Share via

How to read IRM protected excel file using graph api from backend code

Molagavalli, Sharath (Wipro Technologies) 20 Reputation points
2025-01-17T14:11:37.0333333+00:00

We have a requirement to programmatically read IRM Protected excel file with Graph API using a backend process which is a AWS Lambda function.

Below setup works fine to read an excel file which doesnt have any protection.

  1. Azure app registration has been created to authorize requests to sharepoint, it has all permissions required w.r.t Graph api.
  2. AWS Lambda uses the client credentials of Azure app registration to connect to excel in sharepoint using below graph api endpoint
    1. https://graph.microsoft.com/v1.0/sites/{sites-id}/drives/{drives-id}/items/{items-id}/workbook/worksheets/{sheet-name}/usedRange
  3. Azure app has been added to the sharepoint site
  4. Able to read excel files without IRM protection successfully from AWS Lambda.
  5. However, there is an excel file with IRM Protection which gives error as shown below when tried to run the AWS Lambda function.
{
  "response": {
    "error": {
      "code": "OpenWorkbookAccessDenied",
      "message": "You do not have permissions to open this file.",
      "innerError": {
        "code": "forbiddenUncategorized",
        "message": "The request is not allowed.",
        "innerError": {
          "code": "OpenWorkbookAccessDenied",
          "message": "You do not have permissions to open this file."
        },
        "date": "2024-12-20T06:39:24",
        "request-id": "1df612e0-234f-4cf6-9f17-c5664ec97b60",
        "client-request-id": "1df612e0-234f-4cf6-9f17-c5664ec97b60"
      }
    }
  }
}

Note:

"Access content Programmatically" option has been enabled in the excel, as described in below article https://support.microsoft.com/en-us/office/restrict-access-to-documents-with-information-rights-management-in-word-94aa8ab1-465e-42d7-a323-d61f911b2d0f

I understand that the permissions can be granted to users within the IRM Protected excel, however what type of account can be used to read the file programmatically.

Please advise.

Regards,

Sharath Molagavalli

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
12,919 questions
SharePoint Development
SharePoint Development
SharePoint: A group of Microsoft Products and technologies used for sharing and managing content, knowledge, and applications.Development: The process of researching, productizing, and refining new or existing technologies.
3,241 questions
0 comments
Accepted answer
  1. Emily Du-MSFT 49,461 Reputation points Microsoft Vendor
    2025-01-20T09:37:15.2966667+00:00

    Per my knowledge, when IRM protection is enabled for an excel file, the file content is subject to stricter access control, which means that not only the appropriate API permissions are required, but also the ability to authenticate through Microsoft's rights management system,

    Users have the corresponding permissions can access the protected content. But there is no Azure app registration account can read IRM-protected content programmatically currently.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.