Administering the Azure Rights Management service by using Windows PowerShell
Applies to: Azure Information Protection, Office 365
Do you need to use PowerShell to administer the Azure Rights Management service for Azure Information Protection? You might not need to if you are a global administrator and the only configuration required for this service is to activate it (or deactivate), and configure Rights Management templates.
However, you will need to use PowerShell for more advanced configurations, and also if you are not a global administrator but have been given permissions to administer the service by a global administrator. You might also prefer to use PowerShell for more efficient command-line control and scripting.
The table in the next section includes some of the advanced configuration scenarios that use PowerShell. When the configuration can also be completed without using PowerShell, this information is also included in the table.
For a complete list of the available cmdlets with more information about each one, see Azure Rights Management Cmdlets.
To install this PowerShell module, see Installing Windows PowerShell for Azure Rights Management.
In addition to this service-side PowerShell module, the Azure Information Protection client installs a supplemental PowerShell module, AzureInformationProtection. This client module supports classifying and protecting multiple files so that, for example, you can bulk-protect all files in a folder. For more information, see Using PowerShell with the Azure Information Protection client from the admin guide.
Cmdlets grouped by administration task
|If you need to…||…use the following cmdlets|
|Migrate from on-premises Rights Management (AD RMS or Windows RMS) to Azure Information Protection.||Import-AadrmTpd|
|Connect to or disconnect from the Rights Management service for your organization.||Connect-AadrmService
|Generate and manage your own tenant key – the bring your own key (BYOK) scenario.||Use-AadrmKeyVaultKey
|Activate or deactivate the Rights Management service for your organization.
You can also do these actions from the management portals. For more information, see Activating the Azure Rights Management service.
|Disable or enable the document tracking site for Azure Information Protection.||Disable-AadrmDocumentTrackingFeature
|Configure onboarding controls for a phased deployment of the Azure Rights Management service.||Get-AadrmOnboardingControlPolicy
|Create and manage Rights Management templates for your organization.
You can also do most of these actions from the Azure classic portal, although PowerShell offers more fine-grain control. For more information, see Configuring custom templates for the Azure Rights Management service.
|Configure the maximum number of days that content that your organization protects can be accessed without an Internet connection (the use license validity period).||Get-AadrmMaxUseLicenseValidityTime
|Manage the super user feature of Rights Management for your organization.||Enable-AadrmSuperUserFeature
|Manage users and groups who are authorized to administer the Rights Management service for your organization.||Add-AadrmRoleBasedAdministrator
|Get a log of Rights Management administrative tasks for your organization.||Get-AadrmAdminLog|
|Log and analyze usage logging for Rights Management.||Get-AadrmUserLog|
|Display the current Rights Management service configuration for your organization.||Get-AadrmConfiguration|
|Migrate your organization from Azure Information Protection to an on-premises AD RMS deployment.||Set-AadrmMigrationUrl
Before commenting, we ask that you review our House rules.