Administering the Azure Rights Management service by using Windows PowerShell

Applies to: Azure Information Protection, Office 365

Do you need to use PowerShell to administer the Azure Rights Management service for Azure Information Protection? You might not need to if you are a global administrator or security administrator and the only configuration required for this service is to activate it (or deactivate), and configure Rights Management templates.

However, you will need to use PowerShell for more advanced configurations, and also if you are not a global administrator or security administrator but have been given permissions to administer the service by a global administrator. You might also prefer to use PowerShell for more efficient command-line control and scripting.

The table in the next section includes some of the advanced configuration scenarios that use PowerShell. When the configuration can also be completed without using PowerShell, this information is also included in the table.

For a complete list of the available cmdlets for this module, with more information about each one, see AADRM.

Note

To install this PowerShell module, see Installing Windows PowerShell for Azure Rights Management.

In addition to this service-side PowerShell module, the Azure Information Protection client installs a supplemental PowerShell module, AzureInformationProtection. This client module supports classifying and protecting multiple files so that, for example, you can bulk-protect all files in a folder. For more information, see Using PowerShell with the Azure Information Protection client from the admin guide.

Cmdlets grouped by administration task

If you need to… …use the following cmdlets
Migrate from on-premises Rights Management (AD RMS or Windows RMS) to Azure Information Protection. Import-AadrmTpd

Set-AadrmKeyProperties
Connect to or disconnect from the Rights Management service for your organization. Connect-AadrmService

Disconnect-AadrmService
Generate and manage your own tenant key – the bring your own key (BYOK) scenario. Set-AadrmKeyProperties

Use-AadrmKeyVaultKey

Get-AadrmKeys
Activate or deactivate the Rights Management service for your organization.

You can also do these actions from the management portals. For more information, see Activating the Azure Rights Management service.
Enable-Aadrm

Disable-Aadrm
Disable or enable the document tracking site for Azure Information Protection. Disable-AadrmDocumentTrackingFeature

Enable-AadrmDocumentTrackingFeature

Get-AadrmDocumentTrackingFeature

Set-AadrmDoNotTrackUserGroup

Clear-AadrmDoNotTrackUserGroup

Get-AadrmDoNotTrackUserGroup
Configure onboarding controls for a phased deployment of the Azure Rights Management service. Get-AadrmOnboardingControlPolicy

Set-AadrmOnboardingControlPolicy
Create and manage Rights Management templates for your organization.

You can also do most of these actions from the Azure portal, although PowerShell offers more fine-grain control. For more information, see Configuring and managing templates for Azure Information Protection.
Add-AadrmTemplate

Export-AadrmTemplate

Get-AadrmTemplate

Get-AadrmTemplateProperty

Import-AadrmTemplate

New-AadrmRightsDefinition

Remove-AadrmTemplate

Set-AadrmTemplateProperty
Configure the maximum number of days that content that your organization protects can be accessed without an Internet connection (the use license validity period). Get-AadrmMaxUseLicenseValidityTime

Set-AadrmMaxUseLicenseValidityTime
Manage the super user feature of Rights Management for your organization. Enable-AadrmSuperUserFeature

Disable-AadrmSuperUserFeature

Add-AadrmSuperUser

Get-AadrmSuperUser

Remove-AadrmSuperUser

Set-AadrmSuperUserGroup

Get-AadrmSuperUserGroup

Clear-AadrmSuperUserGroup
Manage users and groups who are authorized to administer the Rights Management service for your organization. Add-AadrmRoleBasedAdministrator

Get-AadrmRoleBasedAdministrator

Remove-AadrmRoleBasedAdministrator
Get a log of Rights Management administrative tasks for your organization. Get-AadrmAdminLog
Log and analyze usage logging for Rights Management. Get-AadrmUserLog
Display the current Rights Management service configuration for your organization. Get-AadrmConfiguration
Migrate your organization from Azure Information Protection to an on-premises AD RMS deployment. Set-AadrmMigrationUrl

Get-AadrmMigrationUrl

Comments

Before commenting, we ask that you review our House rules.