Microsoft 365: konfigurace pro online služby, aby používala službu Azure Rights ManagementMicrosoft 365: Configuration for online services to use the Azure Rights Management service

Platí pro *: Azure Information Protection, Office 365****Applies to*: Azure Information Protection, Office 365

*Relevantní pro: AIP s jednotným označením klienta a klasického klienta**Relevant for: AIP unified labeling client and classic client*

Poznámka

Pro zajištění jednotného a zjednodušeného prostředí pro zákazníky se Azure Information Protection klasický klient a Správa štítků na portálu Azure Portal od 31. března 2021.To provide a unified and streamlined customer experience, the Azure Information Protection classic client and Label Management in the Azure Portal are deprecated as of March 31, 2021. I když klasický klient nadále funguje tak, jak je nakonfigurován, není k dispozici žádná další podpora a verze údržby již nebudou pro klasického klienta uvolněny.While the classic client continues to work as configured, no further support is provided, and maintenance versions will no longer be released for the classic client.

Doporučujeme migrovat na jednotné označování a upgradovat na klienta jednotného označování.We recommend that you migrate to unified labeling and upgrade to the unified labeling client. Další informace najdete na našem nedávný blogo vyřazení.Learn more in our recent deprecation blog.

Následující části vám pomůžou nakonfigurovat Exchange Online, Microsoft SharePoint a Microsoft OneDrive, aby používaly službu Azure Rights Management z Azure Information Protection.Use the following sections to help you configure Exchange Online, Microsoft SharePoint, and Microsoft OneDrive to use the Azure Rights Management service from Azure Information Protection.

Exchange Online: Konfigurace IRMExchange Online: IRM Configuration

Informace o tom, jak Exchange Online spolupracuje se službou Azure Rights Management, najdete v části Exchange Online a Exchange Server v tématu jak aplikace a služby Office podporují Azure Rights Management.For information about how Exchange Online works with the Azure Rights Management service, see the Exchange Online and Exchange Server section from How Office applications and services support Azure Rights Management.

Je možné, že Exchange Online už má povoleno používat službu Azure Rights Management.Exchange Online might already be enabled to use the Azure Rights Management service. Chcete-li ověřit, spusťte následující příkazy:To check, run the following commands:

  1. Pokud je to poprvé, co jste použili prostředí Windows PowerShell pro systém Exchange Online ve svém počítači, musíte nakonfigurovat prostředí Windows PowerShell ke spouštění podepsaných skriptů.If this is the first time that you have used Windows PowerShell for Exchange Online on your computer, you must configure Windows PowerShell to run signed scripts. Spusťte relaci prostředí Windows PowerShell pomocí možnosti Spustit jako správce a pak zadejte:Start your Windows PowerShell session by using the Run as administrator option, and then type:

    Set-ExecutionPolicy RemoteSigned
    

    Potvrďte stisknutím klávesy Y .Press Y to confirm.

  2. V relaci prostředí Windows PowerShell se přihlaste do systému Exchange Online pomocí účtu, který má povolen vzdálený přístup do prostředí.In your Windows PowerShell session, sign in to Exchange Online by using an account that is enabled for remote Shell access. Ve výchozím nastavení jsou povoleny všechny účty, které jsou vytvořeny v systému Exchange Online pro vzdálený přístup pomocí prostředí shell, ale mohou být zakázány (a povoleny) pomocí příkazu set-User < UserIdentity > -RemotePowerShellEnabled .By default, all accounts that are created in Exchange Online are enabled for remote Shell access but this can be disabled (and enabled) by using the Set-User <UserIdentity> -RemotePowerShellEnabled command.

    Pokud se chcete přihlásit, nejdřív zadejte:To sign in, first type:

    $Cred = Get-Credential
    

    Pak v dialogovém okně žádost o přihlašovací údaje Windows PowerShell zadejte svoje Microsoft 365 uživatelské jméno a heslo.Then, in the Windows PowerShell credential request dialog box, supply your Microsoft 365 user name and password.

  3. Připojte se ke službě Exchange Online pomocí prvního nastavení proměnné:Connect to the Exchange Online service by first setting a variable:

    $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $Cred -Authentication Basic –AllowRedirection
    

    Pak spusťte následující příkaz:Then run the following command:

    Import-PSSession $Session
    
  4. Spuštěním příkazu Get-IRMConfiguration zobrazte konfiguraci Exchange Online pro službu ochrany:Run the Get-IRMConfiguration command to view your Exchange Online configuration for the protection service:

    Get-IRMConfiguration
    

    Z výstupu Najděte hodnotu AzureRMSLicensingEnabled :From the output, locate the AzureRMSLicensingEnabled value:

    • Pokud je AzureRMSLicensingEnabled nastavené na hodnotu true, je Exchange Online už pro službu Azure Rights Management povolený.If AzureRMSLicensingEnabled is set to True, Exchange Online is already enabled for the Azure Rights Management service.

    • Pokud je AzureRMSLicensingEnabled nastavené na false, spusťte následující příkaz, který povolí Exchange Online pro službu Azure Rights Management: Set-IRMConfiguration -AzureRMSLicensingEnabled $trueIf AzureRMSLicensingEnabled is set False, run the follow command to enable Exchange Online for the Azure Rights Management service: Set-IRMConfiguration -AzureRMSLicensingEnabled $true

  5. Pokud chcete otestovat, jestli je Exchange Online správně nakonfigurovaný, spusťte následující příkaz:To test that Exchange Online is configured successfully, run the following command:

    Test-IRMConfiguration -Sender <user email address>
    

    Příklad: test-IRMConfiguration-Sender adams @ contoso.comFor example: Test-IRMConfiguration -Sender adams@contoso.com

    Tento příkaz spustí řadu kontrol, která zahrnuje ověření konektivity ke službě, načítání konfigurace, načítání identifikátorů URI, licencí a libovolných šablony.This command runs a series of checks that includes verifying connectivity to the service, retrieving the configuration, retrieving URIs, licenses, and any templates. V relaci prostředí Windows PowerShell se zobrazí jednotlivé výsledky a pokud vše projde těmito kontrolami: CELKOVÝ VÝSLEDEK: ÚSPĚCHIn the Windows PowerShell session, you will see the results of each and at the end, if everything passes these checks: OVERALL RESULT: PASS

Když je povolený Exchange Online, můžete pomocí služby Azure Rights Management nakonfigurovat funkce, které automaticky používají ochranu informací, jako jsou pravidla toku pošty, Zásady ochrany před únikem informací (DLP)a chráněná hlasová pošta (Unified Messaging).When Exchange Online is enabled to use the Azure Rights Management service, you can configure features that apply information protection automatically, such as mail flow rules, data loss prevention (DLP) policies, and protected voice mail (Unified Messaging).

SharePoint v Microsoft 365 a OneDrivu: Konfigurace IRMSharePoint in Microsoft 365 and OneDrive: IRM Configuration

Informace o tom, jak služba SharePoint IRM funguje se službou Azure Rights Management, najdete v tématu SharePoint v Microsoft 365 a sharepointovém serveru v části Rights Management ochrana této dokumentace.For information about how SharePoint IRM works with the Azure Rights Management service, see SharePoint in Microsoft 365 and SharePoint Server from the Rights Management protection section of this documentation.

Pokud chcete nakonfigurovat SharePoint na Microsoft 365 a OneDrive tak, aby podporoval službu Azure Rights Management, musíte nejdřív povolit službu Správa přístupových práv k informacím (IRM) pro SharePoint pomocí centra pro správu služby SharePoint.To configure SharePoint in Microsoft 365 and OneDrive to support the Azure Rights Management service, you must first enable the information rights management (IRM) service for SharePoint by using the SharePoint admin center. Potom můžou vlastníci webu chránit pomocí IRM své seznamy SharePointu a knihovny dokumentů a uživatelé můžou chránit svoje knihovny na OneDrivu, aby se dokumenty, které tam uložily a sdílely s ostatními, automaticky chránily službou Azure Rights Management.Then, site owners can IRM-protect their SharePoint lists and document libraries, and users can IRM-protect their OneDrive library so that documents that are saved there, and shared with others, are automatically protected by the Azure Rights Management service.

Poznámka

Knihovny chráněné technologií IRM pro SharePoint v Microsoft 365 a OneDrive vyžadují nejnovější verzi nového klienta služby synchronizace OneDrive (OneDrive.exe) a verzi klienta RMS z webu Microsoft Download Center.IRM-protected libraries for SharePoint in Microsoft 365 and OneDrive require the latest version of the new OneDrive sync client (OneDrive.exe), and the version of the RMS client from the Microsoft Download Center. Tuto verzi klienta služby RMS nainstalujte i v případě, že jste nainstalovali klienta Azure Information Protection.Install this version of the RMS client even if you have installed the Azure Information Protection client. Další informace o tomto scénáři nasazení najdete v tématu nasazení nového synchronizačního klienta OneDrivu v podnikovém prostředí.For more information about this deployment scenario, see Deploy the new OneDrive sync client in an enterprise environment.

Pokud chcete povolit službu Správa přístupových práv k informacím (IRM) pro SharePoint, přečtěte si následující pokyny v dokumentaci k Office:To enable the information rights management (IRM) service for SharePoint, see the following instructions from the Office documentation:

Tuto konfiguraci provádí správce Microsoft 365.This configuration is done by the Microsoft 365 administrator.

Konfigurace IRM pro seznamy a knihovnyConfiguring IRM for libraries and lists

Po povolení služby IRM pro SharePoint můžou vlastníci chránit pomocí IRM své seznamy a knihovny dokumentů ve službě SharePoint.After you have enabled the IRM service for SharePoint, site owners can IRM-protect their SharePoint document libraries and lists. Pokyny naleznete v následující tématu na webu Office:For instructions, see the following from the Office website:

Tato konfigurace se provádí správce webu služby SharePoint.This configuration is done by the SharePoint site administrator.

Konfigurace IRM pro OneDriveConfiguring IRM for OneDrive

Po povolení služby IRM pro SharePoint můžete nakonfigurovat knihovnu dokumentů OneDrive nebo jednotlivé složky uživatelů pro Rights Management ochranu.After you have enabled the IRM service for SharePoint, users' OneDrive document library or individual folders can then be configured for Rights Management protection. Uživatelé to můžou nakonfigurovat pro sebe sama pomocí svého webu OneDrive.Users can configure this for themselves by using their OneDrive website. I když správci nemůžou nakonfigurovat tuto ochranu pomocí centra pro správu služby SharePoint, můžete to udělat pomocí Windows PowerShellu.Although administrators cannot configure this protection for them by using the SharePoint admin center, you can do this by using Windows PowerShell.

Poznámka

Další informace o konfiguraci OneDrivu najdete v dokumentaci k OneDrivu .For more information about configuring OneDrive, see the OneDrive documentation.

Konfigurace pro uživateleConfiguration for users

Poskytněte uživatelům následující pokyny, aby mohli nakonfigurovat svůj OneDrive k ochraně svých obchodních souborů.Give users the following instructions so that they can configure their OneDrive to protect their business files.

  1. Přihlaste se k Microsoft 365 pomocí svého pracovního nebo školního účtu a přejít na web OneDrive.Sign in to Microsoft 365 with your work or school account and go to the OneDrive website.

  2. V navigačním podokně v dolní části vyberte možnost vrátit se k klasickému OneDrivu.In the navigation pane, at the bottom, select Return to classic OneDrive.

  3. Vyberte ikonu Nastavení .Select the Settings icon. Pokud je pás karet nastavený na vypnuto, v podokně Nastavení vyberte toto nastavení, aby se pás karet zapnutý.In the Settings pane, if the Ribbon is set to Off, select this setting to turn the ribbon on.

  4. Pokud chcete nakonfigurovat všechny soubory OneDrive, aby byly chráněné, vyberte na pásu karet kartu Knihovna a pak vyberte Nastavení knihovny.To configure all OneDrive files to be protected, select the LIBRARY tab from the ribbon, and then select Library Settings.

  5. Na stránce Nastavení dokumentů > v části oprávnění a správa vyberte informace Rights Management.On the Documents > Settings page, in the Permissions and Management section, select Information Rights Management.

  6. Na stránce nastavení Rights Management informace zaškrtněte políčko omezit oprávnění k této knihovně při stažení .On the Information Rights Management Settings page, select Restrict permissions on this library on download check box. Zadejte název a popis oprávnění a volitelně klikněte na tlačítko Zobrazit možnosti pro konfiguraci volitelných konfigurací a pak klikněte na tlačítko OK.Specify your choice of name and a description for the permissions, and optionally, click SHOW OPTIONS to configure optional configurations, and then click OK.

    Další informace o možnostech konfigurace naleznete v pokynech v části Použít Information Rights Management na seznam nebo knihovnu z dokumentace Office.For more information about the configuration options, see the instructions in Apply Information Rights Management to a list or library from the Office documentation.

Vzhledem k tomu, že se tato konfigurace spoléhá spíše na uživatele než na správce ochrany IRM pro ochranu svých souborů na OneDrivu, informujte uživatele o výhodách ochrany svých souborů a o tom, jak to udělat.Because this configuration relies on users rather than an administrator to IRM-protect their OneDrive files, educate users about the benefits of protecting their files and how to do this. Například vysvětlete, že při sdílení dokumentu z OneDrivu mají přístup k němu jenom lidé, kterým autorizují, a to i v případě, že se soubor přejmenuje a zkopíruje někam jinam.For example, explain that when they share a document from OneDrive, only people they authorize can access it with any restrictions that they configure, even if the file is renamed and copied somewhere else.

Konfigurace pro správceConfiguration for administrators

I když nemůžete konfigurovat IRM pro uživatele OneDrive pomocí centra pro správu služby SharePoint, můžete to udělat pomocí Windows PowerShellu.Although you cannot configure IRM for users' OneDrive by using the SharePoint admin center, you can do this by using Windows PowerShell. Chcete-li povolit IRM pro tyto knihovny, postupujte následovně:To enable IRM for these libraries, follow these steps:

  1. Stáhněte a nainstalujte sadu SharePoint Client Components SDK.Download and install the SharePoint Client Components SDK.

  2. Stáhněte a nainstalujte prostředí pro správu služby SharePoint.Download and install the SharePoint Management Shell.

  3. Zkopírujte obsah následujícího skriptu a pojmenujte soubor Set-IRMOnOneDriveForBusiness.ps1 do vašeho počítače.Copy the contents of the following script and name the file Set-IRMOnOneDriveForBusiness.ps1 on your computer.

    **Právní omezení**: Tento vzorový skript není podporován v rámci žádného standardního programu či služby podpory společnosti Microsoft.**Disclaimer**: This sample script is not supported under any Microsoft standard support program or service. Tento vzorový skript je poskytován TAK, JAK JE, bez jakékoli záruky.This sample script is provided AS IS without warranty of any kind.

    # Requires Windows PowerShell version 3
    
    <#
      Description:
    
        Configures IRM policy settings for OneDrive and can also be used for SharePoint libraries and lists
    
     Script Installation Requirements:
    
       SharePoint Client Components SDK
       https://www.microsoft.com/download/details.aspx?id=42038
    
       SharePoint Management Shell
       https://www.microsoft.com/download/details.aspx?id=35588
    
    ======
    #>
    
    # URL will be in the format https://<tenant-name>-admin.sharepoint.com
    $sharepointAdminCenterUrl = "https://contoso-admin.sharepoint.com"
    
    $tenantAdmin = "admin@contoso.com"
    
    $webUrls = @("https://contoso-my.sharepoint.com/personal/user1_contoso_com",
                 "https://contoso-my.sharepoint.com/personal/user2_contoso_com",
                 "https://contoso-my.sharepoint.com/personal/user3_contoso_com")
    
    <# As an alternative to specifying the URLs as an array, you can import them from a CSV file (no header, single value per row).
       Then, use: $webUrls = Get-Content -Path "File_path_and_name.csv"
    
    #>
    
    $listTitle = "Documents"
    
    function Load-SharePointOnlineClientComponentAssemblies
    {
        [cmdletbinding()]
        param()
    
        process
        {
            # assembly location: C:\Program Files\Common Files\microsoft shared\Web Server Extensions\16\ISAPI
            try
            {
                Write-Verbose "Loading Assembly: Microsoft.Office.Client.Policy, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
                [System.Reflection.Assembly]::Load("Microsoft.Office.Client.Policy, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null
    
                Write-Verbose "Loading Assembly: Microsoft.Office.Client.TranslationServices, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
                [System.Reflection.Assembly]::Load("Microsoft.Office.Client.TranslationServices, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null
    
                Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
                [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null
    
                Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client.DocumentManagement, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
                [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client.DocumentManagement, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null
    
                Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client.Publishing, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
                [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client.Publishing, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null
    
                Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client.Runtime, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
                [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client.Runtime, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null
    
                Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client.Search.Applications, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
                [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client.Search.Applications, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null
    
                Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client.Search, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
                [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client.Search, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null
    
                Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client.Taxonomy, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
                [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client.Taxonomy, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null
    
                Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client.UserProfiles, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
                [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client.UserProfiles, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null
    
                return $true
            }
            catch
            {
                if($_.Exception.Message -match "Could not load file or assembly")
                {
                    Write-Error -Message "Unable to load the SharePoint Server 2013 Client Components.`nDownload Location: https://www.microsoft.com/download/details.aspx?id=42038"
                }
                else
                {
                    Write-Error -Exception $_.Exception
                }
                return $false
            }
        }
    }
    
    function Load-SharePointOnlineModule
    {
        [cmdletbinding()]
        param()
    
        process
        {
            do
            {
                # Installation location: C:\Program Files\SharePoint Online Management Shell\Microsoft.Online.SharePoint.PowerShell
                $spoModule = Get-Module -Name Microsoft.Online.SharePoint.PowerShell -ErrorAction SilentlyContinue
    
                if(-not $spoModule)
                {
                    try
                    {
                        Import-Module Microsoft.Online.SharePoint.PowerShell -DisableNameChecking
                        return $true
                    }
                    catch
                    {
                        if($_.Exception.Message -match "Could not load file or assembly")
                        {
                            Write-Error -Message "Unable to load the SharePoint Online Management Shell.`nDownload Location: https://www.microsoft.com/download/details.aspx?id=35588"
                        }
                        else
                        {
                            Write-Error -Exception $_.Exception
                        }
                        return $false
                    }
                }
                else
                {
                    return $true
                }
            }
            while(-not $spoModule)
        }
    }
    
    function Set-IrmConfiguration
    {
        [cmdletbinding()]
        param(
            [parameter(Mandatory=$true)][Microsoft.SharePoint.Client.List]$List,
            [parameter(Mandatory=$true)][string]$PolicyTitle,
            [parameter(Mandatory=$true)][string]$PolicyDescription,
            [parameter(Mandatory=$false)][switch]$IrmReject,
            [parameter(Mandatory=$false)][DateTime]$ProtectionExpirationDate,
            [parameter(Mandatory=$false)][switch]$DisableDocumentBrowserView,
            [parameter(Mandatory=$false)][switch]$AllowPrint,
            [parameter(Mandatory=$false)][switch]$AllowScript,
            [parameter(Mandatory=$false)][switch]$AllowWriteCopy,
            [parameter(Mandatory=$false)][int]$DocumentAccessExpireDays,
            [parameter(Mandatory=$false)][int]$LicenseCacheExpireDays,
            [parameter(Mandatory=$false)][string]$GroupName
        )
    
        process
        {
            Write-Verbose "Applying IRM Configuration on '$($List.Title)'"
    
            # reset the value to the default settings
            $list.InformationRightsManagementSettings.Reset()
    
            $list.IrmEnabled = $true
    
            # IRM Policy title and description
    
                $list.InformationRightsManagementSettings.PolicyTitle       = $PolicyTitle
                $list.InformationRightsManagementSettings.PolicyDescription = $PolicyDescription
    
            # Set additional IRM library settings
    
                # Do not allow users to upload documents that do not support IRM
                $list.IrmReject = $IrmReject.IsPresent
    
                $parsedDate = Get-Date
                if([DateTime]::TryParse($ProtectionExpirationDate, [ref]$parsedDate))
                {
                    # Stop restricting access to the library at <date>
                    $list.IrmExpire = $true
                    $list.InformationRightsManagementSettings.DocumentLibraryProtectionExpireDate = $ProtectionExpirationDate
                }
    
                # Prevent opening documents in the browser for this Document Library
                $list.InformationRightsManagementSettings.DisableDocumentBrowserView = $DisableDocumentBrowserView.IsPresent
    
            # Configure document access rights
    
                # Allow viewers to print
                $list.InformationRightsManagementSettings.AllowPrint = $AllowPrint.IsPresent
    
                # Allow viewers to run script and screen reader to function on downloaded documents
                $list.InformationRightsManagementSettings.AllowScript = $AllowScript.IsPresent
    
                # Allow viewers to write on a copy of the downloaded document
                $list.InformationRightsManagementSettings.AllowWriteCopy = $AllowWriteCopy.IsPresent
    
                if($DocumentAccessExpireDays)
                {
                    # After download, document access rights will expire after these number of days (1-365)
                    $list.InformationRightsManagementSettings.EnableDocumentAccessExpire = $true
                    $list.InformationRightsManagementSettings.DocumentAccessExpireDays   = $DocumentAccessExpireDays
                }
    
            # Set group protection and credentials interval
    
                if($LicenseCacheExpireDays)
                {
                    # Users must verify their credentials using this interval (days)
                    $list.InformationRightsManagementSettings.EnableLicenseCacheExpire = $true
                    $list.InformationRightsManagementSettings.LicenseCacheExpireDays   = $LicenseCacheExpireDays
                }
    
                if($GroupName)
                {
                    # Allow group protection. Default group:
                    $list.InformationRightsManagementSettings.EnableGroupProtection = $true
                    $list.InformationRightsManagementSettings.GroupName             = $GroupName
                }
        }
        end
        {
            if($list)
            {
                Write-Verbose "Committing IRM configuration settings on '$($list.Title)'"
                $list.InformationRightsManagementSettings.Update()
                $list.Update()
                $script:clientContext.Load($list)
                $script:clientContext.ExecuteQuery()
            }
        }
    }
    
    function Get-CredentialFromCredentialCache
    {
        [cmdletbinding()]
        param([string]$CredentialName)
    
        #if( Test-Path variable:\global:CredentialCache )
        if( Get-Variable O365TenantAdminCredentialCache -Scope Global -ErrorAction SilentlyContinue )
        {
            if($global:O365TenantAdminCredentialCache.ContainsKey($CredentialName))
            {
                Write-Verbose "Credential Cache Hit: $CredentialName"
                return $global:O365TenantAdminCredentialCache[$CredentialName]
            }
        }
        Write-Verbose "Credential Cache Miss: $CredentialName"
        return $null
    }
    
    function Add-CredentialToCredentialCache
    {
        [cmdletbinding()]
        param([System.Management.Automation.PSCredential]$Credential)
    
        if(-not (Get-Variable CredentialCache -Scope Global -ErrorAction SilentlyContinue))
        {
            Write-Verbose "Initializing the Credential Cache"
            $global:O365TenantAdminCredentialCache = @{}
        }
    
        Write-Verbose "Adding Credential to the Credential Cache"
        $global:O365TenantAdminCredentialCache[$Credential.UserName] = $Credential
    }
    
    # load the required assemblies and Windows PowerShell modules
    
        if(-not ((Load-SharePointOnlineClientComponentAssemblies) -and (Load-SharePointOnlineModule)) ) { return }
    
    # Add the credentials to the client context and SharePoint service connection
    
        # check for cached credentials to use
        $o365TenantAdminCredential = Get-CredentialFromCredentialCache -CredentialName $tenantAdmin
    
        if(-not $o365TenantAdminCredential)
        {
            # when credentials are not cached, prompt for the tenant admin credentials
            $o365TenantAdminCredential = Get-Credential -UserName $tenantAdmin -Message "Enter the password for the Microsoft 365 admin"
    
            if(-not $o365TenantAdminCredential -or -not $o365TenantAdminCredential.UserName -or $o365TenantAdminCredential.Password.Length -eq 0 )
            {
                Write-Error -Message "Could not validate the supplied tenant admin credentials"
                return
            }
    
            # add the credentials to the cache
            Add-CredentialToCredentialCache -Credential $o365TenantAdminCredential
        }
    
    # connect to Office365 first, required for SharePoint cmdlets to run
    
        Connect-SPOService -Url $sharepointAdminCenterUrl -Credential $o365TenantAdminCredential
    
    # enumerate each of the specified site URLs
    
        foreach($webUrl in $webUrls)
        {
            $grantedSiteCollectionAdmin = $false
    
            try
            {
                # establish the client context and set the credentials to connect to the site
                $script:clientContext = New-Object Microsoft.SharePoint.Client.ClientContext($webUrl)
                $script:clientContext.Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($o365TenantAdminCredential.UserName, $o365TenantAdminCredential.Password)
    
                # initialize the site and web context
                $script:clientContext.Load($script:clientContext.Site)
                $script:clientContext.Load($script:clientContext.Web)
                $script:clientContext.ExecuteQuery()
    
                # load and ensure the tenant admin user account if present on the target SharePoint site
                $tenantAdminUser = $script:clientContext.Web.EnsureUser($o365TenantAdminCredential.UserName)
                $script:clientContext.Load($tenantAdminUser)
                $script:clientContext.ExecuteQuery()
    
                # check if the tenant admin is a site admin
                if( -not $tenantAdminUser.IsSiteAdmin )
                {
                    try
                    {
                        # grant the tenant admin temporary admin rights to the site collection
                        Set-SPOUser -Site $script:clientContext.Site.Url -LoginName $o365TenantAdminCredential.UserName -IsSiteCollectionAdmin $true | Out-Null
                        $grantedSiteCollectionAdmin = $true
                    }
                    catch
                    {
                        Write-Error $_.Exception
                        return
                    }
                }
    
                try
                {
                    # load the list orlibrary using CSOM
    
                    $list = $null
                    $list = $script:clientContext.Web.Lists.GetByTitle($listTitle)
                    $script:clientContext.Load($list)
                    $script:clientContext.ExecuteQuery()
    
                    # **************  ADMIN INSTRUCTIONS  **************
                    # If necessary, modify the following Set-IrmConfiguration parameters to match your required values
                    # The supplied options and values are for example only
                    # Example that shows the Set-IrmConfiguration command with all parameters: Set-IrmConfiguration -List $list -PolicyTitle "Protected Files" -PolicyDescription "This policy restricts access to authorized users" -IrmReject -ProtectionExpirationDate $(Get-Date).AddDays(180) -DisableDocumentBrowserView -AllowPrint -AllowScript -AllowWriteCopy -LicenseCacheExpireDays 25 -DocumentAccessExpireDays 90
    
                    Set-IrmConfiguration -List $list -PolicyTitle "Protected Files" -PolicyDescription "This policy restricts access to authorized users"  
                }
                catch
                {
                    Write-Error -Message "Error setting IRM configuration on site: $webUrl.`nError Details: $($_.Exception.ToString())"
                }
           }
           finally
           {
                if($grantedSiteCollectionAdmin)
                {
                    # remove the temporary admin rights to the site collection
                    Set-SPOUser -Site $script:clientContext.Site.Url -LoginName $o365TenantAdminCredential.UserName -IsSiteCollectionAdmin $false | Out-Null
                }
           }
        }
    
    Disconnect-SPOService -ErrorAction SilentlyContinue
    
  4. Zkontrolujte skript a proveďte následující změny:Review the script and make the following changes:

    1. Vyhledejte $sharepointAdminCenterUrl a nahraďte hodnotu příkladu vlastní adresou URL centra pro správu služeb SharePoint.Search for $sharepointAdminCenterUrl and replace the example value with your own SharePoint admin center URL.

      Tuto hodnotu najdete jako základní adresu URL při přechodu do centra pro správu služby SharePoint a má následující formát: https://< tenant_name >-admin.SharePoint.comYou'll find this value as the base URL when you go into the SharePoint admin center, and it has the following format: https://<tenant_name>-admin.sharepoint.com

      Například pokud je název tenanta "contoso", pak zadáte: https://contoso-admin.sharepoint.comFor example, if the tenant name is "contoso", then you would specify: https://contoso-admin.sharepoint.com

    2. Vyhledejte $tenantAdmin a nahraďte tuto ukázkovou hodnotu vlastním plně kvalifikovaným účtem globálního správce pro Microsoft 365.Search for $tenantAdmin and replace the example value with your own fully qualified global administrator account for Microsoft 365.

      Tato hodnota je stejná jako ta, kterou používáte pro přihlášení do centra pro správu Microsoft 365 jako globální správce a má následující formát: user_name@< název > domény tenanta. com.This value is the same as the one you use to sign in to the Microsoft 365 admin center as the global administrator and has the following format: user_name@<tenant domain name>.com

      Pokud je například uživatelské jméno globálního správce Microsoft 365 "admin" pro doménu tenanta "contoso.com", zadali byste: admin@contoso.comFor example, if the Microsoft 365 global administrator user name is "admin" for the "contoso.com" tenant domain, you would specify: admin@contoso.com

    3. Vyhledejte $webUrls a nahraďte ukázkové hodnoty adresami URL vašich uživatelů na webu OneDrive a přidejte nebo odstraňte tolik položek, kolik potřebujete.Search for $webUrls and replace the example values with your users' OneDrive web URLs, adding or deleting as many entries as you need.

      Alternativně si zobrazte komentáře ve skriptu o postupu, jak nahradit toto pole importováním souboru ,CSV, který obsahuje všechny adresy URL, jež potřebujete nakonfigurovat.Alternatively, see the comments in the script about how to replace this array by importing a .CSV file that contains all the URLs you need to configure. Připravili jsme vám další vzorový skript, který automaticky vyhledá a rozbalí adresy URL k naplnění souboru .CSV.We've provided another sample script to automatically search for and extract the URLs to populate this .CSV file. Až budete připraveni k tomu, použijte Další skript pro výstup všech adres URL OneDrivu do. Oddíl souboru CSV hned po provedení těchto kroků.When you're ready to do this, use the Additional script to output all OneDrive URLs to a .CSV file section immediately after these steps.

      Webová adresa URL pro OneDrive uživatele je v následujícím formátu: https://< název > tenanta– my.SharePoint.com/personal/< > user_name _ < název > tenanta _COMThe web URL for the user's OneDrive is in the following format: https://<tenant name>-my.sharepoint.com/personal/<user_name> _ <tenant name> _com

      Pokud má uživatel v tenantovi contoso například uživatelské jméno "rsimone", zadali byste: https://contoso-my.sharepoint.com/personal/rsimone_contoso_comFor example, if the user in the contoso tenant has a user name of "rsimone", you would specify: https://contoso-my.sharepoint.com/personal/rsimone_contoso_com

    4. Vzhledem k tomu, že používáme skript ke konfiguraci OneDrivu, neměňte hodnotu dokumentů pro $listTitle proměnnou.Because we are using the script to configure OneDrive, do not change the value of Documents for the $listTitle variable.

    5. Vyhledejte ADMIN INSTRUCTIONS.Search for ADMIN INSTRUCTIONS. Pokud neprovedete žádné změny v této části, bude OneDrive uživatele nakonfigurovaný pro IRM s názvem zásad "chráněné soubory" a popisem "Tato zásada omezuje přístup autorizovaných uživatelů".If you make no changes to this section, the user's OneDrive will be configured for IRM with the policy title of "Protected Files" and the description of "This policy restricts access to authorized users". Nebudou nastaveny žádné jiné možnosti IRM, což je pravděpodobně vhodné pro většinu prostředí.No other IRM options will be set, which is probably appropriate for most environments. Můžete však změnit doporučený název zásady a její popis a také přidat další možnosti IRM, které jsou vhodné pro vaše prostředí.However, you can change the suggested policy title and description, and also add any other IRM options that are appropriate for your environment. Viz komentovaný příklad ve skriptu, který vám pomůže vytvořit vlastní sadu parametrů pro příkaz Set-IrmConfiguration.See the commented example in the script to help you construct your own set of parameters for the Set-IrmConfiguration command.

  5. Uložte skript a podepište ho.Save the script and sign it. Pokud skript nepodepíšete (bezpečnější), je nutné prostředí Windows PowerShell nakonfigurovat ve vašem počítači ke spouštění nepodepsaných skriptů.If you do not sign the script (more secure), Windows PowerShell must be configured on your computer to run unsigned scripts. Chcete-li to provést, spusťte relaci prostředí Windows PowerShell s možností Spustit jako správce a zadejte: Set-ExecutionPolicy Unrestricted.To do this, run a Windows PowerShell session with the Run as Administrator option, and type: Set-ExecutionPolicy Unrestricted. Tato konfigurace však umožňuje spuštění všech nepodepsaných skriptů (méně bezpečné).However, this configuration lets all unsigned scripts run (less secure).

    Další informace o podepisování skriptů prostředí Windows PowerShell naleznete v tématu about_Signing v knihovně dokumentace k prostředí PowerShell.For more information about signing Windows PowerShell scripts, see about_Signing in the PowerShell documentation library.

  6. Spusťte skript a pokud se zobrazí výzva, zadejte heslo pro účet správce Microsoft 365.Run the script and if prompted, supply the password for the Microsoft 365 admin account. Když upravíte skript a spustíte ho ve stejné relaci prostředí Windows PowerShell, nebudete vyzváni k zadání přihlašovacích údajů.If you modify the script and run it in the same Windows PowerShell session, you won't be prompted for credentials.

Tip

Tento skript můžete také použít ke konfiguraci IRM pro knihovnu služby SharePoint.You can also use this script to configure IRM for a SharePoint library. Pro tuto konfiguraci budete pravděpodobně chtít povolit další možnost Nepovolit uživatelům odesílat dokumenty, které nepodporují IRM, aby bylo zajištěno, že knihovna obsahuje pouze chráněné dokumenty.For this configuration, you will likely want to enable the additional option Do not allow users to upload documents that do not support IRM, to ensure that the library contains only protected documents. Udělejte to tak, že přidáte parametr -IrmReject k příkazu Set-IrmConfiguration ve skriptu.To do that, add the -IrmReject parameter to the Set-IrmConfiguration command in the script.

Také je nutné upravit $webUrls proměnnou (například https: / /contoso.SharePoint.com) a $listTitle proměnnou (například $Reports).You would also need to modify the $webUrls variable (for example, https://contoso.sharepoint.com) and $listTitle variable (for example, $Reports).

Pokud potřebujete zakázat IRM pro knihovny OneDrivu uživatele, přečtěte si část skript zakázání IRM pro OneDrive .If you need to disable IRM for user's OneDrive libraries, see the Script to disable IRM for OneDrive section.

Další skript pro výstup všech adres URL OneDrivu do. Soubor CSVAdditional script to output all OneDrive URLs to a .CSV file

Pro krok 4C výše můžete k extrakci adres URL pro všechny knihovny OneDrive všech uživatelů použít následující skript Windows PowerShellu, které pak můžete v případě potřeby ověřit a upravit a pak je importovat do hlavního skriptu.For step 4c above, you can use the following Windows PowerShell script to extract the URLs for all users' OneDrive libraries, which you can then check, edit if necessary, and then import into the main script.

Tento skript také vyžaduje sadu SharePoint Client Components SDK a prostředí SharePoint Management Shell.This script also requires the SharePoint Client Components SDK and the SharePoint Management Shell. Postupujte podle stejných pokynů pro zkopírování a vložení a pak uložte soubor v místě (například „Report-OneDriveForBusinessSiteInfo.ps1“), upravte hodnoty $sharepointAdminCenterUrl a $tenantAdmin jako dříve a pak spusťte skript.Follow the same instructions to copy and paste it, save the file locally (for example, "Report-OneDriveForBusinessSiteInfo.ps1"), modify the $sharepointAdminCenterUrl and $tenantAdmin values as before, and then run the script.

**Právní omezení**: Tento vzorový skript není podporován v rámci žádného standardního programu či služby podpory společnosti Microsoft.**Disclaimer**: This sample script is not supported under any Microsoft standard support program or service. Tento vzorový skript je poskytován TAK, JAK JE, bez jakékoli záruky.This sample script is provided AS IS without warranty of any kind.

# Requires Windows PowerShell version 3

<#
  Description:

    Queries the search service of a Microsoft 365 tenant to retrieve all OneDrive sites.  
    Details of the discovered sites are written to a .CSV file (by default,"OneDriveForBusinessSiteInfo_<date>.csv").

 Script Installation Requirements:

   SharePoint Client Components SDK
   https://www.microsoft.com/download/details.aspx?id=42038

   SharePoint Management Shell
   https://www.microsoft.com/download/details.aspx?id=35588

======
#>

# URL will be in the format https://<tenant-name>-admin.sharepoint.com
$sharepointAdminCenterUrl = "https://contoso-admin.sharepoint.com"

$tenantAdmin = "admin@contoso.onmicrosoft.com"                           

$reportName = "OneDriveForBusinessSiteInfo_$((Get-Date).ToString("yyyy-MM-dd_hh.mm.ss")).csv"

$oneDriveForBusinessSiteUrls= @()
$resultsProcessed = 0

function Load-SharePointOnlineClientComponentAssemblies
{
    [cmdletbinding()]
    param()

    process
    {
        # assembly location: C:\Program Files\Common Files\microsoft shared\Web Server Extensions\16\ISAPI
        try
        {
            Write-Verbose "Loading Assembly: Microsoft.Office.Client.Policy, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
            [System.Reflection.Assembly]::Load("Microsoft.Office.Client.Policy, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null

            Write-Verbose "Loading Assembly: Microsoft.Office.Client.TranslationServices, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
            [System.Reflection.Assembly]::Load("Microsoft.Office.Client.TranslationServices, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null

            Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
            [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null

            Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client.DocumentManagement, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
            [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client.DocumentManagement, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null

            Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client.Publishing, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
            [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client.Publishing, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null

            Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client.Runtime, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
            [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client.Runtime, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null

            Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client.Search.Applications, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
            [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client.Search.Applications, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null

            Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client.Search, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
            [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client.Search, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null

            Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client.Taxonomy, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
            [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client.Taxonomy, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null

            Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client.UserProfiles, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
            [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client.UserProfiles, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null

            return $true
        }
        catch
        {
            if($_.Exception.Message -match "Could not load file or assembly")
            {
                Write-Error -Message "Unable to load the SharePoint Server 2013 Client Components.`nDownload Location: https://www.microsoft.com/download/details.aspx?id=42038"
            }
            else
            {
                Write-Error -Exception $_.Exception
            }
            return $false
        }
    }
}

function Load-SharePointOnlineModule
{
    [cmdletbinding()]
    param()

    process
    {
        do
        {
            # Installation location: C:\Program Files\SharePoint Online Management Shell\Microsoft.Online.SharePoint.PowerShell
            $spoModule = Get-Module -Name Microsoft.Online.SharePoint.PowerShell -ErrorAction SilentlyContinue

            if(-not $spoModule)
            {
                try
                {
                    Import-Module Microsoft.Online.SharePoint.PowerShell -DisableNameChecking
                    return $true
                }
                catch
                {
                    if($_.Exception.Message -match "Could not load file or assembly")
                    {
                        Write-Error -Message "Unable to load the SharePoint Online Management Shell.`nDownload Location: https://www.microsoft.com/download/details.aspx?id=35588"
                    }
                    else
                    {
                        Write-Error -Exception $_.Exception
                    }
                    return $false
                }
            }
            else
            {
                return $true
            }
        }
        while(-not $spoModule)
    }
}

function Get-CredentialFromCredentialCache
{
    [cmdletbinding()]
    param([string]$CredentialName)

    #if( Test-Path variable:\global:CredentialCache )
    if( Get-Variable O365TenantAdminCredentialCache -Scope Global -ErrorAction SilentlyContinue )
    {
        if($global:O365TenantAdminCredentialCache.ContainsKey($CredentialName))
        {
            Write-Verbose "Credential Cache Hit: $CredentialName"
            return $global:O365TenantAdminCredentialCache[$CredentialName]
        }
    }
    Write-Verbose "Credential Cache Miss: $CredentialName"
    return $null
}

function Add-CredentialToCredentialCache
{
    [cmdletbinding()]
    param([System.Management.Automation.PSCredential]$Credential)

    if(-not (Get-Variable CredentialCache -Scope Global -ErrorAction SilentlyContinue))
    {
        Write-Verbose "Initializing the Credential Cache"
        $global:O365TenantAdminCredentialCache = @{}
    }

    Write-Verbose "Adding Credential to the Credential Cache"
    $global:O365TenantAdminCredentialCache[$Credential.UserName] = $Credential
}

# load the required assemblies and Windows PowerShell modules

    if(-not ((Load-SharePointOnlineClientComponentAssemblies) -and (Load-SharePointOnlineModule)) ) { return }

# Add the credentials to the client context and SharePoint service connection

    # check for cached credentials to use
    $o365TenantAdminCredential = Get-CredentialFromCredentialCache -CredentialName $tenantAdmin

    if(-not $o365TenantAdminCredential)
    {
        # when credentials are not cached, prompt for the tenant admin credentials
        $o365TenantAdminCredential = Get-Credential -UserName $tenantAdmin -Message "Enter the password for the Office 365 admin"

        if(-not $o365TenantAdminCredential -or -not $o365TenantAdminCredential.UserName -or $o365TenantAdminCredential.Password.Length -eq 0 )
        {
            Write-Error -Message "Could not validate the supplied tenant admin credentials"
            return
        }

        # add the credentials to the cache
        Add-CredentialToCredentialCache -Credential $o365TenantAdminCredential
    }

# establish the client context and set the credentials to connect to the site

    $clientContext = New-Object Microsoft.SharePoint.Client.ClientContext($sharepointAdminCenterUrl)
    $clientContext.Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($o365TenantAdminCredential.UserName, $o365TenantAdminCredential.Password)

# run a query against the Microsoft 365 tenant search service to retrieve all OneDrive URLs

    do
    {
        # build the query object
        $query = New-Object Microsoft.SharePoint.Client.Search.Query.KeywordQuery($clientContext)
        $query.TrimDuplicates        = $false
        $query.RowLimit              = 500
        $query.QueryText             = "SPSiteUrl:'/personal/' AND contentclass:STS_Site"
        $query.StartRow              = $resultsProcessed
        $query.TotalRowsExactMinimum = 500000

        # run the query
        $searchExecutor = New-Object Microsoft.SharePoint.Client.Search.Query.SearchExecutor($clientContext)
        $queryResults = $searchExecutor.ExecuteQuery($query)
        $clientContext.ExecuteQuery()

        # enumerate the search results and store the site URLs
        $queryResults.Value[0].ResultRows | % {
            $oneDriveForBusinessSiteUrls += $_.Path
            $resultsProcessed++
        }
    }
    while($resultsProcessed -lt $queryResults.Value.TotalRows)

$oneDriveForBusinessSiteUrls | Out-File -FilePath $reportName
Skript pro zakázání IRM pro OneDriveScript to disable IRM for OneDrive

Pokud potřebujete zakázat IRM pro uživatele OneDrive, použijte následující vzorový skript.Use the following sample script if you need to disable IRM for users' OneDrive.

Tento skript také vyžaduje sadu SharePoint Client Components SDK a prostředí SharePoint Management Shell.This script also requires the SharePoint Client Components SDK and the SharePoint Management Shell. Zkopírujte a vložte obsah, uložte soubor v místě (například „Disable-IRMOnOneDriveForBusiness.ps1“) a upravte hodnoty $sharepointAdminCenterUrl a $tenantAdmin.Copy and paste the contents, save the file locally (for example, "Disable-IRMOnOneDriveForBusiness.ps1"), and modify the $sharepointAdminCenterUrl and $tenantAdmin values. Ručně zadejte adresy URL OneDrivu nebo použijte skript v předchozí části, abyste je mohli naimportovat a pak skript spustit.Manually specify the OneDrive URLs or use the script in the previous section so that you can import these, and then run the script.

**Právní omezení**: Tento vzorový skript není podporován v rámci žádného standardního programu či služby podpory společnosti Microsoft.**Disclaimer**: This sample script is not supported under any Microsoft standard support program or service. Tento vzorový skript je poskytován TAK, JAK JE, bez jakékoli záruky.This sample script is provided AS IS without warranty of any kind.

# Requires Windows PowerShell version 3

<#
  Description:

    Disables IRM for OneDrive and can also be used for SharePoint libraries and lists

 Script Installation Requirements:

   SharePoint Client Components SDK
   https://www.microsoft.com/download/details.aspx?id=42038

   SharePoint Management Shell
   https://www.microsoft.com/download/details.aspx?id=35588

======
#>

$sharepointAdminCenterUrl = "https://contoso-admin.sharepoint.com"

$tenantAdmin = "admin@contoso.com"

$webUrls = @("https://contoso-my.sharepoint.com/personal/user1_contoso_com",
             "https://contoso-my.sharepoint.com/personal/user2_contoso_com",
             "https://contoso-my.sharepoint.com/personal/person3_contoso_com")

<# As an alternative to specifying the URLs as an array, you can import them from a CSV file (no header, single value per row).
   Then, use: $webUrls = Get-Content -Path "File_path_and_name.csv"

#>

$listTitle = "Documents"

function Load-SharePointOnlineClientComponentAssemblies
{
    [cmdletbinding()]
    param()

    process
    {
        # assembly location: C:\Program Files\Common Files\microsoft shared\Web Server Extensions\16\ISAPI
        try
        {
            Write-Verbose "Loading Assembly: Microsoft.Office.Client.Policy, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
            [System.Reflection.Assembly]::Load("Microsoft.Office.Client.Policy, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null

            Write-Verbose "Loading Assembly: Microsoft.Office.Client.TranslationServices, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
            [System.Reflection.Assembly]::Load("Microsoft.Office.Client.TranslationServices, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null

            Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
            [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null

            Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client.DocumentManagement, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
            [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client.DocumentManagement, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null

            Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client.Publishing, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
            [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client.Publishing, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null

            Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client.Runtime, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
            [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client.Runtime, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null

            Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client.Search.Applications, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
            [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client.Search.Applications, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null

            Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client.Search, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
            [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client.Search, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null

            Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client.Taxonomy, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
            [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client.Taxonomy, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null

            Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client.UserProfiles, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
            [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client.UserProfiles, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null

            return $true
        }
        catch
        {
            if($_.Exception.Message -match "Could not load file or assembly")
            {
                Write-Error -Message "Unable to load the SharePoint Server 2013 Client Components.`nDownload Location: https://www.microsoft.com/download/details.aspx?id=42038"
            }
            else
            {
                Write-Error -Exception $_.Exception
            }
            return $false
        }
    }
}

function Load-SharePointOnlineModule
{
    [cmdletbinding()]
    param()

    process
    {
        do
        {
            # Installation location: C:\Program Files\SharePoint Online Management Shell\Microsoft.Online.SharePoint.PowerShell
            $spoModule = Get-Module -Name Microsoft.Online.SharePoint.PowerShell -ErrorAction SilentlyContinue

            if(-not $spoModule)
            {
                try
                {
                    Import-Module Microsoft.Online.SharePoint.PowerShell -DisableNameChecking
                    return $true
                }
                catch
                {
                    if($_.Exception.Message -match "Could not load file or assembly")
                    {
                        Write-Error -Message "Unable to load the SharePoint Online Management Shell.`nDownload Location: https://www.microsoft.com/download/details.aspx?id=35588"
                    }
                    else
                    {
                        Write-Error -Exception $_.Exception
                    }
                    return $false
                }
            }
            else
            {
                return $true
            }
        }
        while(-not $spoModule)
    }
}

function Remove-IrmConfiguration
{
    [cmdletbinding()]
    param(
        [parameter(Mandatory=$true)][Microsoft.SharePoint.Client.List]$List
    )

    process
    {
        Write-Verbose "Disabling IRM Configuration on '$($List.Title)'"

        $List.IrmEnabled = $false
        $List.IrmExpire  = $false
        $List.IrmReject  = $false
        $List.InformationRightsManagementSettings.Reset()
    }
    end
    {
        if($List)
        {
            Write-Verbose "Committing IRM configuration settings on '$($list.Title)'"
            $list.InformationRightsManagementSettings.Update()
            $list.Update()
            $script:clientContext.Load($list)
            $script:clientContext.ExecuteQuery()
        }
    }
}

function Get-CredentialFromCredentialCache
{
    [cmdletbinding()]
    param([string]$CredentialName)

    #if( Test-Path variable:\global:CredentialCache )
    if( Get-Variable O365TenantAdminCredentialCache -Scope Global -ErrorAction SilentlyContinue )
    {
        if($global:O365TenantAdminCredentialCache.ContainsKey($CredentialName))
        {
            Write-Verbose "Credential Cache Hit: $CredentialName"
            return $global:O365TenantAdminCredentialCache[$CredentialName]
        }
    }
    Write-Verbose "Credential Cache Miss: $CredentialName"
    return $null
}

function Add-CredentialToCredentialCache
{
    [cmdletbinding()]
    param([System.Management.Automation.PSCredential]$Credential)

    if(-not (Get-Variable CredentialCache -Scope Global -ErrorAction SilentlyContinue))
    {
        Write-Verbose "Initializing the Credential Cache"
        $global:O365TenantAdminCredentialCache = @{}
    }

    Write-Verbose "Adding Credential to the Credential Cache"
    $global:O365TenantAdminCredentialCache[$Credential.UserName] = $Credential
}

# load the required assemblies and Windows PowerShell modules

    if(-not ((Load-SharePointOnlineClientComponentAssemblies) -and (Load-SharePointOnlineModule)) ) { return }

# Add the credentials to the client context and SharePoint service connection

    # check for cached credentials to use
    $o365TenantAdminCredential = Get-CredentialFromCredentialCache -CredentialName $tenantAdmin

    if(-not $o365TenantAdminCredential)
    {
        # when credentials are not cached, prompt for the tenant admin credentials
        $o365TenantAdminCredential = Get-Credential -UserName $tenantAdmin -Message "Enter the password for the Office 365 admin"

        if(-not $o365TenantAdminCredential -or -not $o365TenantAdminCredential.UserName -or $o365TenantAdminCredential.Password.Length -eq 0 )
        {
            Write-Error -Message "Could not validate the supplied tenant admin credentials"
            return
        }

        # add the credentials to the cache
        Add-CredentialToCredentialCache -Credential $o365TenantAdminCredential
    }

# connect to Office365 first, required for SharePoint cmdlets to run

    Connect-SPOService -Url $sharepointAdminCenterUrl -Credential $o365TenantAdminCredential

# enumerate each of the specified site URLs

    foreach($webUrl in $webUrls)
    {
        $grantedSiteCollectionAdmin = $false

        try
        {
            # establish the client context and set the credentials to connect to the site
            $script:clientContext = New-Object Microsoft.SharePoint.Client.ClientContext($webUrl)
            $script:clientContext.Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($o365TenantAdminCredential.UserName, $o365TenantAdminCredential.Password)

            # initialize the site and web context
            $script:clientContext.Load($script:clientContext.Site)
            $script:clientContext.Load($script:clientContext.Web)
            $script:clientContext.ExecuteQuery()

            # load and ensure the tenant admin user account if present on the target SharePoint site
            $tenantAdminUser = $script:clientContext.Web.EnsureUser($o365TenantAdminCredential.UserName)
            $script:clientContext.Load($tenantAdminUser)
            $script:clientContext.ExecuteQuery()

            # check if the tenant admin is a site admin
            if( -not $tenantAdminUser.IsSiteAdmin )
            {
                try
                {
                    # grant the tenant admin temporary admin rights to the site collection
                    Set-SPOUser -Site $script:clientContext.Site.Url -LoginName $o365TenantAdminCredential.UserName -IsSiteCollectionAdmin $true | Out-Null
                    $grantedSiteCollectionAdmin = $true
                }
                catch
                {
                    Write-Error $_.Exception
                    return
                }
            }

            try
            {
                # load the list orlibrary using CSOM

                $list = $null
                $list = $script:clientContext.Web.Lists.GetByTitle($listTitle)
                $script:clientContext.Load($list)
                $script:clientContext.ExecuteQuery()

               Remove-IrmConfiguration -List $list
            }
            catch
            {
                Write-Error -Message "Error setting IRM configuration on site: $webUrl.`nError Details: $($_.Exception.ToString())"
            }
       }
       finally
       {
            if($grantedSiteCollectionAdmin)
            {
                # remove the temporary admin rights to the site collection
                Set-SPOUser -Site $script:clientContext.Site.Url -LoginName $o365TenantAdminCredential.UserName -IsSiteCollectionAdmin $false | Out-Null
            }
       }
    }

Disconnect-SPOService -ErrorAction SilentlyContinue