Set-RMSServerAuthentication

Sets the server mode, which is required for non-interactive sessions.

Syntax

Set-RMSServerAuthentication
   [-Key <String>]
   [-AppPrincipalId <String>]
   [-BposTenantId <String>]
   [-IntegratedAuth]
   [<CommonParameters>]

Description

The Set-RMSServerAuthentication cmdlet sets the server mode so that commands can be run non-interactively. Use server mode when you need to protect or unprotect files without interaction. For example, if you protect files by using Windows Server and File Classification Infrastructure (FCI), or a scheduled script that automatically protects files on a computer or network share. You need run this command just one time for your PowerShell session.

This cmdlet does not apply if you use your user account to protect or unprotect files.

For information how to get the identifiers that the service principal requires for Azure RMS, and how to grant the permissions for AD RMS, see Using PowerShell with the Azure Information Protection client from the Azure Information Protection client admin guide.

Examples

Example 1: Set the server mode for Azure RMS by specifying the credentials for a service principal account

PS C:\>Set-RMSServerAuthentication -BposTenantId "23976bc6-dcd4-4173-9d96-dad1f48efd42" -Key "zIeMu8zNJ6U377CLtppkhkbl4gjodmYSXUVwAO5ycgA=" -AppPrincipalId "b5e3f76a-b5c2-4c96-a594-a0807f65bba4"

This command sets credentials that lets a service principle account authenticate to Azure RMS, by specifying the required three identifiers.

Example 2: Set the server mode for AD RMS by specifying Windows integrated authentication

PS C:\>Set-RMSServerAuthentication -IntegratedAuth
Integrated authentication is enabled

This command sets the server mode for Windows integrated authentication, which lets a computer account authenticate to AD RMS.

Optional Parameters

-AppPrincipalId

Specifies the AppPrincipalId value of a service principal account in Azure AD.

Applies to Azure RMS only. Specify this parameter with the BposTenantId parameter and the Key parameter.

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-BposTenantId

Specifies the BposTenantId value (the tenant ID) to which the service principal account belongs.

Applies to Azure RMS only. Specify this parameter with the AppPrincipalId parameter and the Key parameter.

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-IntegratedAuth

Specifies server mode for AD RMS so that cmdlets can run non-interactively by using Windows integrated authentication for the computer account.

Applies to AD RMS only.

NOTE: This parameter is currently in preview and requires the current preview version of the Azure Information Protection client

Type:SwitchParameter
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-Key

Specifies the symmetric key value for the service principal account in Azure AD.

Applies to Azure RMS only. Specify this parameter with the AppPrincipalId parameter and the BposTenantId parameter.

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False