Office 365: configuratie voor onlineservices voor het gebruik van de Azure Rights Management-serviceOffice 365: Configuration for online services to use the Azure Rights Management service

Van toepassing op: Azure Information Protection, Office 365Applies to: Azure Information Protection, Office 365

Gebruik de volgende secties om u te helpen Exchange Online, share point online en OneDrive voor bedrijven te configureren voor het gebruik van de Azure Rights Management-service van Azure Information Protection.Use the following sections to help you configure Exchange Online, SharePoint Online, and OneDrive for Business to use the Azure Rights Management service from Azure Information Protection.

Exchange Online: IRM-configuratieExchange Online: IRM Configuration

Zie de sectie Exchange Online en Exchange Server in hoe Office-toepassingen en-services Azure Rights Management ondersteunenvoor meer informatie over de werking van Exchange online met de Azure Rights Management-service.For information about how Exchange Online works with the Azure Rights Management service, see the Exchange Online and Exchange Server section from How Office applications and services support Azure Rights Management.

Exchange Online is mogelijk al ingeschakeld om de Azure Rights Management-service te gebruiken.Exchange Online might already be enabled to use the Azure Rights Management service. Voer de volgende opdrachten uit om te controleren:To check, run the following commands:

  1. Als dit de eerste keer dat u Windows PowerShell voor Exchange Online hebt gebruikt op uw computer, moet u Windows PowerShell configureren voor het uitvoeren van ondertekende scripts.If this is the first time that you have used Windows PowerShell for Exchange Online on your computer, you must configure Windows PowerShell to run signed scripts. Start de Windows PowerShell-sessie met de optie Als beheerder uitvoeren en type vervolgens:Start your Windows PowerShell session by using the Run as administrator option, and then type:

     Set-ExecutionPolicy RemoteSigned
    

    Druk op j om te bevestigen.Press Y to confirm.

  2. Meld u in de Windows PowerShell-sessie aan bij Exchange Online met een account dat is ingeschakeld voor toegang tot externe Shells.In your Windows PowerShell session, sign in to Exchange Online by using an account that is enabled for remote Shell access. Alle accounts die zijn gemaakt in Exchange Online zijn standaard ingeschakeld voor externe toegang tot Shell, maar dit kan worden uitgeschakeld (en ingeschakeld) met de opdracht Set-User <UserIdentity> -RemotePowerShellEnabled.By default, all accounts that are created in Exchange Online are enabled for remote Shell access but this can be disabled (and enabled) by using the Set-User <UserIdentity> -RemotePowerShellEnabled command.

    Als u zich wilt aanmelden, voert u eerst het volgende in:To sign in, first type:

     $Cred = Get-Credential
    

    Geef vervolgens in het dialoog venster Windows Power shell-referentie aanvraag uw Office 365-gebruikers naam en-wacht woord op.Then, in the Windows PowerShell credential request dialog box, supply your Office 365 user name and password.

  3. Maak verbinding met de Exchange Online-service door eerst een variabele in te stellen:Connect to the Exchange Online service by first setting a variable:

     $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $Cred -Authentication Basic –AllowRedirection
    

    Voer vervolgens de volgende opdracht uit:Then run the following command:

     Import-PSSession $Session
    
  4. Voer de opdracht Get-IRMConfiguration uit om de Exchange Online-configuratie voor de beveiligings service weer te geven:Run the Get-IRMConfiguration command to view your Exchange Online configuration for the protection service:

     Get-IRMConfiguration
    

    Zoek in de uitvoer de waarde AzureRMSLicensingEnabled :From the output, locate the AzureRMSLicensingEnabled value:

    • Als AzureRMSLicensingEnabled is ingesteld op True, is Exchange Online al ingeschakeld voor de Azure Rights Management-service.If AzureRMSLicensingEnabled is set to True, Exchange Online is already enabled for the Azure Rights Management service.

    • Als AzureRMSLicensingEnabled is ingesteld op False, voert u de volgende opdracht uit om Exchange Online in te scha kelen voor de Azure Rights Management-service: Set-IRMConfiguration -AzureRMSLicensingEnabled $trueIf AzureRMSLicensingEnabled is set False, run the follow command to enable Exchange Online for the Azure Rights Management service: Set-IRMConfiguration -AzureRMSLicensingEnabled $true

  5. Als u wilt testen of Exchange Online is geconfigureerd, voert u de volgende opdracht uit:To test that Exchange Online is configured successfully, run the following command:

    Test-IRMConfiguration -Sender <user email address>
    

    Bijvoorbeeld: Test-IRMConfiguration -Sender adams@contoso.comFor example: Test-IRMConfiguration -Sender adams@contoso.com

    Met deze opdracht wordt een serie controles uitgevoerd om de verbinding met de service te verifiëren, de configuratie, URI's, licenties en eventueel sjablonen op te halen.This command runs a series of checks that includes verifying connectivity to the service, retrieving the configuration, retrieving URIs, licenses, and any templates. In de Windows PowerShell-sessie ziet u van elk onderdeel de resultaten en aan het einde, als alle onderdelen voor de controles slagen: OVERALL RESULT: PASSIn the Windows PowerShell session, you will see the results of each and at the end, if everything passes these checks: OVERALL RESULT: PASS

Wanneer Exchange Online is ingeschakeld voor het gebruik van de Azure Rights Management-service, kunt u functies configureren die gegevens beveiliging automatisch Toep assen, zoals de regels voor de e-mail stroom, het beleid voor preventie van gegevens verlies (DLP)en beveiligde spraak e-mail (Unified Messa ging).When Exchange Online is enabled to use the Azure Rights Management service, you can configure features that apply information protection automatically, such as mail flow rules, data loss prevention (DLP) policies, and protected voice mail (Unified Messaging).

Share point online en OneDrive voor bedrijven: IRM-configuratieSharePoint Online and OneDrive for Business: IRM Configuration

Zie share point online en share Point server in de sectie Rights Management beveiliging van deze documentatie voor meer informatie over de werking van share point online IRM met de Azure Rights Management-service.For information about how SharePoint Online IRM works with the Azure Rights Management service, see SharePoint Online and SharePoint Server from the Rights Management protection section of this documentation.

Als u share point online en OneDrive voor bedrijven wilt configureren voor ondersteuning van de Azure Rights Management-service, moet u eerst de Information Rights Management-service (IRM) voor share point Online inschakelen met behulp van het share point-beheer centrum.To configure SharePoint Online and OneDrive for Business to support the Azure Rights Management service, you must first enable the information rights management (IRM) service for SharePoint Online by using the SharePoint admin center. Vervolgens kunnen site-eigenaren hun SharePoint-lijsten en documentbibliotheken met IRM beveiligen, en kunnen gebruikers hun bibliotheek van OneDrive voor Bedrijven met IRM beveiligen zodat documenten die daar worden opgeslagen en gedeeld met anderen automatisch worden beveiligd door de Azure Rights Management-service.Then, site owners can IRM-protect their SharePoint lists and document libraries, and users can IRM-protect their OneDrive for Business library so that documents that are saved there, and shared with others, are automatically protected by the Azure Rights Management service.

Notitie

Met IRM beveiligde bibliotheken voor share point en OneDrive voor bedrijven is de nieuwste versie van de nieuwe OneDrive-synchronisatieclient (OneDrive. exe) en de versie van de RMS-client van het micro soft Download centrumvereist.IRM-protected libraries for SharePoint and OneDrive for Business require the latest version of the new OneDrive sync client (OneDrive.exe), and the version of the RMS client from the Microsoft Download Center. Installeer deze versie van de RMS-client, zelfs als u de Azure Information Protection-client hebt geïnstalleerd.Install this version of the RMS client even if you have installed the Azure Information Protection client. Zie de nieuwe OneDrive Sync-client implementeren in een bedrijfs omgevingvoor meer informatie over dit implementatie scenario.For more information about this deployment scenario, see Deploy the new OneDrive sync client in an enterprise environment.

Raadpleeg de volgende instructies in de Office-documentatie om de Information Rights Management-service (IRM) voor share point online in te scha kelen:To enable the information rights management (IRM) service for SharePoint Online, see the following instructions from the Office documentation:

Deze configuratie wordt uitgevoerd door de Office 365-beheerder.This configuration is done by the Office 365 administrator.

IRM configureren voor bibliotheken en lijstenConfiguring IRM for libraries and lists

Nadat u de IRM-service voor SharePoint hebt ingeschakeld, kunnen site-eigenaren hun SharePoint-documentbibliotheken en -lijsten met IRM beveiligen.After you have enabled the IRM service for SharePoint, site owners can IRM-protect their SharePoint document libraries and lists. Zie de volgende informatie op de Office-website voor instructies:For instructions, see the following from the Office website:

Deze configuratie wordt uitgevoerd door de beheerder van de SharePoint-site.This configuration is done by the SharePoint site administrator.

IRM configureren voor OneDrive voor BedrijvenConfiguring IRM for OneDrive for Business

Nadat u de IRM-service voor share point online hebt ingeschakeld, kan de OneDrive voor bedrijven-document bibliotheek van gebruikers of afzonderlijke mappen vervolgens worden geconfigureerd voor Rights Management beveiliging.After you have enabled the IRM service for SharePoint Online, users' OneDrive for Business document library or individual folders can then be configured for Rights Management protection. Gebruikers kunnen dit voor zichzelf configureren met behulp van hun OneDrive-website.Users can configure this for themselves by using their OneDrive website. Hoewel beheerders deze beveiliging niet voor hen kunnen configureren met het share point-beheer centrum, kunt u dit doen met behulp van Windows Power shell.Although administrators cannot configure this protection for them by using the SharePoint admin center, you can do this by using Windows PowerShell.

Notitie

Zie de Office-documentatie Set up OneDrive for Business in Office 365 (OneDrive voor Bedrijven instellen in Office 365) voor meer informatie over het configureren van OneDrive voor Bedrijven.For more information about configuring OneDrive for Business, see the Office documentation, Set up OneDrive for Business in Office 365.

Configuratie voor gebruikersConfiguration for users

Geef gebruikers de volgende instructies zodat ze hun OneDrive voor bedrijven kunnen configureren om hun bedrijfs bestanden te beveiligen.Give users the following instructions so that they can configure their OneDrive for Business to protect their business files.

  1. Meld u aan bij Office 365 met uw werk-of school account en ga naar de OneDrive-website.Sign in to Office 365 with your work or school account and go to the OneDrive website.

  2. Selecteer in het navigatie deel venster onderaan de optie terug naar klassiek OneDrive.In the navigation pane, at the bottom, select Return to classic OneDrive.

  3. Selecteer het pictogram instellingen .Select the Settings icon. Als het lint is ingesteld op uitin het deel venster instellingen , selecteert u deze instelling om het lint in te scha kelen.In the Settings pane, if the Ribbon is set to Off, select this setting to turn the ribbon on.

  4. Als u alle OneDrive voor bedrijven-bestanden wilt configureren die moeten worden beveiligd, selecteert u het tabblad bibliotheek op het lint en selecteert u vervolgens bibliotheek instellingen.To configure all OneDrive for Business files to be protected, select the LIBRARY tab from the ribbon, and then select Library Settings.

  5. Selecteer op de pagina documenten > instellingen in de sectie machtigingen en beheer de optie informatie Rights Management.On the Documents > Settings page, in the Permissions and Management section, select Information Rights Management.

  6. Schakel op de pagina informatie Rights Management instellingen het selectie vakje de machtigingen voor deze bibliotheek beperken bij het downloaden in.On the Information Rights Management Settings page, select Restrict permissions on this library on download check box. Geef een naam en beschrijving voor de machtigingen op en Klik desgewenst op opties weer geven om optionele configuraties te configureren en klik vervolgens op OK.Specify your choice of name and a description for the permissions, and optionally, click SHOW OPTIONS to configure optional configurations, and then click OK.

    Zie de instructies in Information Rights Management toepassen op een lijst of documentbibliotheek in de Office-documentatie voor meer informatie over de configuratieopties.For more information about the configuration options, see the instructions in Apply Information Rights Management to a list or library from the Office documentation.

Omdat deze configuratie afhankelijk is van gebruikers in plaats van een beheerder om hun OneDrive voor bedrijven-bestanden te beveiligen, moet u gebruikers informeren over de voor delen van het beveiligen van hun bestanden en hoe u dit doet.Because this configuration relies on users rather than an administrator to IRM-protect their OneDrive for Business files, educate users about the benefits of protecting their files and how to do this. Leg bijvoorbeeld uit dat als gebruikers een document van OneDrive voor Bedrijven delen, alleen de personen toegang hebben die zij hebben gemachtigd, met de beperkingen die ze zelf configureren, zelfs als het bestand wordt gewijzigd en naar een andere locatie wordt gekopieerd.For example, explain that when they share a document from OneDrive for Business, only people they authorize can access it with any restrictions that they configure, even if the file is renamed and copied somewhere else.

Configuratie voor beheerdersConfiguration for administrators

Hoewel u met het SharePoint-beheercentrum IRM niet kunt configureren voor OneDrive voor Bedrijven van gebruikers, kunt u dit wel doen via Windows PowerShell.Although you cannot configure IRM for users' OneDrive for Business by using the SharePoint admin center, you can do this by using Windows PowerShell. Voer de volgende stappen uit om IRM voor deze bibliotheken in te schakelen:To enable IRM for these libraries, follow these steps:

  1. Download en installeer de SharePoint Online-SDK voor clientonderdelen.Download and install the SharePoint Online Client Components SDK.

  2. Download en installeer de SharePoint Online-beheershell.Download and install the SharePoint Online Management Shell.

  3. Kopieer de inhoud van het volgende script en noem het bestand Set-IRMOnOneDriveForBusiness.ps1 op uw computer.Copy the contents of the following script and name the file Set-IRMOnOneDriveForBusiness.ps1 on your computer.

    **Disclaimer** : dit voorbeeldscript wordt onder geen enkel een ondersteuningsprogramma of -service op basis van Microsoft-standaard ondersteund.**Disclaimer**: This sample script is not supported under any Microsoft standard support program or service. Dit voorbeeldscript wordt verstrekt 'in de huidige vorm' zonder garantie van welke aard dan ook.This sample script is provided AS IS without warranty of any kind.

    # Requires Windows PowerShell version 3
    
    <#
      Description:
    
        Configures IRM policy settings for OneDrive for Business and can also be used for SharePoint Online libraries and lists
    
     Script Installation Requirements:
    
       SharePoint Online Client Components SDK
       https://www.microsoft.com/en-us/download/details.aspx?id=42038
    
       SharePoint Online Management Shell
       https://www.microsoft.com/en-us/download/details.aspx?id=35588
    
    ======
    #>
    
    # URL will be in the format https://<tenant-name>-admin.sharepoint.com
    $sharepointAdminCenterUrl = "https://contoso-admin.sharepoint.com"
    
    $tenantAdmin = "admin@contoso.com"
    
    $webUrls = @("https://contoso-my.sharepoint.com/personal/user1_contoso_com",
                 "https://contoso-my.sharepoint.com/personal/user2_contoso_com",
                 "https://contoso-my.sharepoint.com/personal/user3_contoso_com")
    
    <# As an alternative to specifying the URLs as an array, you can import them from a CSV file (no header, single value per row).
       Then, use: $webUrls = Get-Content -Path "File_path_and_name.csv"
    
    #>
    
    $listTitle = "Documents"
    
    function Load-SharePointOnlineClientComponentAssemblies
    {
        [cmdletbinding()]
        param()
    
        process
        {
            # assembly location: C:\Program Files\Common Files\microsoft shared\Web Server Extensions\16\ISAPI
            try
            {
                Write-Verbose "Loading Assembly: Microsoft.Office.Client.Policy, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
                [System.Reflection.Assembly]::Load("Microsoft.Office.Client.Policy, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null
    
                Write-Verbose "Loading Assembly: Microsoft.Office.Client.TranslationServices, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
                [System.Reflection.Assembly]::Load("Microsoft.Office.Client.TranslationServices, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null
    
                Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
                [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null
    
                Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client.DocumentManagement, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
                [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client.DocumentManagement, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null
    
                Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client.Publishing, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
                [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client.Publishing, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null
    
                Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client.Runtime, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
                [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client.Runtime, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null
    
                Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client.Search.Applications, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
                [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client.Search.Applications, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null
    
                Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client.Search, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
                [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client.Search, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null
    
                Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client.Taxonomy, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
                [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client.Taxonomy, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null
    
                Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client.UserProfiles, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
                [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client.UserProfiles, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null
    
                return $true
            }
            catch
            {
                if($_.Exception.Message -match "Could not load file or assembly")
                {
                    Write-Error -Message "Unable to load the SharePoint Server 2013 Client Components.`nDownload Location: https://www.microsoft.com/en-us/download/details.aspx?id=42038"
                }
                else
                {
                    Write-Error -Exception $_.Exception
                }
                return $false
            }
        }
    }
    
    function Load-SharePointOnlineModule
    {
        [cmdletbinding()]
        param()
    
        process
        {
            do
            {
                # Installation location: C:\Program Files\SharePoint Online Management Shell\Microsoft.Online.SharePoint.PowerShell
                $spoModule = Get-Module -Name Microsoft.Online.SharePoint.PowerShell -ErrorAction SilentlyContinue
    
                if(-not $spoModule)
                {
                    try
                    {
                        Import-Module Microsoft.Online.SharePoint.PowerShell -DisableNameChecking
                        return $true
                    }
                    catch
                    {
                        if($_.Exception.Message -match "Could not load file or assembly")
                        {
                            Write-Error -Message "Unable to load the SharePoint Online Management Shell.`nDownload Location: https://www.microsoft.com/en-us/download/details.aspx?id=35588"
                        }
                        else
                        {
                            Write-Error -Exception $_.Exception
                        }
                        return $false
                    }
                }
                else
                {
                    return $true
                }
            }
            while(-not $spoModule)
        }
    }
    
    function Set-IrmConfiguration
    {
        [cmdletbinding()]
        param(
            [parameter(Mandatory=$true)][Microsoft.SharePoint.Client.List]$List,
            [parameter(Mandatory=$true)][string]$PolicyTitle,
            [parameter(Mandatory=$true)][string]$PolicyDescription,
            [parameter(Mandatory=$false)][switch]$IrmReject,
            [parameter(Mandatory=$false)][DateTime]$ProtectionExpirationDate,
            [parameter(Mandatory=$false)][switch]$DisableDocumentBrowserView,
            [parameter(Mandatory=$false)][switch]$AllowPrint,
            [parameter(Mandatory=$false)][switch]$AllowScript,
            [parameter(Mandatory=$false)][switch]$AllowWriteCopy,
            [parameter(Mandatory=$false)][int]$DocumentAccessExpireDays,
            [parameter(Mandatory=$false)][int]$LicenseCacheExpireDays,
            [parameter(Mandatory=$false)][string]$GroupName
        )
    
        process
        {
            Write-Verbose "Applying IRM Configuration on '$($List.Title)'"
    
            # reset the value to the default settings
            $list.InformationRightsManagementSettings.Reset()
    
            $list.IrmEnabled = $true
    
            # IRM Policy title and description
    
                $list.InformationRightsManagementSettings.PolicyTitle       = $PolicyTitle
                $list.InformationRightsManagementSettings.PolicyDescription = $PolicyDescription
    
            # Set additional IRM library settings
    
                # Do not allow users to upload documents that do not support IRM
                $list.IrmReject = $IrmReject.IsPresent
    
                $parsedDate = Get-Date
                if([DateTime]::TryParse($ProtectionExpirationDate, [ref]$parsedDate))
                {
                    # Stop restricting access to the library at <date>
                    $list.IrmExpire = $true
                    $list.InformationRightsManagementSettings.DocumentLibraryProtectionExpireDate = $ProtectionExpirationDate
                }
    
                # Prevent opening documents in the browser for this Document Library
                $list.InformationRightsManagementSettings.DisableDocumentBrowserView = $DisableDocumentBrowserView.IsPresent
    
            # Configure document access rights
    
                # Allow viewers to print
                $list.InformationRightsManagementSettings.AllowPrint = $AllowPrint.IsPresent
    
                # Allow viewers to run script and screen reader to function on downloaded documents
                $list.InformationRightsManagementSettings.AllowScript = $AllowScript.IsPresent
    
                # Allow viewers to write on a copy of the downloaded document
                $list.InformationRightsManagementSettings.AllowWriteCopy = $AllowWriteCopy.IsPresent
    
                if($DocumentAccessExpireDays)
                {
                    # After download, document access rights will expire after these number of days (1-365)
                    $list.InformationRightsManagementSettings.EnableDocumentAccessExpire = $true
                    $list.InformationRightsManagementSettings.DocumentAccessExpireDays   = $DocumentAccessExpireDays
                }
    
            # Set group protection and credentials interval
    
                if($LicenseCacheExpireDays)
                {
                    # Users must verify their credentials using this interval (days)
                    $list.InformationRightsManagementSettings.EnableLicenseCacheExpire = $true
                    $list.InformationRightsManagementSettings.LicenseCacheExpireDays   = $LicenseCacheExpireDays
                }
    
                if($GroupName)
                {
                    # Allow group protection. Default group:
                    $list.InformationRightsManagementSettings.EnableGroupProtection = $true
                    $list.InformationRightsManagementSettings.GroupName             = $GroupName
                }
        }
        end
        {
            if($list)
            {
                Write-Verbose "Committing IRM configuration settings on '$($list.Title)'"
                $list.InformationRightsManagementSettings.Update()
                $list.Update()
                $script:clientContext.Load($list)
                $script:clientContext.ExecuteQuery()
            }
        }
    }
    
    function Get-CredentialFromCredentialCache
    {
        [cmdletbinding()]
        param([string]$CredentialName)
    
        #if( Test-Path variable:\global:CredentialCache )
        if( Get-Variable O365TenantAdminCredentialCache -Scope Global -ErrorAction SilentlyContinue )
        {
            if($global:O365TenantAdminCredentialCache.ContainsKey($CredentialName))
            {
                Write-Verbose "Credential Cache Hit: $CredentialName"
                return $global:O365TenantAdminCredentialCache[$CredentialName]
            }
        }
        Write-Verbose "Credential Cache Miss: $CredentialName"
        return $null
    }
    
    function Add-CredentialToCredentialCache
    {
        [cmdletbinding()]
        param([System.Management.Automation.PSCredential]$Credential)
    
        if(-not (Get-Variable CredentialCache -Scope Global -ErrorAction SilentlyContinue))
        {
            Write-Verbose "Initializing the Credential Cache"
            $global:O365TenantAdminCredentialCache = @{}
        }
    
        Write-Verbose "Adding Credential to the Credential Cache"
        $global:O365TenantAdminCredentialCache[$Credential.UserName] = $Credential
    }
    
    # load the required assemblies and Windows PowerShell modules
    
        if(-not ((Load-SharePointOnlineClientComponentAssemblies) -and (Load-SharePointOnlineModule)) ) { return }
    
    # Add the credentials to the client context and SharePoint Online service connection
    
        # check for cached credentials to use
        $o365TenantAdminCredential = Get-CredentialFromCredentialCache -CredentialName $tenantAdmin
    
        if(-not $o365TenantAdminCredential)
        {
            # when credentials are not cached, prompt for the tenant admin credentials
            $o365TenantAdminCredential = Get-Credential -UserName $tenantAdmin -Message "Enter the password for the Office 365 admin"
    
            if(-not $o365TenantAdminCredential -or -not $o365TenantAdminCredential.UserName -or $o365TenantAdminCredential.Password.Length -eq 0 )
            {
                Write-Error -Message "Could not validate the supplied tenant admin credentials"
                return
            }
    
            # add the credentials to the cache
            Add-CredentialToCredentialCache -Credential $o365TenantAdminCredential
        }
    
    # connect to Office365 first, required for SharePoint Online cmdlets to run
    
        Connect-SPOService -Url $sharepointAdminCenterUrl -Credential $o365TenantAdminCredential
    
    # enumerate each of the specified site URLs
    
        foreach($webUrl in $webUrls)
        {
            $grantedSiteCollectionAdmin = $false
    
            try
            {
                # establish the client context and set the credentials to connect to the site
                $script:clientContext = New-Object Microsoft.SharePoint.Client.ClientContext($webUrl)
                $script:clientContext.Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($o365TenantAdminCredential.UserName, $o365TenantAdminCredential.Password)
    
                # initialize the site and web context
                $script:clientContext.Load($script:clientContext.Site)
                $script:clientContext.Load($script:clientContext.Web)
                $script:clientContext.ExecuteQuery()
    
                # load and ensure the tenant admin user account if present on the target SharePoint site
                $tenantAdminUser = $script:clientContext.Web.EnsureUser($o365TenantAdminCredential.UserName)
                $script:clientContext.Load($tenantAdminUser)
                $script:clientContext.ExecuteQuery()
    
                # check if the tenant admin is a site admin
                if( -not $tenantAdminUser.IsSiteAdmin )
                {
                    try
                    {
                        # grant the tenant admin temporary admin rights to the site collection
                        Set-SPOUser -Site $script:clientContext.Site.Url -LoginName $o365TenantAdminCredential.UserName -IsSiteCollectionAdmin $true | Out-Null
                        $grantedSiteCollectionAdmin = $true
                    }
                    catch
                    {
                        Write-Error $_.Exception
                        return
                    }
                }
    
                try
                {
                    # load the list orlibrary using CSOM
    
                    $list = $null
                    $list = $script:clientContext.Web.Lists.GetByTitle($listTitle)
                    $script:clientContext.Load($list)
                    $script:clientContext.ExecuteQuery()
    
                    # **************  ADMIN INSTRUCTIONS  **************
                    # If necessary, modify the following Set-IrmConfiguration parameters to match your required values
                    # The supplied options and values are for example only
                    # Example that shows the Set-IrmConfiguration command with all parameters: Set-IrmConfiguration -List $list -PolicyTitle "Protected Files" -PolicyDescription "This policy restricts access to authorized users" -IrmReject -ProtectionExpirationDate $(Get-Date).AddDays(180) -DisableDocumentBrowserView -AllowPrint -AllowScript -AllowWriteCopy -LicenseCacheExpireDays 25 -DocumentAccessExpireDays 90
    
                    Set-IrmConfiguration -List $list -PolicyTitle "Protected Files" -PolicyDescription "This policy restricts access to authorized users"  
                }
                catch
                {
                    Write-Error -Message "Error setting IRM configuration on site: $webUrl.`nError Details: $($_.Exception.ToString())"
                }
           }
           finally
           {
                if($grantedSiteCollectionAdmin)
                {
                    # remove the temporary admin rights to the site collection
                    Set-SPOUser -Site $script:clientContext.Site.Url -LoginName $o365TenantAdminCredential.UserName -IsSiteCollectionAdmin $false | Out-Null
                }
           }
        }
    
    Disconnect-SPOService -ErrorAction SilentlyContinue
    
  4. Bekijk het script en breng de volgende wijzigingen aan:Review the script and make the following changes:

    1. Zoek naar $sharepointAdminCenterUrl en vervang de voorbeeldwaarde door de URL van uw eigen SharePoint-beheercentrum.Search for $sharepointAdminCenterUrl and replace the example value with your own SharePoint admin center URL.

      U vindt deze waarde als de basis-URL als u naar het SharePoint-beheercentrum gaat. De URL heeft de volgende indeling: https://<tenant_name>-admin.sharepoint.comYou'll find this value as the base URL when you go into the SharePoint admin center, and it has the following format: https://<tenant_name>-admin.sharepoint.com

      Als de naam van de Tenant bijvoorbeeld contoso is, geeft u het volgende op: https://contoso-admin.sharepoint.comFor example, if the tenant name is "contoso", then you would specify: https://contoso-admin.sharepoint.com

    2. Zoek naar $tenantAdmin en vervang de voorbeeldwaarde door uw eigen volledig gekwalificeerde account van de algemeen beheerder van Office 365.Search for $tenantAdmin and replace the example value with your own fully qualified global administrator account for Office 365.

      Deze waarde is hetzelfde als het account dat u gebruikt om u aan te melden bij het Microsoft 365-beheer centrum als globale beheerder en heeft de volgende indeling: gebruikers naam @ <tenant domain name @ no__t-2. comThis value is the same as the one you use to sign in to the Microsoft 365 admin center as the global administrator and has the following format: user_name@<tenant domain name>.com

      Als de gebruikersnaam voor de algemeen beheerder van Office 365 'admin' is voor het domein van de tenant 'contoso.com', typt u: admin@contoso.comFor example, if the Office 365 global administrator user name is "admin" for the "contoso.com" tenant domain, you would specify: admin@contoso.com

    3. Zoek naar $webUrls en vervang de voorbeeldwaarden door de web-URL’s van OneDrive voor Bedrijven van uw gebruikers. U kunt hierbij naar behoefte waarden invoeren of verwijderen.Search for $webUrls and replace the example values with your users' OneDrive for Business web URLs, adding or deleting as many entries as you need.

      U kunt ook de opmerkingen in het script volgen over hoe u een CSV-bestand kunt importeren met alle URL's die u wilt configureren.Alternatively, see the comments in the script about how to replace this array by importing a .CSV file that contains all the URLs you need to configure. Er is nog een ander voorbeeldscript beschikbaar voor het automatisch zoeken en extraheren van de URL's om dit CSV-bestand in te vullen.We've provided another sample script to automatically search for and extract the URLs to populate this .CSV file. Als u klaar bent voor deze stap, gaat u naar de sectie Extra script om alle URL's van OneDrive voor Bedrijven naar een .CSV-bestand uit te voeren, direct na deze stappen.When you're ready to do this, use the Additional script to output all OneDrive for Business URLs to a .CSV file section immediately after these steps.

      De indeling van de web-URL voor OneDrive voor Bedrijven van de gebruikers, is als volgt: https://<tenantnaam>-my.sharepoint.com/personal/ <gebruikersnaam> _ <tenantnaam> comThe web URL for the user's OneDrive for Business is in the following format: https://<tenant name>-my.sharepoint.com/personal/<user_name><tenant name>_com

      Als de gebruiker in de contoso-Tenant bijvoorbeeld de gebruikers naam ' rsimone ' heeft, geeft u het volgende op: https://contoso-my.sharepoint.com/personal/rsimone_contoso_comFor example, if the user in the contoso tenant has a user name of "rsimone", you would specify: https://contoso-my.sharepoint.com/personal/rsimone_contoso_com

    4. Als u het script gebruikt voor de configuratie van OneDrive voor Bedrijven, mag u de waarde voor Documenten niet veranderen in de variabele voor $listTitle.Because we are using the script to configure OneDrive for Business, do not change the value of Documents for the $listTitle variable.

    5. Zoek naar ADMIN INSTRUCTIONS.Search for ADMIN INSTRUCTIONS. Als u geen wijzigingen aanbrengt in deze sectie, wordt de OneDrive voor Bedrijven van de gebruiker geconfigureerd voor IRM met de beleidsnaam 'Beveiligde bestanden' en de beschrijving 'This policy restricts access to authorized users' (Dit beleid beperkt toegang tot geautoriseerde gebruikers).If you make no changes to this section, the user's OneDrive for Business will be configured for IRM with the policy title of "Protected Files" and the description of "This policy restricts access to authorized users". Er worden geen andere IRM-opties ingesteld. Voor de meeste omgevingen is dit waarschijnlijk voldoende.No other IRM options will be set, which is probably appropriate for most environments. U kunt echter de voorgestelde beleidsnaam en de beschrijving wijzigen. Verder kunt u andere IRM-opties toevoegen die geschikt zijn voor uw omgeving.However, you can change the suggested policy title and description, and also add any other IRM options that are appropriate for your environment. Zie het voorbeeld met de opmerkingen in het script om uw eigen set parameters voor de opdracht Set-IrmConfiguration samen te stellen.See the commented example in the script to help you construct your own set of parameters for the Set-IrmConfiguration command.

  5. Sla het script op en onderteken het.Save the script and sign it. Als u het script niet ondertekent (veiliger), moet u Windows PowerShell op de computer configureren voor het uitvoeren van niet-ondertekende scripts.If you do not sign the script (more secure), Windows PowerShell must be configured on your computer to run unsigned scripts. Hiervoor voert u een Windows PowerShell-sessie uit met de optie Als beheerder uitvoeren en typt u: Set-ExecutionPolicy Unrestricted.To do this, run a Windows PowerShell session with the Run as Administrator option, and type: Set-ExecutionPolicy Unrestricted. Met deze configuratie kunnen echter alle niet-ondertekende scripts worden uitgevoerd (minder veilig).However, this configuration lets all unsigned scripts run (less secure).

    Zie about_Signing in de PowerShell-documentatiebibliotheek voor meer informatie over het ondertekenen van Windows PowerShell-scripts.For more information about signing Windows PowerShell scripts, see about_Signing in the PowerShell documentation library.

  6. Voer het script uit en geef, wanneer u hierom wordt gevraagd, het wachtwoord op voor het Office 365-beheeraccount.Run the script and if prompted, supply the password for the Office 365 admin account. Als u het script wijzigt en uitvoert in dezelfde Windows PowerShell-sessie, wordt u niet gevraagd om referenties.If you modify the script and run it in the same Windows PowerShell session, you won't be prompted for credentials.

Tip

U kunt ook dit script ook gebruiken om IRM te configureren voor een SharePoint Online-bibliotheek.You can also use this script to configure IRM for a SharePoint Online library. Voor deze configuratie wilt u waarschijnlijk de extra optie Gebruikers niet toestaan om documenten te uploaden die IRM niet ondersteunen inschakelen, om ervoor te zorgen dat de bibliotheek alleen beveiligde documenten bevat.For this configuration, you will likely want to enable the additional option Do not allow users to upload documents that do not support IRM, to ensure that the library contains only protected documents. Voeg hiervoor de parameter -IrmReject toe aan de opdracht Set-IrmConfiguration in het script.To do that, add the -IrmReject parameter to the Set-IrmConfiguration command in the script.

U moet ook de variabele $webUrls wijzigen (bijvoorbeeld https: //contoso. share point. com) en $listTitle-variabele (bijvoorbeeld $Reports).You would also need to modify the $webUrls variable (for example, https://contoso.sharepoint.com) and $listTitle variable (for example, $Reports).

Zie de sectie Script voor het uitschakelen van IRM voor OneDrive voor Bedrijven als u IRM voor de bibliotheken voor OneDrive voor Bedrijven van de gebruiker moet uitschakelen.If you need to disable IRM for user's OneDrive for Business libraries, see the Script to disable IRM for OneDrive for Business section.

Extra script voor uitvoer van alle URL’s van OneDrive voor Bedrijven naar een CSV-bestandAdditional script to output all OneDrive for Business URLs to a .CSV file

Voor stap 4c hierboven kunt u het volgende Windows PowerShell-script gebruiken om de URL's voor de bibliotheken voor OneDrive voor Bedrijven van gebruikers te extraheren. Deze kunt u vervolgens controleren, indien nodig bewerken en vervolgens importeren in het hoofdscript.For step 4c above, you can use the following Windows PowerShell script to extract the URLs for all users' OneDrive for Business libraries, which you can then check, edit if necessary, and then import into the main script.

Voor dit script zijn tevens de SharePoint Online SDK voor clientonderdelen en de SharePoint Online-beheershell vereist.This script also requires the SharePoint Online Client Components SDK and the SharePoint Online Management Shell. Volg dezelfde instructies voor het kopiëren en plakken, sla het bestand lokaal op (bijvoorbeeld 'Report-OneDriveForBusinessSiteInfo.ps1'), wijzigen de waarden $sharepointAdminCenterUrl en $tenantAdmin zoals eerder en voer het script uit.Follow the same instructions to copy and paste it, save the file locally (for example, "Report-OneDriveForBusinessSiteInfo.ps1"), modify the $sharepointAdminCenterUrl and $tenantAdmin values as before, and then run the script.

**Disclaimer** : dit voorbeeldscript wordt onder geen enkel een ondersteuningsprogramma of -service op basis van Microsoft-standaard ondersteund.**Disclaimer**: This sample script is not supported under any Microsoft standard support program or service. Dit voorbeeldscript wordt verstrekt 'in de huidige vorm' zonder garantie van welke aard dan ook.This sample script is provided AS IS without warranty of any kind.

# Requires Windows PowerShell version 3

<#
  Description:

    Queries the search service of an Office 365 tenant to retrieve all OneDrive for Business sites.  
    Details of the discovered sites are written to a .CSV file (by default,"OneDriveForBusinessSiteInfo_<date>.csv").

 Script Installation Requirements:

   SharePoint Online Client Components SDK
   https://www.microsoft.com/en-us/download/details.aspx?id=42038

   SharePoint Online Management Shell
   https://www.microsoft.com/en-us/download/details.aspx?id=35588

======
#>

# URL will be in the format https://<tenant-name>-admin.sharepoint.com
$sharepointAdminCenterUrl = "https://contoso-admin.sharepoint.com"

$tenantAdmin = "admin@contoso.onmicrosoft.com"                           

$reportName = "OneDriveForBusinessSiteInfo_$((Get-Date).ToString("yyyy-MM-dd_hh.mm.ss")).csv"

$oneDriveForBusinessSiteUrls= @()
$resultsProcessed = 0

function Load-SharePointOnlineClientComponentAssemblies
{
    [cmdletbinding()]
    param()

    process
    {
        # assembly location: C:\Program Files\Common Files\microsoft shared\Web Server Extensions\16\ISAPI
        try
        {
            Write-Verbose "Loading Assembly: Microsoft.Office.Client.Policy, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
            [System.Reflection.Assembly]::Load("Microsoft.Office.Client.Policy, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null

            Write-Verbose "Loading Assembly: Microsoft.Office.Client.TranslationServices, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
            [System.Reflection.Assembly]::Load("Microsoft.Office.Client.TranslationServices, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null

            Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
            [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null

            Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client.DocumentManagement, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
            [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client.DocumentManagement, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null

            Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client.Publishing, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
            [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client.Publishing, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null

            Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client.Runtime, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
            [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client.Runtime, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null

            Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client.Search.Applications, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
            [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client.Search.Applications, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null

            Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client.Search, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
            [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client.Search, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null

            Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client.Taxonomy, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
            [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client.Taxonomy, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null

            Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client.UserProfiles, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
            [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client.UserProfiles, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null

            return $true
        }
        catch
        {
            if($_.Exception.Message -match "Could not load file or assembly")
            {
                Write-Error -Message "Unable to load the SharePoint Server 2013 Client Components.`nDownload Location: https://www.microsoft.com/en-us/download/details.aspx?id=42038"
            }
            else
            {
                Write-Error -Exception $_.Exception
            }
            return $false
        }
    }
}

function Load-SharePointOnlineModule
{
    [cmdletbinding()]
    param()

    process
    {
        do
        {
            # Installation location: C:\Program Files\SharePoint Online Management Shell\Microsoft.Online.SharePoint.PowerShell
            $spoModule = Get-Module -Name Microsoft.Online.SharePoint.PowerShell -ErrorAction SilentlyContinue

            if(-not $spoModule)
            {
                try
                {
                    Import-Module Microsoft.Online.SharePoint.PowerShell -DisableNameChecking
                    return $true
                }
                catch
                {
                    if($_.Exception.Message -match "Could not load file or assembly")
                    {
                        Write-Error -Message "Unable to load the SharePoint Online Management Shell.`nDownload Location: https://www.microsoft.com/en-us/download/details.aspx?id=35588"
                    }
                    else
                    {
                        Write-Error -Exception $_.Exception
                    }
                    return $false
                }
            }
            else
            {
                return $true
            }
        }
        while(-not $spoModule)
    }
}

function Get-CredentialFromCredentialCache
{
    [cmdletbinding()]
    param([string]$CredentialName)

    #if( Test-Path variable:\global:CredentialCache )
    if( Get-Variable O365TenantAdminCredentialCache -Scope Global -ErrorAction SilentlyContinue )
    {
        if($global:O365TenantAdminCredentialCache.ContainsKey($CredentialName))
        {
            Write-Verbose "Credential Cache Hit: $CredentialName"
            return $global:O365TenantAdminCredentialCache[$CredentialName]
        }
    }
    Write-Verbose "Credential Cache Miss: $CredentialName"
    return $null
}

function Add-CredentialToCredentialCache
{
    [cmdletbinding()]
    param([System.Management.Automation.PSCredential]$Credential)

    if(-not (Get-Variable CredentialCache -Scope Global -ErrorAction SilentlyContinue))
    {
        Write-Verbose "Initializing the Credential Cache"
        $global:O365TenantAdminCredentialCache = @{}
    }

    Write-Verbose "Adding Credential to the Credential Cache"
    $global:O365TenantAdminCredentialCache[$Credential.UserName] = $Credential
}

# load the required assemblies and Windows PowerShell modules

    if(-not ((Load-SharePointOnlineClientComponentAssemblies) -and (Load-SharePointOnlineModule)) ) { return }

# Add the credentials to the client context and SharePoint Online service connection

    # check for cached credentials to use
    $o365TenantAdminCredential = Get-CredentialFromCredentialCache -CredentialName $tenantAdmin

    if(-not $o365TenantAdminCredential)
    {
        # when credentials are not cached, prompt for the tenant admin credentials
        $o365TenantAdminCredential = Get-Credential -UserName $tenantAdmin -Message "Enter the password for the Office 365 admin"

        if(-not $o365TenantAdminCredential -or -not $o365TenantAdminCredential.UserName -or $o365TenantAdminCredential.Password.Length -eq 0 )
        {
            Write-Error -Message "Could not validate the supplied tenant admin credentials"
            return
        }

        # add the credentials to the cache
        Add-CredentialToCredentialCache -Credential $o365TenantAdminCredential
    }

# establish the client context and set the credentials to connect to the site

    $clientContext = New-Object Microsoft.SharePoint.Client.ClientContext($sharepointAdminCenterUrl)
    $clientContext.Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($o365TenantAdminCredential.UserName, $o365TenantAdminCredential.Password)

# run a query against the Office 365 tenant search service to retrieve all OneDrive for Business URLs

    do
    {
        # build the query object
        $query = New-Object Microsoft.SharePoint.Client.Search.Query.KeywordQuery($clientContext)
        $query.TrimDuplicates        = $false
        $query.RowLimit              = 500
        $query.QueryText             = "SPSiteUrl:'/personal/' AND contentclass:STS_Site"
        $query.StartRow              = $resultsProcessed
        $query.TotalRowsExactMinimum = 500000

        # run the query
        $searchExecutor = New-Object Microsoft.SharePoint.Client.Search.Query.SearchExecutor($clientContext)
        $queryResults = $searchExecutor.ExecuteQuery($query)
        $clientContext.ExecuteQuery()

        # enumerate the search results and store the site URLs
        $queryResults.Value[0].ResultRows | % {
            $oneDriveForBusinessSiteUrls += $_.Path
            $resultsProcessed++
        }
    }
    while($resultsProcessed -lt $queryResults.Value.TotalRows)

$oneDriveForBusinessSiteUrls | Out-File -FilePath $reportName
Script voor het uitschakelen van IRM voor OneDrive voor BedrijvenScript to disable IRM for OneDrive for Business

Gebruik het volgende voorbeeldscript gebruiken als u IRM voor OneDrive voor Bedrijven van gebruikers moet uitschakelen.Use the following sample script if you need to disable IRM for users' OneDrive for Business.

Voor dit script zijn tevens de SharePoint Online SDK voor clientonderdelen en de SharePoint Online-beheershell vereist.This script also requires the SharePoint Online Client Components SDK and the SharePoint Online Management Shell. Kopieer en plak de inhoud, sla het bestand lokaal op (bijvoorbeeld 'Disable-IRMOnOneDriveForBusiness.ps1') en wijzigen de waarden $sharepointAdminCenterUrl en $tenantAdmin.Copy and paste the contents, save the file locally (for example, "Disable-IRMOnOneDriveForBusiness.ps1"), and modify the $sharepointAdminCenterUrl and $tenantAdmin values. Geef handmatig de URL’s van OneDrive voor Bedrijven op of gebruik het script in de voorgaande sectie zodat u deze kunt importeren, en voer vervolgens het script uit.Manually specify the OneDrive for Business URLs or use the script in the previous section so that you can import these, and then run the script.

**Disclaimer** : dit voorbeeldscript wordt onder geen enkel een ondersteuningsprogramma of -service op basis van Microsoft-standaard ondersteund.**Disclaimer**: This sample script is not supported under any Microsoft standard support program or service. Dit voorbeeldscript wordt verstrekt 'in de huidige vorm' zonder garantie van welke aard dan ook.This sample script is provided AS IS without warranty of any kind.

# Requires Windows PowerShell version 3

<#
  Description:

    Disables IRM for OneDrive for Business and can also be used for SharePoint Online libraries and lists

 Script Installation Requirements:

   SharePoint Online Client Components SDK
   https://www.microsoft.com/en-us/download/details.aspx?id=42038

   SharePoint Online Management Shell
   https://www.microsoft.com/en-us/download/details.aspx?id=35588

======
#>

$sharepointAdminCenterUrl = "https://contoso-admin.sharepoint.com"

$tenantAdmin = "admin@contoso.com"

$webUrls = @("https://contoso-my.sharepoint.com/personal/user1_contoso_com",
             "https://contoso-my.sharepoint.com/personal/user2_contoso_com",
             "https://contoso-my.sharepoint.com/personal/person3_contoso_com")

<# As an alternative to specifying the URLs as an array, you can import them from a CSV file (no header, single value per row).
   Then, use: $webUrls = Get-Content -Path "File_path_and_name.csv"

#>

$listTitle = "Documents"

function Load-SharePointOnlineClientComponentAssemblies
{
    [cmdletbinding()]
    param()

    process
    {
        # assembly location: C:\Program Files\Common Files\microsoft shared\Web Server Extensions\16\ISAPI
        try
        {
            Write-Verbose "Loading Assembly: Microsoft.Office.Client.Policy, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
            [System.Reflection.Assembly]::Load("Microsoft.Office.Client.Policy, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null

            Write-Verbose "Loading Assembly: Microsoft.Office.Client.TranslationServices, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
            [System.Reflection.Assembly]::Load("Microsoft.Office.Client.TranslationServices, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null

            Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
            [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null

            Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client.DocumentManagement, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
            [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client.DocumentManagement, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null

            Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client.Publishing, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
            [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client.Publishing, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null

            Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client.Runtime, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
            [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client.Runtime, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null

            Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client.Search.Applications, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
            [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client.Search.Applications, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null

            Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client.Search, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
            [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client.Search, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null

            Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client.Taxonomy, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
            [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client.Taxonomy, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null

            Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client.UserProfiles, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
            [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client.UserProfiles, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null

            return $true
        }
        catch
        {
            if($_.Exception.Message -match "Could not load file or assembly")
            {
                Write-Error -Message "Unable to load the SharePoint Server 2013 Client Components.`nDownload Location: https://www.microsoft.com/en-us/download/details.aspx?id=42038"
            }
            else
            {
                Write-Error -Exception $_.Exception
            }
            return $false
        }
    }
}

function Load-SharePointOnlineModule
{
    [cmdletbinding()]
    param()

    process
    {
        do
        {
            # Installation location: C:\Program Files\SharePoint Online Management Shell\Microsoft.Online.SharePoint.PowerShell
            $spoModule = Get-Module -Name Microsoft.Online.SharePoint.PowerShell -ErrorAction SilentlyContinue

            if(-not $spoModule)
            {
                try
                {
                    Import-Module Microsoft.Online.SharePoint.PowerShell -DisableNameChecking
                    return $true
                }
                catch
                {
                    if($_.Exception.Message -match "Could not load file or assembly")
                    {
                        Write-Error -Message "Unable to load the SharePoint Online Management Shell.`nDownload Location: https://www.microsoft.com/en-us/download/details.aspx?id=35588"
                    }
                    else
                    {
                        Write-Error -Exception $_.Exception
                    }
                    return $false
                }
            }
            else
            {
                return $true
            }
        }
        while(-not $spoModule)
    }
}

function Remove-IrmConfiguration
{
    [cmdletbinding()]
    param(
        [parameter(Mandatory=$true)][Microsoft.SharePoint.Client.List]$List
    )

    process
    {
        Write-Verbose "Disabling IRM Configuration on '$($List.Title)'"

        $List.IrmEnabled = $false
        $List.IrmExpire  = $false
        $List.IrmReject  = $false
        $List.InformationRightsManagementSettings.Reset()
    }
    end
    {
        if($List)
        {
            Write-Verbose "Committing IRM configuration settings on '$($list.Title)'"
            $list.InformationRightsManagementSettings.Update()
            $list.Update()
            $script:clientContext.Load($list)
            $script:clientContext.ExecuteQuery()
        }
    }
}

function Get-CredentialFromCredentialCache
{
    [cmdletbinding()]
    param([string]$CredentialName)

    #if( Test-Path variable:\global:CredentialCache )
    if( Get-Variable O365TenantAdminCredentialCache -Scope Global -ErrorAction SilentlyContinue )
    {
        if($global:O365TenantAdminCredentialCache.ContainsKey($CredentialName))
        {
            Write-Verbose "Credential Cache Hit: $CredentialName"
            return $global:O365TenantAdminCredentialCache[$CredentialName]
        }
    }
    Write-Verbose "Credential Cache Miss: $CredentialName"
    return $null
}

function Add-CredentialToCredentialCache
{
    [cmdletbinding()]
    param([System.Management.Automation.PSCredential]$Credential)

    if(-not (Get-Variable CredentialCache -Scope Global -ErrorAction SilentlyContinue))
    {
        Write-Verbose "Initializing the Credential Cache"
        $global:O365TenantAdminCredentialCache = @{}
    }

    Write-Verbose "Adding Credential to the Credential Cache"
    $global:O365TenantAdminCredentialCache[$Credential.UserName] = $Credential
}

# load the required assemblies and Windows PowerShell modules

    if(-not ((Load-SharePointOnlineClientComponentAssemblies) -and (Load-SharePointOnlineModule)) ) { return }

# Add the credentials to the client context and SharePoint Online service connection

    # check for cached credentials to use
    $o365TenantAdminCredential = Get-CredentialFromCredentialCache -CredentialName $tenantAdmin

    if(-not $o365TenantAdminCredential)
    {
        # when credentials are not cached, prompt for the tenant admin credentials
        $o365TenantAdminCredential = Get-Credential -UserName $tenantAdmin -Message "Enter the password for the Office 365 admin"

        if(-not $o365TenantAdminCredential -or -not $o365TenantAdminCredential.UserName -or $o365TenantAdminCredential.Password.Length -eq 0 )
        {
            Write-Error -Message "Could not validate the supplied tenant admin credentials"
            return
        }

        # add the credentials to the cache
        Add-CredentialToCredentialCache -Credential $o365TenantAdminCredential
    }

# connect to Office365 first, required for SharePoint Online cmdlets to run

    Connect-SPOService -Url $sharepointAdminCenterUrl -Credential $o365TenantAdminCredential

# enumerate each of the specified site URLs

    foreach($webUrl in $webUrls)
    {
        $grantedSiteCollectionAdmin = $false

        try
        {
            # establish the client context and set the credentials to connect to the site
            $script:clientContext = New-Object Microsoft.SharePoint.Client.ClientContext($webUrl)
            $script:clientContext.Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($o365TenantAdminCredential.UserName, $o365TenantAdminCredential.Password)

            # initialize the site and web context
            $script:clientContext.Load($script:clientContext.Site)
            $script:clientContext.Load($script:clientContext.Web)
            $script:clientContext.ExecuteQuery()

            # load and ensure the tenant admin user account if present on the target SharePoint site
            $tenantAdminUser = $script:clientContext.Web.EnsureUser($o365TenantAdminCredential.UserName)
            $script:clientContext.Load($tenantAdminUser)
            $script:clientContext.ExecuteQuery()

            # check if the tenant admin is a site admin
            if( -not $tenantAdminUser.IsSiteAdmin )
            {
                try
                {
                    # grant the tenant admin temporary admin rights to the site collection
                    Set-SPOUser -Site $script:clientContext.Site.Url -LoginName $o365TenantAdminCredential.UserName -IsSiteCollectionAdmin $true | Out-Null
                    $grantedSiteCollectionAdmin = $true
                }
                catch
                {
                    Write-Error $_.Exception
                    return
                }
            }

            try
            {
                # load the list orlibrary using CSOM

                $list = $null
                $list = $script:clientContext.Web.Lists.GetByTitle($listTitle)
                $script:clientContext.Load($list)
                $script:clientContext.ExecuteQuery()

               Remove-IrmConfiguration -List $list                 
            }
            catch
            {
                Write-Error -Message "Error setting IRM configuration on site: $webUrl.`nError Details: $($_.Exception.ToString())"
            }
       }
       finally
       {
            if($grantedSiteCollectionAdmin)
            {
                # remove the temporary admin rights to the site collection
                Set-SPOUser -Site $script:clientContext.Site.Url -LoginName $o365TenantAdminCredential.UserName -IsSiteCollectionAdmin $false | Out-Null
            }
       }
    }

Disconnect-SPOService -ErrorAction SilentlyContinue