Administering protection from Azure Information Protection by using PowerShell

Note

Are you looking for Microsoft Purview Information Protection, formerly Microsoft Information Protection (MIP)?

The Azure Information Protection add-in for Office is now in maintenance mode and will be retired April 2024. Instead, we recommend you use labels that are built in to your Office 365 apps and services. Learn more about the support status of other Azure Information Protection components.

Do you need to use PowerShell to administer the protection service from Azure Information Protection? You might not need to if all your configuration can be done in the Azure portal or the Microsoft Purview compliance portal. However, you need to use PowerShell for some advanced configurations and you might also prefer to use PowerShell for more efficient command-line control and scripting.

The table in the next section includes some of the advanced configuration scenarios that use PowerShell. When the configuration can also be completed without using PowerShell, this information is also included in the table.

For a complete list of the available cmdlets for this module, with more information about each one, see AIPService.

To install this PowerShell module, see Installing the AIPService PowerShell module.

Tip

In addition to this service-side PowerShell module, the Azure Information Protection client installs a supplemental PowerShell module, AzureInformationProtection.

This client module supports classifying and protecting multiple files so that, for example, you can bulk-protect all files in a folder. For more information, see Using PowerShell with the Azure Information Protection client from the admin guide.

Cmdlets grouped by administration task

If you need to… …use the following cmdlets
Migrate from on-premises Rights Management (AD RMS or Windows RMS) to Azure Information Protection. Import-AipServiceTpd

Set-AipServiceKeyProperties
Connect to or disconnect from the Rights Management service for your organization. Connect-AipService

Disconnect-AipServiceService
Generate and manage your own tenant key – the bring your own key (BYOK) scenario. Set-AipServiceKeyProperties

Use-AipServiceKeyVaultKey

Get-AipServiceKeys
Activate or deactivate the Rights Management service for your organization.

You can also do these actions from the management portals. For more information, see Activating the protection service from Azure Information Protection.
Enable-AipService

Disable-AipService
Configure onboarding controls for a phased deployment of the Azure Rights Management service. Get-AipServiceOnboardingControlPolicy

Set-AipServiceOnboardingControlPolicy
Create and manage Rights Management templates for your organization.

You can also do most of these actions from the Azure portal, although PowerShell offers more fine-grain control. For more information, see Configuring and managing templates for Azure Information Protection.
Add-AipServiceTemplate

Export-AipServiceTemplate

Get-AipServiceTemplate

Get-AipServiceTemplateProperty

Import-AipServiceTemplate

New-AipServiceRightsDefinition

Remove-AipServiceTemplate

Set-AipServiceTemplateProperty
Configure the maximum number of days that content that your organization protects can be accessed without an internet connection (the use license validity period). Get-AipServiceMaxUseLicenseValidityTime

Set-AipServiceMaxUseLicenseValidityTime
Manage the super user feature of Rights Management for your organization. Enable-AipServiceSuperUserFeature

Disable-AipServiceSuperUserFeature

Add-AipServiceSuperUser

Get-AipServiceSuperUser

Remove-AipServiceSuperUser

Set-AAipServiceSuperUserGroup

Get-AipServiceSuperUserGroup

Clear-AipServiceSuperUserGroup
Manage users and groups who are authorized to administer the Rights Management service for your organization. Add-Aip-ServiceRoleBasedAdministrator

Get-Aip-ServiceRoleBasedAdministrator

Remove-Aip-ServiceRoleBasedAdministrator
Get a log of Rights Management administrative tasks for your organization. Get-AipServiceAdminLog
Log and analyze usage logging for Rights Management. Get-AipServiceUserLog
Display the current Rights Management service configuration for your organization. Get-AipServiceConfiguration
Migrate your organization from Azure Information Protection to an on-premises AD RMS deployment. Set-AipServiceMigrationUrl

Get-AipServiceMigrationUrl
Manage the legacy document tracking site for RMS-protected documents Disable-AipServiceDocumentTrackingFeature

Enable-AipServiceDocumentTrackingFeature

Get-AipServiceDocumentTrackingFeature

Set-AipServiceDoNotTrackUserGroup

Clear-AipServiceDoNotTrackUserGroup

Get-AipServiceDoNotTrackUserGroup

Get-AipServiceTrackingLog

Get-AipServiceDocumentLog