorer is used in combination with Office Web Apps, we recommend setting the ‘Default open behaviour’ to ‘Open in the client application’ and not to ‘Open in the Browser’ (‘Advanced Library’ settings for the relevant Lists and Libraries).

This new functionality is very powerful and in some cases complex. Any questions? Leave a comment below or drop us a line, we love to help.

Author
Clavin Fernandes Developer Relations and Support Services

Clavin is a Microsoft Business Applications MVP who supports 1,000+ high-level enterprise customers with challenges related to PDF conversion in combination with SharePoint on-premises Office 365, Azure, Nintex, K2, and Power Platform mostly no-code solutions.

Explore related topics

Share post
Free trial Ready to get started?
Free trial