Office 365: Konfigurace pro klienty a online služby, abyste mohli používat službu Azure Rights ManagementOffice 365: Configuration for clients and online services to use the Azure Rights Management service

Platí pro: Azure Information Protection, Office 365Applies to: Azure Information Protection, Office 365

Protože Office 365 nativně podporují službu Azure Rights Management z Azure Information Protection, není potřeba k podpoře funkce IRM (Správa) práv informace pro aplikace, jako je Word, Excel, PowerPoint, Outlook a Outlook na webu konfigurace klientských počítačů.Because Office 365 natively supports the Azure Rights Management service from Azure Information Protection, no client computer configuration is required to support the information rights management (IRM) features for applications such as Word, Excel, PowerPoint, Outlook, and Outlook on the web. Všichni uživatelé muset udělat, je, přihlaste se k aplikacím Office pomocí jejich Microsoft Office 365Microsoft Office 365 přihlašovací údaje.All users have to do, is sign in to their Office applications with their Microsoft Office 365Microsoft Office 365 credentials. Potom můžou chránit soubory a e-maily a používat soubory a e-maily chráněné jinými uživateli.Then, they can protect files and emails, and use files and emails that have been protected by others.

Doporučujeme však tyto aplikace doplnit klientem služby Azure Information Protection tak, aby uživatelé získali výhody doplňku Office a podporu pro další typy souborů.However, we recommend that you supplement these applications with the Azure Information Protection client, so that users get the benefit of the Office add-in and support for additional file types. Další informace najdete v článku Klient služby Azure Information Protection: instalace a konfigurace pro klienty.For more information, see Azure Information Protection client: Installation and configuration for clients.

Exchange Online: Konfigurace IRMExchange Online: IRM Configuration

Informace o fungování IRM Exchange Online se službou Azure Rights Management najdete v tématu Exchange Online a Exchange Server z části Porozumění a prozkoumávání.For information about how Exchange Online IRM works with the Azure Rights Management service, see Exchange Online and Exchange Server from the Understand & Explore section.

Exchange Online mohou již být povoleno používat službu Azure Rights Management.Exchange Online might already be enabled to use the Azure Rights Management service. Pokud chcete zkontrolovat, spusťte následující příkazy:To check, run the following commands:

  1. Pokud je to poprvé, co jste použili prostředí Windows PowerShell pro systém Exchange Online ve svém počítači, musíte nakonfigurovat prostředí Windows PowerShell ke spouštění podepsaných skriptů.If this is the first time that you have used Windows PowerShell for Exchange Online on your computer, you must configure Windows PowerShell to run signed scripts. Spusťte relaci prostředí Windows PowerShell pomocí možnosti Spustit jako správce a pak zadejte:Start your Windows PowerShell session by using the Run as administrator option, and then type:

     Set-ExecutionPolicy RemoteSigned
    

    Stiskněte klávesu Y k potvrzení.Press Y to confirm.

  2. V relaci prostředí Windows PowerShell se přihlaste do systému Exchange Online pomocí účtu, který má povolen vzdálený přístup do prostředí.In your Windows PowerShell session, sign in to Exchange Online by using an account that is enabled for remote Shell access. Ve výchozím nastavení jsou povoleny všechny účty, které byly vytvořeny v systému Exchange Online pro vzdálený přístup v prostředí Shell, ale mohou být zakázány (a povoleny) pomocí příkazu Set-User <UserIdentity> -RemotePowerShellEnabled.By default, all accounts that are created in Exchange Online are enabled for remote Shell access but this can be disabled (and enabled) by using the Set-User <UserIdentity> -RemotePowerShellEnabled command.

    Chcete-li přihlásit, nejprve zadejte:To sign in, first type:

     $Cred = Get-Credential
    

    Pak na požadavek na přihlašovací údaje Windows PowerShell dialogové okno pole, zadejte Office 365 uživatelské jméno a heslo.Then, in the Windows PowerShell credential request dialog box, supply your Office 365 user name and password.

  3. Prvním nastavením proměnné se připojte ke službě Exchange Online:Connect to the Exchange Online service by first setting a variable:

     $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $Cred -Authentication Basic –AllowRedirection
    

    Spusťte následující příkaz:Then run the following command:

     Import-PSSession $Session
    
  4. Spustit Get-IRMConfiguration příkazu zobrazte konfiguraci systému Exchange Online pro službu ochrany:Run the Get-IRMConfiguration command to view your Exchange Online configuration for the protection service:

     Get-IRMConfiguration
    

    Z výstupu, vyhledejte AzureRMSLicensingEnabled hodnotu:From the output, locate the AzureRMSLicensingEnabled value:

  5. K testování této Exchange Online úspěšně nakonfigurovaný, spusťte následující příkaz:To test that Exchange Online is configured successfully, run the following command:

    Test-IRMConfiguration -Sender <user email address>
    

    Příklad: Test-IRMConfiguration -Sender adams@contoso.comFor example: Test-IRMConfiguration -Sender adams@contoso.com

    Tento příkaz spustí řadu kontrol, která zahrnuje ověření konektivity ke službě, načítání konfigurace, načítání identifikátorů URI, licencí a libovolných šablony.This command runs a series of checks that includes verifying connectivity to the service, retrieving the configuration, retrieving URIs, licenses, and any templates. V relaci prostředí Windows PowerShell se zobrazí jednotlivé výsledky a pokud vše projde těmito kontrolami: CELKOVÝ VÝSLEDEK: ÚSPĚCHIn the Windows PowerShell session, you will see the results of each and at the end, if everything passes these checks: OVERALL RESULT: PASS

Když Exchange Online je povoleno používat službu Azure Rights Management, můžete nakonfigurovat funkce, které používají ochranu informací automaticky, jako například pravidla přenosu, zásady ochrany před únikem informací ztráty dat , a chráněná hlasová pošta (Unified Messaging).When Exchange Online is enabled to use the Azure Rights Management service, you can configure features that apply information protection automatically, such as transport rules, data loss prevention (DLP) policies, and protected voice mail (Unified Messaging).

SharePoint Online a OneDrive pro firmy: konfigurace IRMSharePoint Online and OneDrive for Business: IRM Configuration

Informace o fungování IRM SharePointu Online se službou Azure Rights Management najdete v tématu SharePoint Online a SharePoint Server z části Porozumění a prozkoumávání.For information about how SharePoint Online IRM works with the Azure Rights Management service, see SharePoint Online and SharePoint Server from the Understand & Explore section.

Chcete-li nakonfigurovat služby SharePoint Online a OneDrive pro firmy, aby podporovaly službu Azure Rights Management, musíte nejprve povolit službu správy přístupových práv k informacím (IRM) pro SharePoint Online pomocí centra pro správu služby SharePoint.To configure SharePoint Online and OneDrive for Business to support the Azure Rights Management service, you must first enable the information rights management (IRM) service for SharePoint Online by using the SharePoint admin center. Potom mohou vlastníci webu chránit pomocí IRM své seznamy služby SharePoint a knihovny dokumentů a uživatelé mohou pomocí IRM chránit své knihovny OneDrive pro firmy a sdílet je s ostatními, takže zde uložené dokumenty budou automaticky chráněné službou Azure Rights Management.Then, site owners can IRM-protect their SharePoint lists and document libraries, and users can IRM-protect their OneDrive for Business library so that documents that are saved there, and shared with others, are automatically protected by the Azure Rights Management service.

Poznámka

Knihovnách chráněných IRM pro SharePoint a OneDrive pro firmy vyžadovat nejnovější verzi klienta nové synchronizace OneDrive (OneDrive.exe).IRM-protected libraries for SharePoint and OneDrive for Business require the latest version of the new OneDrive sync client (OneDrive.exe). Další informace najdete v tématu nasazení nového klienta synchronizace OneDrive v podnikovém prostředí.For more information, see Deploy the new OneDrive sync client in an enterprise environment.

Pokud chcete povolit službu Správa přístupových práv k informacím (IRM) pro SharePoint Online, prostudujte si následující pokyny z webu Office:To enable the information rights management (IRM) service for SharePoint Online, see the following instructions from the Office website:

Tato konfigurace se provádí pomocí správce služeb Office 365.This configuration is done by the Office 365 administrator.

Konfigurace IRM pro seznamy a knihovnyConfiguring IRM for libraries and lists

Po povolení služby IRM pro SharePoint můžou vlastníci chránit pomocí IRM své seznamy a knihovny dokumentů ve službě SharePoint.After you have enabled the IRM service for SharePoint, site owners can IRM-protect their SharePoint document libraries and lists. Pokyny naleznete v následující tématu na webu Office:For instructions, see the following from the Office website:

Tato konfigurace se provádí správce webu služby SharePoint.This configuration is done by the SharePoint site administrator.

Konfigurace IRM pro OneDrive pro firmyConfiguring IRM for OneDrive for Business

Po povolení služby IRM pro SharePoint Online, pak ho nakonfigurovat pro ochranu Rights Management uživatele OneDrive for Business knihovny dokumentů nebo jednotlivé složky.After you have enabled the IRM service for SharePoint Online, users' OneDrive for Business document library or individual folders can then be configured for Rights Management protection. Uživatelé můžou konfigurovat to sami pomocí příslušného webu OneDrive.Users can configure this for themselves by using their OneDrive website. Přestože správci nemohou nakonfigurovat tuto ochranu jim pomocí centra pro správu služby SharePoint, můžete to provést pomocí prostředí Windows PowerShell.Although administrators cannot configure this protection for them by using the SharePoint admin center, you can do this by using Windows PowerShell.

Poznámka

Další informace o konfiguraci OneDrive pro firmy najdete v dokumentaci sady Office, Nastavení OneDrive pro firmy ve službách Office 365.For more information about configuring OneDrive for Business, see the Office documentation, Set up OneDrive for Business in Office 365.

Konfigurace pro uživateleConfiguration for users

Uživatelům podle následujících pokynů tak, aby se mohli nakonfigurovat svůj OneDrive pro firmy a chránit své firemní soubory.Give users the following instructions so that they can configure their OneDrive for Business to protect their business files.

  1. Přihlaste se k Office 365 pomocí pracovního nebo školního účtu, přejděte na OneDrive webu.Sign in to Office 365 with your work or school account and go to the OneDrive website.

  2. V navigačním podokně, v dolní části, vyberte vrátit classic OneDrive.In the navigation pane, at the bottom, select Return to classic OneDrive.

  3. Vyberte nastavení ikonu.Select the Settings icon. V nastavení podokně, pokud pásu karet je nastaven na vypnout, pomocí tohoto nastavení můžete zapnout na pásu karet.In the Settings pane, if the Ribbon is set to Off, select this setting to turn the ribbon on.

  4. Pokud chcete konfigurovat všechny OneDrive pro firmy soubory chránit, vyberte KNIHOVNY na pásu karet a pak vyberte nastavení knihovny.To configure all OneDrive for Business files to be protected, select the LIBRARY tab from the ribbon, and then select Library Settings.

  5. Na dokumenty > Nastavení stránky v oprávnění a správa vyberte Information Rights Management.On the Documents > Settings page, in the Permissions and Management section, select Information Rights Management.

  6. Na nastavení Information Rights Management vyberte omezit oprávnění v této knihovně při stahování zaškrtávací políčko.On the Information Rights Management Settings page, select Restrict permissions on this library on download check box. Zadejte název a popis oprávnění a volitelně klikněte na zobrazit možnosti Nakonfigurujte volitelné konfigurace, a pak klikněte na OK.Specify your choice of name and a description for the permissions, and optionally, click SHOW OPTIONS to configure optional configurations, and then click OK.

    Další informace o možnostech konfigurace naleznete v pokynech v části Použít Information Rights Management na seznam nebo knihovnu z dokumentace Office.For more information about the configuration options, see the instructions in Apply Information Rights Management to a list or library from the Office documentation.

Protože tato konfigurace spoléhá spíše na uživatele než správce IRM chránit jejich OneDrive pro firmy soubory, informujte uživatele o výhodách ochrany svých souborů a jak to provést.Because this configuration relies on users rather than an administrator to IRM-protect their OneDrive for Business files, educate users about the benefits of protecting their files and how to do this. Například jim vysvětlete, že při sdílení dokumentu z OneDrive pro firmy k němu budou mít přístup pouze uživatelé, kterým udělí oprávnění k přístupu s libovolně nakonfigurovanými omezeními, i když soubor přejmenují a zkopírují jinam.For example, explain that when they share a document from OneDrive for Business, only people they authorize can access it with any restrictions that they configure, even if the file is renamed and copied somewhere else.

Konfigurace pro správceConfiguration for administrators

Přestože IRM nelze nakonfigurovat pro uživatele OneDrive pro firmy pomocí centra pro správu služby SharePoint, můžete to provést pomocí prostředí Windows PowerShell.Although you cannot configure IRM for users' OneDrive for Business by using the SharePoint admin center, you can do this by using Windows PowerShell. Chcete-li povolit IRM pro tyto knihovny, postupujte následovně:To enable IRM for these libraries, follow these steps:

  1. Stáhněte si a nainstalujte SharePoint Online Client Components SDK.Download and install the SharePoint Online Client Components SDK.

  2. Stáhněte si a nainstalujte SharePoint Online Management Shell.Download and install the SharePoint Online Management Shell.

  3. Zkopírujte obsah následujícího skriptu a pojmenujte soubor Set-IRMOnOneDriveForBusiness.ps1 do vašeho počítače.Copy the contents of the following script and name the file Set-IRMOnOneDriveForBusiness.ps1 on your computer.

    **Právní omezení**: Tento vzorový skript není podporován v rámci žádného standardního programu či služby podpory společnosti Microsoft.**Disclaimer**: This sample script is not supported under any Microsoft standard support program or service. Tento vzorový skript je poskytován TAK, JAK JE, bez jakékoli záruky.This sample script is provided AS IS without warranty of any kind.

    # Requires Windows PowerShell version 3
    
    <#
      Description:
    
        Configures IRM policy settings for OneDrive for Business and can also be used for SharePoint Online libraries and lists
    
     Script Installation Requirements:
    
       SharePoint Online Client Components SDK
       https://www.microsoft.com/en-us/download/details.aspx?id=42038
    
       SharePoint Online Management Shell
       https://www.microsoft.com/en-us/download/details.aspx?id=35588
    
    ======
    #>
    
    # URL will be in the format https://<tenant-name>-admin.sharepoint.com
    $sharepointAdminCenterUrl = "https://contoso-admin.sharepoint.com"
    
    $tenantAdmin = "admin@contoso.com"
    
    $webUrls = @("https://contoso-my.sharepoint.com/personal/user1_contoso_com",
                 "https://contoso-my.sharepoint.com/personal/user2_contoso_com",
                 "https://contoso-my.sharepoint.com/personal/user3_contoso_com")
    
    <# As an alternative to specifying the URLs as an array, you can import them from a CSV file (no header, single value per row).
       Then, use: $webUrls = Get-Content -Path "File_path_and_name.csv"
    
    #>
    
    $listTitle = "Documents"
    
    function Load-SharePointOnlineClientComponentAssemblies
    {
        [cmdletbinding()]
        param()
    
        process
        {
            # assembly location: C:\Program Files\Common Files\microsoft shared\Web Server Extensions\16\ISAPI
            try
            {
                Write-Verbose "Loading Assembly: Microsoft.Office.Client.Policy, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
                [System.Reflection.Assembly]::Load("Microsoft.Office.Client.Policy, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null
    
                Write-Verbose "Loading Assembly: Microsoft.Office.Client.TranslationServices, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
                [System.Reflection.Assembly]::Load("Microsoft.Office.Client.TranslationServices, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null
    
                Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
                [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null
    
                Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client.DocumentManagement, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
                [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client.DocumentManagement, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null
    
                Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client.Publishing, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
                [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client.Publishing, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null
    
                Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client.Runtime, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
                [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client.Runtime, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null
    
                Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client.Search.Applications, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
                [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client.Search.Applications, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null
    
                Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client.Search, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
                [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client.Search, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null
    
                Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client.Taxonomy, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
                [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client.Taxonomy, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null
    
                Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client.UserProfiles, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
                [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client.UserProfiles, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null
    
                return $true
            }
            catch
            {
                if($_.Exception.Message -match "Could not load file or assembly")
                {
                    Write-Error -Message "Unable to load the SharePoint Server 2013 Client Components.`nDownload Location: http://www.microsoft.com/en-us/download/details.aspx?id=42038"
                }
                else
                {
                    Write-Error -Exception $_.Exception
                }
                return $false
            }
        }
    }
    
    function Load-SharePointOnlineModule
    {
        [cmdletbinding()]
        param()
    
        process
        {
            do
            {
                # Installation location: C:\Program Files\SharePoint Online Management Shell\Microsoft.Online.SharePoint.PowerShell
                $spoModule = Get-Module -Name Microsoft.Online.SharePoint.PowerShell -ErrorAction SilentlyContinue
    
                if(-not $spoModule)
                {
                    try
                    {
                        Import-Module Microsoft.Online.SharePoint.PowerShell -DisableNameChecking
                        return $true
                    }
                    catch
                    {
                        if($_.Exception.Message -match "Could not load file or assembly")
                        {
                            Write-Error -Message "Unable to load the SharePoint Online Management Shell.`nDownload Location: http://www.microsoft.com/en-us/download/details.aspx?id=35588"
                        }
                        else
                        {
                            Write-Error -Exception $_.Exception
                        }
                        return $false
                    }
                }
                else
                {
                    return $true
                }
            }
            while(-not $spoModule)
        }
    }
    
    function Set-IrmConfiguration
    {
        [cmdletbinding()]
        param(
            [parameter(Mandatory=$true)][Microsoft.SharePoint.Client.List]$List,
            [parameter(Mandatory=$true)][string]$PolicyTitle,
            [parameter(Mandatory=$true)][string]$PolicyDescription,
            [parameter(Mandatory=$false)][switch]$IrmReject,
            [parameter(Mandatory=$false)][DateTime]$ProtectionExpirationDate,
            [parameter(Mandatory=$false)][switch]$DisableDocumentBrowserView,
            [parameter(Mandatory=$false)][switch]$AllowPrint,
            [parameter(Mandatory=$false)][switch]$AllowScript,
            [parameter(Mandatory=$false)][switch]$AllowWriteCopy,
            [parameter(Mandatory=$false)][int]$DocumentAccessExpireDays,
            [parameter(Mandatory=$false)][int]$LicenseCacheExpireDays,
            [parameter(Mandatory=$false)][string]$GroupName
        )
    
        process
        {
            Write-Verbose "Applying IRM Configuration on '$($List.Title)'"
    
            # reset the value to the default settings
            $list.InformationRightsManagementSettings.Reset()
    
            $list.IrmEnabled = $true
    
            # IRM Policy title and description
    
                $list.InformationRightsManagementSettings.PolicyTitle       = $PolicyTitle
                $list.InformationRightsManagementSettings.PolicyDescription = $PolicyDescription
    
            # Set additional IRM library settings
    
                # Do not allow users to upload documents that do not support IRM
                $list.IrmReject = $IrmReject.IsPresent
    
                $parsedDate = Get-Date
                if([DateTime]::TryParse($ProtectionExpirationDate, [ref]$parsedDate))
                {
                    # Stop restricting access to the library at <date>
                    $list.IrmExpire = $true
                    $list.InformationRightsManagementSettings.DocumentLibraryProtectionExpireDate = $ProtectionExpirationDate
                }
    
                # Prevent opening documents in the browser for this Document Library
                $list.InformationRightsManagementSettings.DisableDocumentBrowserView = $DisableDocumentBrowserView.IsPresent
    
            # Configure document access rights
    
                # Allow viewers to print
                $list.InformationRightsManagementSettings.AllowPrint = $AllowPrint.IsPresent
    
                # Allow viewers to run script and screen reader to function on downloaded documents
                $list.InformationRightsManagementSettings.AllowScript = $AllowScript.IsPresent
    
                # Allow viewers to write on a copy of the downloaded document
                $list.InformationRightsManagementSettings.AllowWriteCopy = $AllowWriteCopy.IsPresent
    
                if($DocumentAccessExpireDays)
                {
                    # After download, document access rights will expire after these number of days (1-365)
                    $list.InformationRightsManagementSettings.EnableDocumentAccessExpire = $true
                    $list.InformationRightsManagementSettings.DocumentAccessExpireDays   = $DocumentAccessExpireDays
                }
    
            # Set group protection and credentials interval
    
                if($LicenseCacheExpireDays)
                {
                    # Users must verify their credentials using this interval (days)
                    $list.InformationRightsManagementSettings.EnableLicenseCacheExpire = $true
                    $list.InformationRightsManagementSettings.LicenseCacheExpireDays   = $LicenseCacheExpireDays
                }
    
                if($GroupName)
                {
                    # Allow group protection. Default group:
                    $list.InformationRightsManagementSettings.EnableGroupProtection = $true
                    $list.InformationRightsManagementSettings.GroupName             = $GroupName
                }
        }
        end
        {
            if($list)
            {
                Write-Verbose "Committing IRM configuration settings on '$($list.Title)'"
                $list.InformationRightsManagementSettings.Update()
                $list.Update()
                $script:clientContext.Load($list)
                $script:clientContext.ExecuteQuery()
            }
        }
    }
    
    function Get-CredentialFromCredentialCache
    {
        [cmdletbinding()]
        param([string]$CredentialName)
    
        #if( Test-Path variable:\global:CredentialCache )
        if( Get-Variable O365TenantAdminCredentialCache -Scope Global -ErrorAction SilentlyContinue )
        {
            if($global:O365TenantAdminCredentialCache.ContainsKey($CredentialName))
            {
                Write-Verbose "Credential Cache Hit: $CredentialName"
                return $global:O365TenantAdminCredentialCache[$CredentialName]
            }
        }
        Write-Verbose "Credential Cache Miss: $CredentialName"
        return $null
    }
    
    function Add-CredentialToCredentialCache
    {
        [cmdletbinding()]
        param([System.Management.Automation.PSCredential]$Credential)
    
        if(-not (Get-Variable CredentialCache -Scope Global -ErrorAction SilentlyContinue))
        {
            Write-Verbose "Initializing the Credential Cache"
            $global:O365TenantAdminCredentialCache = @{}
        }
    
        Write-Verbose "Adding Credential to the Credential Cache"
        $global:O365TenantAdminCredentialCache[$Credential.UserName] = $Credential
    }
    
    # load the required assemblies and Windows PowerShell modules
    
        if(-not ((Load-SharePointOnlineClientComponentAssemblies) -and (Load-SharePointOnlineModule)) ) { return }
    
    # Add the credentials to the client context and SharePoint Online service connection
    
        # check for cached credentials to use
        $o365TenantAdminCredential = Get-CredentialFromCredentialCache -CredentialName $tenantAdmin
    
        if(-not $o365TenantAdminCredential)
        {
            # when credentials are not cached, prompt for the tenant admin credentials
            $o365TenantAdminCredential = Get-Credential -UserName $tenantAdmin -Message "Enter the password for the Office 365 admin"
    
            if(-not $o365TenantAdminCredential -or -not $o365TenantAdminCredential.UserName -or $o365TenantAdminCredential.Password.Length -eq 0 )
            {
                Write-Error -Message "Could not validate the supplied tenant admin credentials"
                return
            }
    
            # add the credentials to the cache
            Add-CredentialToCredentialCache -Credential $o365TenantAdminCredential
        }
    
    # connect to Office365 first, required for SharePoint Online cmdlets to run
    
        Connect-SPOService -Url $sharepointAdminCenterUrl -Credential $o365TenantAdminCredential
    
    # enumerate each of the specified site URLs
    
        foreach($webUrl in $webUrls)
        {
            $grantedSiteCollectionAdmin = $false
    
            try
            {
                # establish the client context and set the credentials to connect to the site
                $script:clientContext = New-Object Microsoft.SharePoint.Client.ClientContext($webUrl)
                $script:clientContext.Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($o365TenantAdminCredential.UserName, $o365TenantAdminCredential.Password)
    
                # initialize the site and web context
                $script:clientContext.Load($script:clientContext.Site)
                $script:clientContext.Load($script:clientContext.Web)
                $script:clientContext.ExecuteQuery()
    
                # load and ensure the tenant admin user account if present on the target SharePoint site
                $tenantAdminUser = $script:clientContext.Web.EnsureUser($o365TenantAdminCredential.UserName)
                $script:clientContext.Load($tenantAdminUser)
                $script:clientContext.ExecuteQuery()
    
                # check if the tenant admin is a site admin
                if( -not $tenantAdminUser.IsSiteAdmin )
                {
                    try
                    {
                        # grant the tenant admin temporary admin rights to the site collection
                        Set-SPOUser -Site $script:clientContext.Site.Url -LoginName $o365TenantAdminCredential.UserName -IsSiteCollectionAdmin $true | Out-Null
                        $grantedSiteCollectionAdmin = $true
                    }
                    catch
                    {
                        Write-Error $_.Exception
                        return
                    }
                }
    
                try
                {
                    # load the list orlibrary using CSOM
    
                    $list = $null
                    $list = $script:clientContext.Web.Lists.GetByTitle($listTitle)
                    $script:clientContext.Load($list)
                    $script:clientContext.ExecuteQuery()
    
                    # **************  ADMIN INSTRUCTIONS  **************
                    # If necessary, modify the following Set-IrmConfiguration parameters to match your required values
                    # The supplied options and values are for example only
                    # Example that shows the Set-IrmConfiguration command with all parameters: Set-IrmConfiguration -List $list -PolicyTitle "Protected Files" -PolicyDescription "This policy restricts access to authorized users" -IrmReject -ProtectionExpirationDate $(Get-Date).AddDays(180) -DisableDocumentBrowserView -AllowPrint -AllowScript -AllowWriteCopy -LicenseCacheExpireDays 25 -DocumentAccessExpireDays 90
    
                    Set-IrmConfiguration -List $list -PolicyTitle "Protected Files" -PolicyDescription "This policy restricts access to authorized users"  
                }
                catch
                {
                    Write-Error -Message "Error setting IRM configuration on site: $webUrl.`nError Details: $($_.Exception.ToString())"
                }
           }
           finally
           {
                if($grantedSiteCollectionAdmin)
                {
                    # remove the temporary admin rights to the site collection
                    Set-SPOUser -Site $script:clientContext.Site.Url -LoginName $o365TenantAdminCredential.UserName -IsSiteCollectionAdmin $false | Out-Null
                }
           }
        }
    
    Disconnect-SPOService -ErrorAction SilentlyContinue
    
  4. Zkontrolujte skript a proveďte následující změny:Review the script and make the following changes:

    1. Vyhledejte $sharepointAdminCenterUrl a nahraďte hodnotu příkladu vlastní adresou URL centra pro správu služeb SharePoint.Search for $sharepointAdminCenterUrl and replace the example value with your own SharePoint admin center URL.

      Zjistíte, že tato hodnota je základem adresy URL, když přejdete do centra pro správu služby SharePoint a má následující formát: https://<tenant_name>-admin.sharepoint.comYou'll find this value as the base URL when you go into the SharePoint admin center, and it has the following format: https://<tenant_name>-admin.sharepoint.com

      Například pokud je název klienta "contoso", pak zadáte: https://contoso-admin.sharepoint.comFor example, if the tenant name is "contoso", then you would specify: https://contoso-admin.sharepoint.com

    2. Vyhledejte $tenantAdmin a nahraďte hodnotu příkladu za plně kvalifikovaný účet globálního správce pro Office 365.Search for $tenantAdmin and replace the example value with your own fully qualified global administrator account for Office 365.

      Tato hodnota je stejná jako ta, kterou používáte pro přihlášení na portál pro správu služeb Office 365 jako globální správce a má následující formát: uživatelské_jméno @<název domény tenanta>.comThis value is the same as the one you use to sign in to the Office 365 admin portal as the global administrator and has the following format: user_name@<tenant domain name>.com

      Pokud například uživatelské jméno globálního správce služeb Office 365 je admin a doména tenanta je contoso.com, zadali byste: admin@contoso.comFor example, if the Office 365 global administrator user name is "admin" for the "contoso.com" tenant domain, you would specify: admin@contoso.com

    3. Vyhledejte $webUrls a nahraďte vzorové hodnoty webovými adresami URL uživatelů služby OneDrive pro firmy a přidejte nebo odstraňte tolik položek, kolik potřebujete.Search for $webUrls and replace the example values with your users' OneDrive for Business web URLs, adding or deleting as many entries as you need.

      Alternativně si zobrazte komentáře ve skriptu o postupu, jak nahradit toto pole importováním souboru ,CSV, který obsahuje všechny adresy URL, jež potřebujete nakonfigurovat.Alternatively, see the comments in the script about how to replace this array by importing a .CSV file that contains all the URLs you need to configure. Připravili jsme vám další vzorový skript, který automaticky vyhledá a rozbalí adresy URL k naplnění souboru .CSV.We've provided another sample script to automatically search for and extract the URLs to populate this .CSV file. Jakmile budete připraveni, použijte Další skript pro odeslání všech adres URL služby OneDrive pro firmy do souboru .CSV okamžitě po provedení těchto kroků.When you're ready to do this, use the Additional script to output all OneDrive for Business URLs to a .CSV file section immediately after these steps.

      Webová adresa URL pro uživatele služby OneDrive pro firmy je v následujícím formátu: https://<název tenanta>-my.sharepoint.com/personal/<uživatelské_jméno><název tenanta>_comThe web URL for the user's OneDrive for Business is in the following format: https://<tenant name>-my.sharepoint.com/personal/<user_name><tenant name>_com

      Například pokud má uživatel v klientovi contoso uživatelské jméno "rsimone", zadali byste: https://contoso-my.sharepoint.com/personal/rsimone_contoso_comFor example, if the user in the contoso tenant has a user name of "rsimone", you would specify: https://contoso-my.sharepoint.com/personal/rsimone_contoso_com

    4. Vzhledem k tomu, že používáme skript ke konfiguraci služby OneDrive pro firmy, neměňte hodnotu Dokumenty pro $listTitle proměnnou.Because we are using the script to configure OneDrive for Business, do not change the value of Documents for the $listTitle variable.

    5. Hledat ADMIN INSTRUCTIONS.Search for ADMIN INSTRUCTIONS. Pokud neprovedete žádné změny v této části, služba OneDrive pro firmy uživatele bude nakonfigurována pro IRM s názvem zásady „Chráněné soubory“ a popisem „Tato zásada omezuje přístup oprávněným uživatelům“.If you make no changes to this section, the user's OneDrive for Business will be configured for IRM with the policy title of "Protected Files" and the description of "This policy restricts access to authorized users". Nebudou nastaveny žádné jiné možnosti IRM, což je pravděpodobně vhodné pro většinu prostředí.No other IRM options will be set, which is probably appropriate for most environments. Můžete však změnit doporučený název zásady a její popis a také přidat další možnosti IRM, které jsou vhodné pro vaše prostředí.However, you can change the suggested policy title and description, and also add any other IRM options that are appropriate for your environment. Viz komentovaný příklad ve skriptu, který vám pomůže vytvořit vlastní sadu parametrů pro příkaz Set-IrmConfiguration.See the commented example in the script to help you construct your own set of parameters for the Set-IrmConfiguration command.

  5. Uložte skript a podepište ho.Save the script and sign it. Pokud skript nepodepíšete (bezpečnější), je nutné prostředí Windows PowerShell nakonfigurovat ve vašem počítači ke spouštění nepodepsaných skriptů.If you do not sign the script (more secure), Windows PowerShell must be configured on your computer to run unsigned scripts. Chcete-li to provést, spusťte relaci prostředí Windows PowerShell s možností Spustit jako správce a zadejte: Set-ExecutionPolicy Unrestricted.To do this, run a Windows PowerShell session with the Run as Administrator option, and type: Set-ExecutionPolicy Unrestricted. Tato konfigurace však umožňuje spuštění všech nepodepsaných skriptů (méně bezpečné).However, this configuration lets all unsigned scripts run (less secure).

    Další informace o podepisování skriptů prostředí Windows PowerShell naleznete v tématu about_Signing v knihovně dokumentace k prostředí PowerShell.For more information about signing Windows PowerShell scripts, see about_Signing in the PowerShell documentation library.

  6. Spusťte skript a po zobrazení výzvy zadejte heslo pro účet správce služeb Office 365.Run the script and if prompted, supply the password for the Office 365 admin account. Když upravíte skript a spustíte ho ve stejné relaci prostředí Windows PowerShell, nebudete vyzváni k zadání přihlašovacích údajů.If you modify the script and run it in the same Windows PowerShell session, you won't be prompted for credentials.

Tip

Tento skript můžete také použít ke konfiguraci IRM pro knihovnu služby SharePoint Online.You can also use this script to configure IRM for a SharePoint Online library. Pro tuto konfiguraci budete pravděpodobně chtít povolit další možnost Nepovolit uživatelům odesílat dokumenty, které nepodporují IRM, aby bylo zajištěno, že knihovna obsahuje pouze chráněné dokumenty.For this configuration, you will likely want to enable the additional option Do not allow users to upload documents that do not support IRM, to ensure that the library contains only protected documents. Udělejte to tak, že přidáte parametr -IrmReject k příkazu Set-IrmConfiguration ve skriptu.To do that, add the -IrmReject parameter to the Set-IrmConfiguration command in the script.

Potřebovali byste také změnit $webUrls proměnnou (například https://contoso.sharepoint.com) a $listTitle proměnnou (například $Reports).You would also need to modify the $webUrls variable (for example, https://contoso.sharepoint.com) and $listTitle variable (for example, $Reports).

Pokud je nutné zakázat IRM pro knihovny uživatele OneDrive pro firmy, přečtěte si téma Skript zakázání IRM pro OneDrive pro firmy.If you need to disable IRM for user's OneDrive for Business libraries, see the Script to disable IRM for OneDrive for Business section.

Další skriptu pro přesun všech adres URL OneDrive pro firmy do souboru .CSVAdditional script to output all OneDrive for Business URLs to a .CSV file

V kroku 4c výše můžete použít následující skript prostředí Windows PowerShell k extrahování adres URL pro všechny knihovny uživatele OneDrive pro firmy, které pak můžete zkontrolovat, v případě potřeby upravit a pak importovat do hlavního skriptu.For step 4c above, you can use the following Windows PowerShell script to extract the URLs for all users' OneDrive for Business libraries, which you can then check, edit if necessary, and then import into the main script.

Tento skript také vyžaduje SharePoint Online Client Components SDK a SharePoint Online Management Shell.This script also requires the SharePoint Online Client Components SDK and the SharePoint Online Management Shell. Postupujte podle stejných pokynů pro zkopírování a vložení a pak uložte soubor v místě (například „Report-OneDriveForBusinessSiteInfo.ps1“), upravte hodnoty $sharepointAdminCenterUrl a $tenantAdmin jako dříve a pak spusťte skript.Follow the same instructions to copy and paste it, save the file locally (for example, "Report-OneDriveForBusinessSiteInfo.ps1"), modify the $sharepointAdminCenterUrl and $tenantAdmin values as before, and then run the script.

**Právní omezení**: Tento vzorový skript není podporován v rámci žádného standardního programu či služby podpory společnosti Microsoft.**Disclaimer**: This sample script is not supported under any Microsoft standard support program or service. Tento vzorový skript je poskytován TAK, JAK JE, bez jakékoli záruky.This sample script is provided AS IS without warranty of any kind.

# Requires Windows PowerShell version 3

<#
  Description:

    Queries the search service of an Office 365 tenant to retrieve all OneDrive for Business sites.  
    Details of the discovered sites are written to a .CSV file (by default,"OneDriveForBusinessSiteInfo_<date>.csv").

 Script Installation Requirements:

   SharePoint Online Client Components SDK
   http://www.microsoft.com/en-us/download/details.aspx?id=42038

   SharePoint Online Management Shell
   http://www.microsoft.com/en-us/download/details.aspx?id=35588

======
#>

# URL will be in the format https://<tenant-name>-admin.sharepoint.com
$sharepointAdminCenterUrl = "https://contoso-admin.sharepoint.com"

$tenantAdmin = "admin@contoso.onmicrosoft.com"                           

$reportName = "OneDriveForBusinessSiteInfo_$((Get-Date).ToString("yyyy-MM-dd_hh.mm.ss")).csv"

$oneDriveForBusinessSiteUrls= @()
$resultsProcessed = 0

function Load-SharePointOnlineClientComponentAssemblies
{
    [cmdletbinding()]
    param()

    process
    {
        # assembly location: C:\Program Files\Common Files\microsoft shared\Web Server Extensions\16\ISAPI
        try
        {
            Write-Verbose "Loading Assembly: Microsoft.Office.Client.Policy, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
            [System.Reflection.Assembly]::Load("Microsoft.Office.Client.Policy, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null

            Write-Verbose "Loading Assembly: Microsoft.Office.Client.TranslationServices, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
            [System.Reflection.Assembly]::Load("Microsoft.Office.Client.TranslationServices, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null

            Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
            [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null

            Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client.DocumentManagement, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
            [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client.DocumentManagement, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null

            Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client.Publishing, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
            [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client.Publishing, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null

            Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client.Runtime, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
            [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client.Runtime, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null

            Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client.Search.Applications, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
            [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client.Search.Applications, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null

            Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client.Search, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
            [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client.Search, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null

            Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client.Taxonomy, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
            [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client.Taxonomy, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null

            Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client.UserProfiles, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
            [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client.UserProfiles, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null

            return $true
        }
        catch
        {
            if($_.Exception.Message -match "Could not load file or assembly")
            {
                Write-Error -Message "Unable to load the SharePoint Server 2013 Client Components.`nDownload Location: http://www.microsoft.com/en-us/download/details.aspx?id=42038"
            }
            else
            {
                Write-Error -Exception $_.Exception
            }
            return $false
        }
    }
}

function Load-SharePointOnlineModule
{
    [cmdletbinding()]
    param()

    process
    {
        do
        {
            # Installation location: C:\Program Files\SharePoint Online Management Shell\Microsoft.Online.SharePoint.PowerShell
            $spoModule = Get-Module -Name Microsoft.Online.SharePoint.PowerShell -ErrorAction SilentlyContinue

            if(-not $spoModule)
            {
                try
                {
                    Import-Module Microsoft.Online.SharePoint.PowerShell -DisableNameChecking
                    return $true
                }
                catch
                {
                    if($_.Exception.Message -match "Could not load file or assembly")
                    {
                        Write-Error -Message "Unable to load the SharePoint Online Management Shell.`nDownload Location: http://www.microsoft.com/en-us/download/details.aspx?id=35588"
                    }
                    else
                    {
                        Write-Error -Exception $_.Exception
                    }
                    return $false
                }
            }
            else
            {
                return $true
            }
        }
        while(-not $spoModule)
    }
}

function Get-CredentialFromCredentialCache
{
    [cmdletbinding()]
    param([string]$CredentialName)

    #if( Test-Path variable:\global:CredentialCache )
    if( Get-Variable O365TenantAdminCredentialCache -Scope Global -ErrorAction SilentlyContinue )
    {
        if($global:O365TenantAdminCredentialCache.ContainsKey($CredentialName))
        {
            Write-Verbose "Credential Cache Hit: $CredentialName"
            return $global:O365TenantAdminCredentialCache[$CredentialName]
        }
    }
    Write-Verbose "Credential Cache Miss: $CredentialName"
    return $null
}

function Add-CredentialToCredentialCache
{
    [cmdletbinding()]
    param([System.Management.Automation.PSCredential]$Credential)

    if(-not (Get-Variable CredentialCache -Scope Global -ErrorAction SilentlyContinue))
    {
        Write-Verbose "Initializing the Credential Cache"
        $global:O365TenantAdminCredentialCache = @{}
    }

    Write-Verbose "Adding Credential to the Credential Cache"
    $global:O365TenantAdminCredentialCache[$Credential.UserName] = $Credential
}

# load the required assemblies and Windows PowerShell modules

    if(-not ((Load-SharePointOnlineClientComponentAssemblies) -and (Load-SharePointOnlineModule)) ) { return }

# Add the credentials to the client context and SharePoint Online service connection

    # check for cached credentials to use
    $o365TenantAdminCredential = Get-CredentialFromCredentialCache -CredentialName $tenantAdmin

    if(-not $o365TenantAdminCredential)
    {
        # when credentials are not cached, prompt for the tenant admin credentials
        $o365TenantAdminCredential = Get-Credential -UserName $tenantAdmin -Message "Enter the password for the Office 365 admin"

        if(-not $o365TenantAdminCredential -or -not $o365TenantAdminCredential.UserName -or $o365TenantAdminCredential.Password.Length -eq 0 )
        {
            Write-Error -Message "Could not validate the supplied tenant admin credentials"
            return
        }

        # add the credentials to the cache
        Add-CredentialToCredentialCache -Credential $o365TenantAdminCredential
    }

# establish the client context and set the credentials to connect to the site

    $clientContext = New-Object Microsoft.SharePoint.Client.ClientContext($sharepointAdminCenterUrl)
    $clientContext.Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($o365TenantAdminCredential.UserName, $o365TenantAdminCredential.Password)

# run a query against the Office 365 tenant search service to retrieve all OneDrive for Business URLs

    do
    {
        # build the query object
        $query = New-Object Microsoft.SharePoint.Client.Search.Query.KeywordQuery($clientContext)
        $query.TrimDuplicates        = $false
        $query.RowLimit              = 500
        $query.QueryText             = "SPSiteUrl:'/personal/' AND contentclass:STS_Site"
        $query.StartRow              = $resultsProcessed
        $query.TotalRowsExactMinimum = 500000

        # run the query
        $searchExecutor = New-Object Microsoft.SharePoint.Client.Search.Query.SearchExecutor($clientContext)
        $queryResults = $searchExecutor.ExecuteQuery($query)
        $clientContext.ExecuteQuery()

        # enumerate the search results and store the site URLs
        $queryResults.Value[0].ResultRows | % {
            $oneDriveForBusinessSiteUrls += $_.Path
            $resultsProcessed++
        }
    }
    while($resultsProcessed -lt $queryResults.Value.TotalRows)

$oneDriveForBusinessSiteUrls | Out-File -FilePath $reportName
Skript zakazující IRM pro OneDrive pro firmyScript to disable IRM for OneDrive for Business

Pokud je nutné zakázat IRM pro uživatele OneDrive pro firmy, použijte následující vzorový skript.Use the following sample script if you need to disable IRM for users' OneDrive for Business.

Tento skript také vyžaduje SharePoint Online Client Components SDK a SharePoint Online Management Shell.This script also requires the SharePoint Online Client Components SDK and the SharePoint Online Management Shell. Zkopírujte a vložte obsah, uložte soubor v místě (například „Disable-IRMOnOneDriveForBusiness.ps1“) a upravte hodnoty $sharepointAdminCenterUrl a $tenantAdmin.Copy and paste the contents, save the file locally (for example, "Disable-IRMOnOneDriveForBusiness.ps1"), and modify the $sharepointAdminCenterUrl and $tenantAdmin values. Ručně zadejte adresy URL služby OneDrive pro firmy nebo použijte skript v předchozí části, abyste je mohli naimportovat, a pak skript spusťte.Manually specify the OneDrive for Business URLs or use the script in the previous section so that you can import these, and then run the script.

**Právní omezení**: Tento vzorový skript není podporován v rámci žádného standardního programu či služby podpory společnosti Microsoft.**Disclaimer**: This sample script is not supported under any Microsoft standard support program or service. Tento vzorový skript je poskytován TAK, JAK JE, bez jakékoli záruky.This sample script is provided AS IS without warranty of any kind.

# Requires Windows PowerShell version 3

<#
  Description:

    Disables IRM for OneDrive for Business and can also be used for SharePoint Online libraries and lists

 Script Installation Requirements:

   SharePoint Online Client Components SDK
   http://www.microsoft.com/en-us/download/details.aspx?id=42038

   SharePoint Online Management Shell
   http://www.microsoft.com/en-us/download/details.aspx?id=35588

======
#>

$sharepointAdminCenterUrl = "https://contoso-admin.sharepoint.com"

$tenantAdmin = "admin@contoso.com"

$webUrls = @("https://contoso-my.sharepoint.com/personal/user1_contoso_com",
             "https://contoso-my.sharepoint.com/personal/user2_contoso_com",
             "https://contoso-my.sharepoint.com/personal/person3_contoso_com")

<# As an alternative to specifying the URLs as an array, you can import them from a CSV file (no header, single value per row).
   Then, use: $webUrls = Get-Content -Path "File_path_and_name.csv"

#>

$listTitle = "Documents"

function Load-SharePointOnlineClientComponentAssemblies
{
    [cmdletbinding()]
    param()

    process
    {
        # assembly location: C:\Program Files\Common Files\microsoft shared\Web Server Extensions\16\ISAPI
        try
        {
            Write-Verbose "Loading Assembly: Microsoft.Office.Client.Policy, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
            [System.Reflection.Assembly]::Load("Microsoft.Office.Client.Policy, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null

            Write-Verbose "Loading Assembly: Microsoft.Office.Client.TranslationServices, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
            [System.Reflection.Assembly]::Load("Microsoft.Office.Client.TranslationServices, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null

            Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
            [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null

            Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client.DocumentManagement, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
            [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client.DocumentManagement, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null

            Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client.Publishing, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
            [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client.Publishing, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null

            Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client.Runtime, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
            [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client.Runtime, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null

            Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client.Search.Applications, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
            [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client.Search.Applications, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null

            Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client.Search, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
            [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client.Search, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null

            Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client.Taxonomy, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
            [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client.Taxonomy, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null

            Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client.UserProfiles, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
            [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client.UserProfiles, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null

            return $true
        }
        catch
        {
            if($_.Exception.Message -match "Could not load file or assembly")
            {
                Write-Error -Message "Unable to load the SharePoint Server 2013 Client Components.`nDownload Location: http://www.microsoft.com/en-us/download/details.aspx?id=42038"
            }
            else
            {
                Write-Error -Exception $_.Exception
            }
            return $false
        }
    }
}

function Load-SharePointOnlineModule
{
    [cmdletbinding()]
    param()

    process
    {
        do
        {
            # Installation location: C:\Program Files\SharePoint Online Management Shell\Microsoft.Online.SharePoint.PowerShell
            $spoModule = Get-Module -Name Microsoft.Online.SharePoint.PowerShell -ErrorAction SilentlyContinue

            if(-not $spoModule)
            {
                try
                {
                    Import-Module Microsoft.Online.SharePoint.PowerShell -DisableNameChecking
                    return $true
                }
                catch
                {
                    if($_.Exception.Message -match "Could not load file or assembly")
                    {
                        Write-Error -Message "Unable to load the SharePoint Online Management Shell.`nDownload Location: http://www.microsoft.com/en-us/download/details.aspx?id=35588"
                    }
                    else
                    {
                        Write-Error -Exception $_.Exception
                    }
                    return $false
                }
            }
            else
            {
                return $true
            }
        }
        while(-not $spoModule)
    }
}

function Remove-IrmConfiguration
{
    [cmdletbinding()]
    param(
        [parameter(Mandatory=$true)][Microsoft.SharePoint.Client.List]$List
    )

    process
    {
        Write-Verbose "Disabling IRM Configuration on '$($List.Title)'"

        $List.IrmEnabled = $false
        $List.IrmExpire  = $false
        $List.IrmReject  = $false
        $List.InformationRightsManagementSettings.Reset()
    }
    end
    {
        if($List)
        {
            Write-Verbose "Committing IRM configuration settings on '$($list.Title)'"
            $list.InformationRightsManagementSettings.Update()
            $list.Update()
            $script:clientContext.Load($list)
            $script:clientContext.ExecuteQuery()
        }
    }
}

function Get-CredentialFromCredentialCache
{
    [cmdletbinding()]
    param([string]$CredentialName)

    #if( Test-Path variable:\global:CredentialCache )
    if( Get-Variable O365TenantAdminCredentialCache -Scope Global -ErrorAction SilentlyContinue )
    {
        if($global:O365TenantAdminCredentialCache.ContainsKey($CredentialName))
        {
            Write-Verbose "Credential Cache Hit: $CredentialName"
            return $global:O365TenantAdminCredentialCache[$CredentialName]
        }
    }
    Write-Verbose "Credential Cache Miss: $CredentialName"
    return $null
}

function Add-CredentialToCredentialCache
{
    [cmdletbinding()]
    param([System.Management.Automation.PSCredential]$Credential)

    if(-not (Get-Variable CredentialCache -Scope Global -ErrorAction SilentlyContinue))
    {
        Write-Verbose "Initializing the Credential Cache"
        $global:O365TenantAdminCredentialCache = @{}
    }

    Write-Verbose "Adding Credential to the Credential Cache"
    $global:O365TenantAdminCredentialCache[$Credential.UserName] = $Credential
}

# load the required assemblies and Windows PowerShell modules

    if(-not ((Load-SharePointOnlineClientComponentAssemblies) -and (Load-SharePointOnlineModule)) ) { return }

# Add the credentials to the client context and SharePoint Online service connection

    # check for cached credentials to use
    $o365TenantAdminCredential = Get-CredentialFromCredentialCache -CredentialName $tenantAdmin

    if(-not $o365TenantAdminCredential)
    {
        # when credentials are not cached, prompt for the tenant admin credentials
        $o365TenantAdminCredential = Get-Credential -UserName $tenantAdmin -Message "Enter the password for the Office 365 admin"

        if(-not $o365TenantAdminCredential -or -not $o365TenantAdminCredential.UserName -or $o365TenantAdminCredential.Password.Length -eq 0 )
        {
            Write-Error -Message "Could not validate the supplied tenant admin credentials"
            return
        }

        # add the credentials to the cache
        Add-CredentialToCredentialCache -Credential $o365TenantAdminCredential
    }

# connect to Office365 first, required for SharePoint Online cmdlets to run

    Connect-SPOService -Url $sharepointAdminCenterUrl -Credential $o365TenantAdminCredential

# enumerate each of the specified site URLs

    foreach($webUrl in $webUrls)
    {
        $grantedSiteCollectionAdmin = $false

        try
        {
            # establish the client context and set the credentials to connect to the site
            $script:clientContext = New-Object Microsoft.SharePoint.Client.ClientContext($webUrl)
            $script:clientContext.Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($o365TenantAdminCredential.UserName, $o365TenantAdminCredential.Password)

            # initialize the site and web context
            $script:clientContext.Load($script:clientContext.Site)
            $script:clientContext.Load($script:clientContext.Web)
            $script:clientContext.ExecuteQuery()

            # load and ensure the tenant admin user account if present on the target SharePoint site
            $tenantAdminUser = $script:clientContext.Web.EnsureUser($o365TenantAdminCredential.UserName)
            $script:clientContext.Load($tenantAdminUser)
            $script:clientContext.ExecuteQuery()

            # check if the tenant admin is a site admin
            if( -not $tenantAdminUser.IsSiteAdmin )
            {
                try
                {
                    # grant the tenant admin temporary admin rights to the site collection
                    Set-SPOUser -Site $script:clientContext.Site.Url -LoginName $o365TenantAdminCredential.UserName -IsSiteCollectionAdmin $true | Out-Null
                    $grantedSiteCollectionAdmin = $true
                }
                catch
                {
                    Write-Error $_.Exception
                    return
                }
            }

            try
            {
                # load the list orlibrary using CSOM

                $list = $null
                $list = $script:clientContext.Web.Lists.GetByTitle($listTitle)
                $script:clientContext.Load($list)
                $script:clientContext.ExecuteQuery()

               Remove-IrmConfiguration -List $list                 
            }
            catch
            {
                Write-Error -Message "Error setting IRM configuration on site: $webUrl.`nError Details: $($_.Exception.ToString())"
            }
       }
       finally
       {
            if($grantedSiteCollectionAdmin)
            {
                # remove the temporary admin rights to the site collection
                Set-SPOUser -Site $script:clientContext.Site.Url -LoginName $o365TenantAdminCredential.UserName -IsSiteCollectionAdmin $false | Out-Null
            }
       }
    }

Disconnect-SPOService -ErrorAction SilentlyContinue

KomentářeComments

Před přidáním komentáře se podívejte na naše pravidla organizace.Before commenting, we ask that you review our House rules.