Office 365: Configuração para clientes e serviços online utilizar o serviço Azure Rights ManagementOffice 365: Configuration for clients and online services to use the Azure Rights Management service

Aplica-se a: Azure Information Protection, Office 365Applies to: Azure Information Protection, Office 365

Como o Office 365 suporta nativamente o serviço Azure Rights Management do Azure Information Protection, nenhuma configuração de computador cliente é necessária para suportar as funcionalidades de gestão (IRM) direitos informações para aplicações como o Word, Excel, PowerPoint, Outlook e Outlook na web.Because Office 365 natively supports the Azure Rights Management service from Azure Information Protection, no client computer configuration is required to support the information rights management (IRM) features for applications such as Word, Excel, PowerPoint, Outlook, and Outlook on the web. Todos os utilizadores têm para o fazer, iniciar sessão nas aplicações do Office com os respetivos Microsoft Office 365Microsoft Office 365 credenciais.All users have to do, is sign in to their Office applications with their Microsoft Office 365Microsoft Office 365 credentials. Em seguida, que podem proteger ficheiros e e-mails e utilizar ficheiros e e-mails que foram protegidos por outras pessoas.Then, they can protect files and emails, and use files and emails that have been protected by others.

No entanto, recomendamos que complemente estas aplicações com o cliente do Azure Information Protection para que os utilizadores possam beneficiar do suplemento do Office e do suporte para tipos de ficheiros adicionais.However, we recommend that you supplement these applications with the Azure Information Protection client, so that users get the benefit of the Office add-in and support for additional file types. Para obter mais informações, veja Cliente do Azure Information Protection: instalação e configuração para clientes.For more information, see Azure Information Protection client: Installation and configuration for clients.

Exchange Online: configuração de IRMExchange Online: IRM Configuration

Para obter mais informações sobre como o IRM do Exchange Online funciona com o serviço Azure Rights Management, veja Exchange Online e Exchange Server, na secção Compreender e explorar.For information about how Exchange Online IRM works with the Azure Rights Management service, see Exchange Online and Exchange Server from the Understand & Explore section.

Para configurar o Exchange Online para suportar o serviço Azure Rights Management, tem de configurar o serviço de gestão de direitos de informação (IRM) para o Exchange Online.To configure Exchange Online to support the Azure Rights Management service, you must configure the information rights management (IRM) service for Exchange Online. Para isso, tem de utilizar o Windows PowerShell (não é necessário instalar um módulo separado) e executar os comandos do PowerShell para o Exchange Online.To do this, you use Windows PowerShell (no need to install a separate module), and run PowerShell commands for Exchange Online.

Nota

Atualmente, não pode configurar o Exchange Online para suportar o serviço Azure Rights Management se estiver a utilizar uma chave de inquilino gerida pelo cliente (BYOK) para o Azure Information Protection, em vez da configuração predefinida de uma chave de inquilino gerida pela Microsoft.You cannot currently configure Exchange Online to support the Azure Rights Management service if you are using a customer-managed tenant key (BYOK) for Azure Information Protection, rather than the default configuration of a Microsoft-managed tenant key. Para obter mais informações, veja Preços e restrições do BYOK.For more information, see BYOK pricing and restrictions.

Se tentar configurar o Exchange Online quando o serviço Azure Rights Management está a utilizar o BYOK, o comando para importar a chave (passo 5 no procedimento seguinte) falhará com a mensagem de erro [FailureCategory=Cmdlet-FailedToGetTrustedPublishingDomainFromRmsOnlineException].If you try to configure Exchange Online when the Azure Rights Management service is using BYOK, the command to import the key (step 5, in the following procedure) fails with the error message [FailureCategory=Cmdlet-FailedToGetTrustedPublishingDomainFromRmsOnlineException].

Os passos seguintes fornecem um conjunto típico de comandos que executaria para ativar o Exchange Online de forma a utilizar o serviço Azure Rights Management:The following steps provide a typical set of commands that you would run to enable Exchange Online to use the Azure Rights Management service:

  1. Se esta é a primeira vez que utiliza o Windows PowerShell para o Exchange Online no seu computador, tem de configurar o Windows PowerShell para executar scripts assinados.If this is the first time that you have used Windows PowerShell for Exchange Online on your computer, you must configure Windows PowerShell to run signed scripts. Inicie sessão do Windows PowerShell através da opção Executar como administrador e, em seguida, escreva:Start your Windows PowerShell session by using the Run as administrator option, and then type:

    Set-ExecutionPolicy RemoteSigned
    
  2. Na sessão do Windows PowerShell, inicie sessão no Exchange Online com uma conta ativada para acesso remoto à Shell.In your Windows PowerShell session, sign in to Exchange Online by using an account that is enabled for remote Shell access. Por predefinição, todas as contas criadas no Exchange Online têm o acesso remoto à Shell ativado, embora possa desativar (e ativar) esta funcionalidade através do comando Set-User <UserIdentity> -RemotePowerShellEnabled.By default, all accounts that are created in Exchange Online are enabled for remote Shell access but this can be disabled (and enabled) by using the Set-User <UserIdentity> -RemotePowerShellEnabled command.

    Para iniciar sessão, escreva:To sign in, type:

    $UserCredential = Get-Credential
    

    Na caixa de diálogo Pedido de Credencial do Windows PowerShell, forneça o seu nome de utilizador e palavra-passe do Office 365.In the Windows PowerShell credential request dialog box, supply your Office 365 user name and password.

  3. Execute os dois comandos seguintes para ligar ao serviço Exchange Online:Connect to the Exchange Online service by running the following two commands:

    $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection
    
    Import-PSSession $Session
    
  4. Especifique a localização da chave de inquilino do Azure Information Protection, em conformidade com a localização onde foi criado o inquilino da sua organização:Specify the location of the Azure Information Protection tenant key, according to according to where your organization's tenant was created:

    Para a América do NorteFor North America:

    Set-IRMConfiguration -RMSOnlineKeySharingLocation "https://sp-rms.na.aadrm.com/TenantManagement/ServicePartner.svc"
    

    Para a Europa:For Europe:

    Set-IRMConfiguration -RMSOnlineKeySharingLocation "https://sp-rms.eu.aadrm.com/TenantManagement/ServicePartner.svc"
    

    Para a Ásia:For Asia:

    Set-IRMConfiguration -RMSOnlineKeySharingLocation "https://sp-rms.ap.aadrm.com/TenantManagement/ServicePartner.svc"
    

    Para a América do Sul:For South America:

    Set-IRMConfiguration -RMSOnlineKeySharingLocation "https://sp-rms.sa.aadrm.com/TenantManagement/ServicePartner.svc"
    

    Para o Office 365 Administração Pública (Government Community Cloud):For Office 365 Government (Government Community Cloud):

    Set-IRMConfiguration -RMSOnlineKeySharingLocation "https://sp-rms.govus.aadrm.com/TenantManagement/ServicePartner.svc"
    
  5. Importe dados de configuração do serviço Azure Rights Management para o Exchange Online sob a forma de um domínio de publicação fidedigno (TPD).Import configuration data from the Azure Rights Management service to Exchange Online, in the form of the trusted publishing domain (TPD). Isto inclui a chave de inquilino do Azure Information Protection e modelos do Azure Rights Management:This includes the Azure Information Protection tenant key and Azure Rights Management templates:

    Import-RMSTrustedPublishingDomain -RMSOnline -name "RMS Online"
    

    Neste comando, utilizámos o nome RMS Online como nome base do TPD para o Azure Rights Management no Exchange Online.In this command, we used the name of RMS Online for the base name of the TPD for Azure Rights Management in Exchange Online. Após a importação do TPD, terá o nome RMS Online – 1 no Exchange Online.After the TPD is imported, it is named RMS Online - 1 in Exchange Online.

  6. Ative a funcionalidade do Azure Rights Management para que as funcionalidades da IRM estejam disponíveis no Exchange Online:Enable the Azure Rights Management functionality so that IRM features are available for Exchange Online:

    Set-IRMConfiguration -InternalLicensingEnabled $true
    

    Após executar este comando, o Rights Management é automaticamente ativado para o cliente do Outlook, o Outlook Web App e o Exchange Active Sync.After running this command, Rights Management is automatically enabled for the Outlook client, the Outlook Web app, and Exchange Active Sync.

  7. Opcionalmente, pode testar se esta configuração tem êxito através do seguinte comando:Optionally, test that this configuration is successful by using the following command:

    Test-IRMConfiguration -Sender <user email address>
    

    Por exemplo: Test-IRMConfiguration -Sender adams@contoso.comFor example: Test-IRMConfiguration -Sender adams@contoso.com

    Este comando executa um conjunto de verificações que inclui a verificação da conectividade ao serviço, a obtenção da configuração, a obtenção de URIs, licenças e modelos.This command runs a series of checks that includes verifying connectivity to the service, retrieving the configuration, retrieving URIs, licenses, and any templates. Na sessão do Windows PowerShell, verá os resultados de cada verificação e, no final, se nenhuma delas encontrar problemas, verá a mensagem: RESULTADO GERAL: APROVADOIn the Windows PowerShell session, you will see the results of each and at the end, if everything passes these checks: OVERALL RESULT: PASS

  8. Desligue a sua sessão remota do PowerShell:Disconnect your remote PowerShell session:

    Remove-PSSession $Session
    

Agora, os utilizadores podem proteger as suas mensagens de e-mail através do serviço Azure Rights Management.Users can now protect their email messages by using the Azure Rights Management service. Por exemplo, no Outlook Web App, selecione Definir permissões no menu expandido (...) e, em seguida, selecione Não Reencaminhar ou um dos modelos disponíveis para aplicar a proteção da informação à mensagem de e-mail e respetivos anexos.For example, in the Outlook Web App, select Set permissions from the extended menu (...), and then choose Do Not Forward or one of the available templates to apply information protection to the email message and any attachments. Contudo, como o Outlook Web App coloca a IU em cache durante um dia, espere que este período de tempo termine antes de tentar aplicar a proteção da informação às mensagens de e-mail e depois de executar estes comandos de configuração.However, because the Outlook Web App caches the UI for a day, wait for this time period to elapse before you try applying information protection to email messages and after running these configuration commands. Antes da atualização da IU para refletir a nova configuração, não verá nenhuma opção no menu Definir permissões.Before the UI updates to reflect the new configuration, you will not see any options from the Set permissions menu.

Importante

Se criar ou atualizar modelos para o Azure Rights Management, cada vez, tem de executar o seguinte Exchange Ogit adicionar .nline comando do PowerShell (se necessário, execute os passos 2 e 3 primeiro) para sincronizar estas alterações para o Exchange Online:Import-RMSTrustedPublishingDomain -Name "RMS Online - 1" -RefreshTemplates –RMSOnlineIf you create or update templates for Azure Rights Management, each time, you must run the following Exchange Ogit add .nline PowerShell command (if necessary, run steps 2 and 3 first) to synchronize these changes to Exchange Online: Import-RMSTrustedPublishingDomain -Name "RMS Online - 1" -RefreshTemplates –RMSOnline

Como administrador do Exchange, já pode configurar funcionalidades que apliquem automaticamente a proteção da informação, como, por exemplo, regras de transporte, políticas de prevenção de perda de dados (DLP) e voice mail protegido (Unified Messaging).As an Exchange administrator, you can now configure features that apply information protection automatically, such as transport rules, data loss prevention (DLP) policies, and protected voice mail (Unified Messaging).

Para obter instruções detalhadas para configurar o Exchange Online de forma a ativar a funcionalidade IRM, consulte a documentação na biblioteca do Exchange.For detailed instructions to configure Exchange Online to enable IRM functionality, see the documentation in the Exchange library. Por exemplo:For example:

Encriptação de Mensagens do Office 365Office 365 Message Encryption

Execute os mesmos passos conforme indicado na secção anterior. Contudo, se não quiser que os modelos sejam apresentados, antes de chegar ao passo 6, execute o comando seguinte para impedir que os modelos IRM estejam disponíveis no Outlook Web App e no cliente do Outlook: Set-IRMConfiguration -ClientAccessServerEnabled $falseRun the same steps as documented in the previous section, but if you don't want templates to be displayed, before step 6, run the following command to prevent IRM templates from being available in the Outlook Web App and Outlook client: Set-IRMConfiguration -ClientAccessServerEnabled $false

Em seguida, estará pronto para configurar regras de transporte, para modificar automaticamente a segurança da mensagem quando os destinatários estão fora da organização, e selecionar a opção Aplicar a Encriptação de Mensagens do Office 365.Then, you're ready to configure transport rules to automatically modify the message security when recipients are located outside the organization, and select the Apply Office 365 Message Encryption option.

Para obter mais informações sobre a encriptação de mensagens, veja Encryption in Office 365 (Encriptação no Office 365 – em inglês) na biblioteca do Exchange.For more information about message encryption, see Encryption in Office 365 in the Exchange library.

SharePoint Online e OneDrive para Empresas: configuração de IRMSharePoint Online and OneDrive for Business: IRM Configuration

Para obter mais informações sobre como o IRM do SharePoint Online funciona com o serviço do Azure Rights Management, veja SharePoint Online e SharePoint Server, na secção Compreender e explorar.For information about how SharePoint Online IRM works with the Azure Rights Management service, see SharePoint Online and SharePoint Server from the Understand & Explore section.

Para configurar o SharePoint Online e o OneDrive para Empresas para suportar o serviço Azure Rights Management, primeiro tem de ativar o serviço de gestão de direitos de informação (IRM) para o SharePoint Online através do centro de administração do SharePoint.To configure SharePoint Online and OneDrive for Business to support the Azure Rights Management service, you must first enable the information rights management (IRM) service for SharePoint Online by using the SharePoint admin center. Assim, os proprietários de sites podem proteger as respetivas listas e bibliotecas de documentos do SharePoint com IRM e, além disso, os utilizadores podem proteger a respetiva biblioteca do OneDrive para Empresas com a IRM, para que os documentos aí guardados e partilhados com outras pessoas sejam automaticamente protegidos pelo serviço Azure Rights Management.Then, site owners can IRM-protect their SharePoint lists and document libraries, and users can IRM-protect their OneDrive for Business library so that documents that are saved there, and shared with others, are automatically protected by the Azure Rights Management service.

Nota

As bibliotecas protegidas por IRM para o SharePoint e OneDrive para Empresas não suportam o novo cliente de sincronização do OneDrive (OneDrive.exe).IRM-protected libraries for SharePoint and OneDrive for Business do not currently support the new OneDrive sync client (OneDrive.exe). Para utilizar a proteção IRM com as suas bibliotecas do SharePoint e com o OneDrive para Empresas, utilize o cliente de sincronização mais antigo, o cliente de sincronização do OneDrive para Empresas (Groove.exe).To use IRM protection with your SharePoint libraries and OneDrive for Business, use the older sync client, OneDrive for Business sync client (Groove.exe). Ambas as versões de clientes podem ser executadas ao mesmo tempo.Both versions of the clients can run at the same time. Para obter mais informações, veja Restrições e limitações ao sincronizar ficheiros e pastas.For more information, see Restrictions and limitations when you sync files and folders.

Para ativar o serviço de gestão de direitos de informação (IRM) para o SharePoint Online, consulte as seguintes instruções a partir do site do Office:To enable the information rights management (IRM) service for SharePoint Online, see the following instructions from the Office website:

Esta configuração é efetuada pelo administrador do Office 365.This configuration is done by the Office 365 administrator.

Configurar a IRM para listas e bibliotecasConfiguring IRM for libraries and lists

Após ativar o serviço de IRM para o SharePoint, os proprietários de sites podem proteger as respetivas listas e bibliotecas de documentos do SharePoint com a IRM.After you have enabled the IRM service for SharePoint, site owners can IRM-protect their SharePoint document libraries and lists. Para obter instruções, consulte o seguinte a partir do site do Office:For instructions, see the following from the Office website:

Esta configuração é efetuada pelo administrador do site do SharePoint.This configuration is done by the SharePoint site administrator.

Configurar a IRM para o OneDrive para EmpresasConfiguring IRM for OneDrive for Business

Após ativar o serviço de IRM para o SharePoint Online, a biblioteca de documentos do OneDrive para Empresas dos utilizadores pode ser configurada para a proteção Rights Management.After you have enabled the IRM service for SharePoint Online, users' OneDrive for Business document library can then be configured for Rights Management protection. Os próprios utilizadores podem configurar isto através do ícone Definições no respetivo OneDrive.Users can configure this for themselves by using the Settings icon in their OneDrive. Embora os administradores não possam configurar o Rights Management para o OneDrive para Empresas dos utilizadores através do centro de administração do SharePoint, o utilizador pode fazê-lo através do Windows PowerShell.Although administrators cannot configure Rights Management for users' OneDrive for Business by using the SharePoint admin center, you can do this by using Windows PowerShell.

Nota

Para obter mais informações sobre como configurar o OneDrive para Empresas, consulte a documentação do Office, Configurar o OneDrive para Empresas no Office 365.For more information about configuring OneDrive for Business, see the Office documentation, Set up OneDrive for Business in Office 365.

Configuração para os utilizadoresConfiguration for users

Dê estas instruções aos utilizadores para que possam configurar o OneDrive para Empresas e proteger os respetivos ficheiros empresariais com IRM.Give users these instructions so that they can configure their OneDrive for Business and IRM-protect their business files.

  1. No OneDrive, clique no ícone Definições para abrir o menu Definições e, em seguida, clique em Conteúdos do Site.In OneDrive, click the Settings icon, to open the Settings menu, and then click Site Contents.

  2. Paire o rato sobre o mosaico Documentos, selecione as reticências (...) e, em seguida, clique em DEFINIÇÕES.Hover on the Documents tile, chose the ellipses (...), and then click SETTINGS.

  3. Na página Definições, na secção Permissões e Gestão, clique em Gestão de Direitos de Informação.On the Settings page, in the Permissions and Management section, click Information Rights Management.

  4. Na página Definições de Gestão de Direitos de Informação, selecione a caixa de verificação Restringir as permissões nesta biblioteca durante a transferência, especifique a sua escolha de nome e uma descrição para as permissões e, opcionalmente, clique em MOSTRAR OPÇÕES para definir configurações opcionais e, em seguida, clique em OK.On the Information Rights Management Settings page, select Restrict permissions on this library on download check box, specify your choice of name and a description for the permissions, and optionally, click SHOW OPTIONS to configure optional configurations, and then click OK.

    Para obter mais informações sobre as opções de configuração, consulte as instruções em Aplicar a Gestão de Direitos de Informação a uma lista ou biblioteca na documentação do Office.For more information about the configuration options, see the instructions in Apply Information Rights Management to a list or library from the Office documentation.

Como esta configuração se baseia nos utilizadores em vez de num administrador para proteger a respetiva biblioteca do OneDrive para Empresas com a IRM, informe-os sobre os benefícios de proteger os seus ficheiros e sobre como proceder nesse sentido.Because this configuration relies on users rather than an administrator to IRM-protect their OneDrive for Business library, educate users about the benefits of protecting their files and how to do this. Por exemplo, explique aos utilizadores que, quando partilharem um documento do OneDrive para Empresas, apenas as pessoas a quem concederem autorização poderão aceder ao mesmo, com as restrições que configurarem, mesmo que o nome e a localização do ficheiro tenham sido alterados.For example, explain that when they share a document from OneDrive for Business, only people they authorize can access it with any restrictions that they configure, even if the file is renamed and copied somewhere else.

Configuração para administradoresConfiguration for administrators

Embora não possa configurar a IRM para o OneDrive para Empresas dos utilizadores através do centro de administração do SharePoint, pode fazê-lo através do Windows PowerShell.Although you cannot configure IRM for users' OneDrive for Business by using the SharePoint admin center, you can do this by using Windows PowerShell. Para ativar a IRM para estas bibliotecas, siga estes passos:To enable IRM for these libraries, follow these steps:

  1. Transfira e instale o SDK de Componentes de Cliente do SharePoint Online.Download and install the SharePoint Online Client Components SDK.

  2. Transfira e instale a Shell de Gestão do SharePoint Online.Download and install the SharePoint Online Management Shell.

  3. Copie o conteúdo do seguinte script e, no seu computador, dê ao ficheiro o nome Set-IRMOnOneDriveForBusiness.ps1.Copy the contents of the following script and name the file Set-IRMOnOneDriveForBusiness.ps1 on your computer.

    **Exclusão de responsabilidade**: este script de exemplo não é suportado por qualquer serviço ou programa de suporte padrão da Microsoft.**Disclaimer**: This sample script is not supported under any Microsoft standard support program or service. Este script de exemplo é fornecido TAL COMO ESTÁ, sem qualquer tipo de garantia.This sample script is provided AS IS without warranty of any kind.

    # Requires Windows PowerShell version 3
    
    <#
      Description:
    
        Configures IRM policy settings for OneDrive for Business and can also be used for SharePoint Online libraries and lists
    
     Script Installation Requirements:
    
       SharePoint Online Client Components SDK
       https://www.microsoft.com/en-us/download/details.aspx?id=42038
    
       SharePoint Online Management Shell
       https://www.microsoft.com/en-us/download/details.aspx?id=35588
    
    ======
    #>
    
    # URL will be in the format https://<tenant-name>-admin.sharepoint.com
    $sharepointAdminCenterUrl = "https://contoso-admin.sharepoint.com"
    
    $tenantAdmin = "admin@contoso.com"
    
    $webUrls = @("https://contoso-my.sharepoint.com/personal/user1_contoso_com",
                 "https://contoso-my.sharepoint.com/personal/user2_contoso_com",
                 "https://contoso-my.sharepoint.com/personal/user3_contoso_com")
    
    <# As an alternative to specifying the URLs as an array, you can import them from a CSV file (no header, single value per row).
       Then, use: $webUrls = Get-Content -Path "File_path_and_name.csv"
    
    #>
    
    $listTitle = "Documents"
    
    function Load-SharePointOnlineClientComponentAssemblies
    {
        [cmdletbinding()]
        param()
    
        process
        {
            # assembly location: C:\Program Files\Common Files\microsoft shared\Web Server Extensions\16\ISAPI
            try
            {
                Write-Verbose "Loading Assembly: Microsoft.Office.Client.Policy, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
                [System.Reflection.Assembly]::Load("Microsoft.Office.Client.Policy, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null
    
                Write-Verbose "Loading Assembly: Microsoft.Office.Client.TranslationServices, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
                [System.Reflection.Assembly]::Load("Microsoft.Office.Client.TranslationServices, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null
    
                Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
                [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null
    
                Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client.DocumentManagement, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
                [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client.DocumentManagement, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null
    
                Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client.Publishing, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
                [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client.Publishing, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null
    
                Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client.Runtime, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
                [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client.Runtime, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null
    
                Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client.Search.Applications, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
                [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client.Search.Applications, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null
    
                Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client.Search, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
                [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client.Search, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null
    
                Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client.Taxonomy, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
                [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client.Taxonomy, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null
    
                Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client.UserProfiles, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
                [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client.UserProfiles, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null
    
                return $true
            }
            catch
            {
                if($_.Exception.Message -match "Could not load file or assembly")
                {
                    Write-Error -Message "Unable to load the SharePoint Server 2013 Client Components.`nDownload Location: http://www.microsoft.com/en-us/download/details.aspx?id=42038"
                }
                else
                {
                    Write-Error -Exception $_.Exception
                }
                return $false
            }
        }
    }
    
    function Load-SharePointOnlineModule
    {
        [cmdletbinding()]
        param()
    
        process
        {
            do
            {
                # Installation location: C:\Program Files\SharePoint Online Management Shell\Microsoft.Online.SharePoint.PowerShell
                $spoModule = Get-Module -Name Microsoft.Online.SharePoint.PowerShell -ErrorAction SilentlyContinue
    
                if(-not $spoModule)
                {
                    try
                    {
                        Import-Module Microsoft.Online.SharePoint.PowerShell -DisableNameChecking
                        return $true
                    }
                    catch
                    {
                        if($_.Exception.Message -match "Could not load file or assembly")
                        {
                            Write-Error -Message "Unable to load the SharePoint Online Management Shell.`nDownload Location: http://www.microsoft.com/en-us/download/details.aspx?id=35588"
                        }
                        else
                        {
                            Write-Error -Exception $_.Exception
                        }
                        return $false
                    }
                }
                else
                {
                    return $true
                }
            }
            while(-not $spoModule)
        }
    }
    
    function Set-IrmConfiguration
    {
        [cmdletbinding()]
        param(
            [parameter(Mandatory=$true)][Microsoft.SharePoint.Client.List]$List,
            [parameter(Mandatory=$true)][string]$PolicyTitle,
            [parameter(Mandatory=$true)][string]$PolicyDescription,
            [parameter(Mandatory=$false)][switch]$IrmReject,
            [parameter(Mandatory=$false)][DateTime]$ProtectionExpirationDate,
            [parameter(Mandatory=$false)][switch]$DisableDocumentBrowserView,
            [parameter(Mandatory=$false)][switch]$AllowPrint,
            [parameter(Mandatory=$false)][switch]$AllowScript,
            [parameter(Mandatory=$false)][switch]$AllowWriteCopy,
            [parameter(Mandatory=$false)][int]$DocumentAccessExpireDays,
            [parameter(Mandatory=$false)][int]$LicenseCacheExpireDays,
            [parameter(Mandatory=$false)][string]$GroupName
        )
    
        process
        {
            Write-Verbose "Applying IRM Configuration on '$($List.Title)'"
    
            # reset the value to the default settings
            $list.InformationRightsManagementSettings.Reset()
    
            $list.IrmEnabled = $true
    
            # IRM Policy title and description
    
                $list.InformationRightsManagementSettings.PolicyTitle       = $PolicyTitle
                $list.InformationRightsManagementSettings.PolicyDescription = $PolicyDescription
    
            # Set additional IRM library settings
    
                # Do not allow users to upload documents that do not support IRM
                $list.IrmReject = $IrmReject.IsPresent
    
                $parsedDate = Get-Date
                if([DateTime]::TryParse($ProtectionExpirationDate, [ref]$parsedDate))
                {
                    # Stop restricting access to the library at <date>
                    $list.IrmExpire = $true
                    $list.InformationRightsManagementSettings.DocumentLibraryProtectionExpireDate = $ProtectionExpirationDate
                }
    
                # Prevent opening documents in the browser for this Document Library
                $list.InformationRightsManagementSettings.DisableDocumentBrowserView = $DisableDocumentBrowserView.IsPresent
    
            # Configure document access rights
    
                # Allow viewers to print
                $list.InformationRightsManagementSettings.AllowPrint = $AllowPrint.IsPresent
    
                # Allow viewers to run script and screen reader to function on downloaded documents
                $list.InformationRightsManagementSettings.AllowScript = $AllowScript.IsPresent
    
                # Allow viewers to write on a copy of the downloaded document
                $list.InformationRightsManagementSettings.AllowWriteCopy = $AllowWriteCopy.IsPresent
    
                if($DocumentAccessExpireDays)
                {
                    # After download, document access rights will expire after these number of days (1-365)
                    $list.InformationRightsManagementSettings.EnableDocumentAccessExpire = $true
                    $list.InformationRightsManagementSettings.DocumentAccessExpireDays   = $DocumentAccessExpireDays
                }
    
            # Set group protection and credentials interval
    
                if($LicenseCacheExpireDays)
                {
                    # Users must verify their credentials using this interval (days)
                    $list.InformationRightsManagementSettings.EnableLicenseCacheExpire = $true
                    $list.InformationRightsManagementSettings.LicenseCacheExpireDays   = $LicenseCacheExpireDays
                }
    
                if($GroupName)
                {
                    # Allow group protection. Default group:
                    $list.InformationRightsManagementSettings.EnableGroupProtection = $true
                    $list.InformationRightsManagementSettings.GroupName             = $GroupName
                }
        }
        end
        {
            if($list)
            {
                Write-Verbose "Committing IRM configuration settings on '$($list.Title)'"
                $list.InformationRightsManagementSettings.Update()
                $list.Update()
                $script:clientContext.Load($list)
                $script:clientContext.ExecuteQuery()
            }
        }
    }
    
    function Get-CredentialFromCredentialCache
    {
        [cmdletbinding()]
        param([string]$CredentialName)
    
        #if( Test-Path variable:\global:CredentialCache )
        if( Get-Variable O365TenantAdminCredentialCache -Scope Global -ErrorAction SilentlyContinue )
        {
            if($global:O365TenantAdminCredentialCache.ContainsKey($CredentialName))
            {
                Write-Verbose "Credential Cache Hit: $CredentialName"
                return $global:O365TenantAdminCredentialCache[$CredentialName]
            }
        }
        Write-Verbose "Credential Cache Miss: $CredentialName"
        return $null
    }
    
    function Add-CredentialToCredentialCache
    {
        [cmdletbinding()]
        param([System.Management.Automation.PSCredential]$Credential)
    
        if(-not (Get-Variable CredentialCache -Scope Global -ErrorAction SilentlyContinue))
        {
            Write-Verbose "Initializing the Credential Cache"
            $global:O365TenantAdminCredentialCache = @{}
        }
    
        Write-Verbose "Adding Credential to the Credential Cache"
        $global:O365TenantAdminCredentialCache[$Credential.UserName] = $Credential
    }
    
    # load the required assemblies and Windows PowerShell modules
    
        if(-not ((Load-SharePointOnlineClientComponentAssemblies) -and (Load-SharePointOnlineModule)) ) { return }
    
    # Add the credentials to the client context and SharePoint Online service connection
    
        # check for cached credentials to use
        $o365TenantAdminCredential = Get-CredentialFromCredentialCache -CredentialName $tenantAdmin
    
        if(-not $o365TenantAdminCredential)
        {
            # when credentials are not cached, prompt for the tenant admin credentials
            $o365TenantAdminCredential = Get-Credential -UserName $tenantAdmin -Message "Enter the password for the Office 365 admin"
    
            if(-not $o365TenantAdminCredential -or -not $o365TenantAdminCredential.UserName -or $o365TenantAdminCredential.Password.Length -eq 0 )
            {
                Write-Error -Message "Could not validate the supplied tenant admin credentials"
                return
            }
    
            # add the credentials to the cache
            Add-CredentialToCredentialCache -Credential $o365TenantAdminCredential
        }
    
    # connect to Office365 first, required for SharePoint Online cmdlets to run
    
        Connect-SPOService -Url $sharepointAdminCenterUrl -Credential $o365TenantAdminCredential
    
    # enumerate each of the specified site URLs
    
        foreach($webUrl in $webUrls)
        {
            $grantedSiteCollectionAdmin = $false
    
            try
            {
                # establish the client context and set the credentials to connect to the site
                $script:clientContext = New-Object Microsoft.SharePoint.Client.ClientContext($webUrl)
                $script:clientContext.Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($o365TenantAdminCredential.UserName, $o365TenantAdminCredential.Password)
    
                # initialize the site and web context
                $script:clientContext.Load($script:clientContext.Site)
                $script:clientContext.Load($script:clientContext.Web)
                $script:clientContext.ExecuteQuery()
    
                # load and ensure the tenant admin user account if present on the target SharePoint site
                $tenantAdminUser = $script:clientContext.Web.EnsureUser($o365TenantAdminCredential.UserName)
                $script:clientContext.Load($tenantAdminUser)
                $script:clientContext.ExecuteQuery()
    
                # check if the tenant admin is a site admin
                if( -not $tenantAdminUser.IsSiteAdmin )
                {
                    try
                    {
                        # grant the tenant admin temporary admin rights to the site collection
                        Set-SPOUser -Site $script:clientContext.Site.Url -LoginName $o365TenantAdminCredential.UserName -IsSiteCollectionAdmin $true | Out-Null
                        $grantedSiteCollectionAdmin = $true
                    }
                    catch
                    {
                        Write-Error $_.Exception
                        return
                    }
                }
    
                try
                {
                    # load the list orlibrary using CSOM
    
                    $list = $null
                    $list = $script:clientContext.Web.Lists.GetByTitle($listTitle)
                    $script:clientContext.Load($list)
                    $script:clientContext.ExecuteQuery()
    
                    # **************  ADMIN INSTRUCTIONS  **************
                    # If necessary, modify the following Set-IrmConfiguration parameters to match your required values
                    # The supplied options and values are for example only
                    # Example that shows the Set-IrmConfiguration command with all parameters: Set-IrmConfiguration -List $list -PolicyTitle "Protected Files" -PolicyDescription "This policy restricts access to authorized users" -IrmReject -ProtectionExpirationDate $(Get-Date).AddDays(180) -DisableDocumentBrowserView -AllowPrint -AllowScript -AllowWriteCopy -LicenseCacheExpireDays 25 -DocumentAccessExpireDays 90
    
                    Set-IrmConfiguration -List $list -PolicyTitle "Protected Files" -PolicyDescription "This policy restricts access to authorized users"  
                }
                catch
                {
                    Write-Error -Message "Error setting IRM configuration on site: $webUrl.`nError Details: $($_.Exception.ToString())"
                }
           }
           finally
           {
                if($grantedSiteCollectionAdmin)
                {
                    # remove the temporary admin rights to the site collection
                    Set-SPOUser -Site $script:clientContext.Site.Url -LoginName $o365TenantAdminCredential.UserName -IsSiteCollectionAdmin $false | Out-Null
                }
           }
        }
    
    Disconnect-SPOService -ErrorAction SilentlyContinue
    
  4. Reveja o script e efetue as seguintes alterações:Review the script and make the following changes:

    1. Procure o $sharepointAdminCenterUrl e substitua o valor de exemplo pelo seu próprio URL do centro de administração do SharePoint.Search for $sharepointAdminCenterUrl and replace the example value with your own SharePoint admin center URL.

      Pode encontrar este valor como o URL de base ao aceder ao centro de administração do SharePoint, com o seguinte formato: https://<nome_de_inquilino>-admin.sharepoint.comYou'll find this value as the base URL when you go into the SharePoint admin center, and it has the following format: https://<tenant_name>-admin.sharepoint.com

      Por exemplo, se o nome do inquilino for "contoso", tem de especificar: https://contoso-admin.sharepoint.comFor example, if the tenant name is "contoso", then you would specify: https://contoso-admin.sharepoint.com

    2. Procure o $tenantAdmin e substitua o valor de exemplo pela sua própria conta de administrador global completamente qualificado do Office 365.Search for $tenantAdmin and replace the example value with your own fully qualified global administrator account for Office 365.

      Este valor é o mesmo que utiliza para iniciar sessão no portal de administração do Office 365 como administrador global e tem o seguinte formato: nome_de_utilizador@<nome de domínio do inquilino>.comThis value is the same as the one you use to sign in to the Office 365 admin portal as the global administrator and has the following format: user_name@<tenant domain name>.com

      Por exemplo, se o nome de utilizador de administrador global do Office 365 for "admin" para o domínio de inquilino "contoso.com", tem de especificar: admin@contoso.comFor example, if the Office 365 global administrator user name is "admin" for the "contoso.com" tenant domain, you would specify: admin@contoso.com

    3. Procure os $webUrls e substitua os valores de exemplo pelos URLs da Web do OneDrive para Empresas dos seus utilizadores, adicionando ou eliminando tantas entradas quantas for necessário.Search for $webUrls and replace the example values with your users' OneDrive for Business web URLs, adding or deleting as many entries as you need.

      Em alternativa, veja os comentários no script sobre como substituir esta matriz ao importar um ficheiro .CSV que contenha todos os URLs que tem de configurar.Alternatively, see the comments in the script about how to replace this array by importing a .CSV file that contains all the URLs you need to configure. Fornecemos outro script de exemplo que permite procurar e extrair automaticamente os URLs para popular este ficheiro .CSV.We've provided another sample script to automatically search for and extract the URLs to populate this .CSV file. Quando estiver pronto para efetuar este procedimento, veja a secção Script adicional para exportar todos os URLs do OneDrive para Empresas para um ficheiro .CSV imediatamente após estes passos.When you're ready to do this, use the Additional script to output all OneDrive for Business URLs to a .CSV file section immediately after these steps.

      O URL da Web do OneDrive para Empresas do utilizador tem o seguinte formato: https://<nome do inquilino>-my.sharepoint.com/personal/<nome_de_utilizador><nome do inquilino>_comThe web URL for the user's OneDrive for Business is in the following format: https://<tenant name>-my.sharepoint.com/personal/<user_name><tenant name>_com

      Por exemplo, se o utilizador no inquilino contoso tiver o nome de utilizador "sferreira", tem de especificar: https://contoso-my.sharepoint.com/personal/sferreira_contoso_comFor example, if the user in the contoso tenant has a user name of "rsimone", you would specify: https://contoso-my.sharepoint.com/personal/rsimone_contoso_com

    4. Uma vez que estamos a utilizar o script para configurar o OneDrive para Empresas, não altere o valor da variável de Documentos$listTitle.Because we are using the script to configure OneDrive for Business, do not change the value of Documents for the $listTitle variable.

    5. Procure as ADMIN INSTRUCTIONS.Search for ADMIN INSTRUCTIONS. Se não efetuar alterações nesta secção, o OneDrive para Empresas do utilizador será configurado para a IRM com o título de política "Ficheiros Protegidos" e a descrição "Esta política restringe o acesso a utilizadores autorizados".If you make no changes to this section, the user's OneDrive for Business will be configured for IRM with the policy title of "Protected Files" and the description of "This policy restricts access to authorized users". Não serão definidas outras opções de IRM, o que provavelmente será o mais adequado para a maioria dos ambientes.No other IRM options will be set, which is probably appropriate for most environments. No entanto, pode alterar o título e a descrição sugeridos para a política, bem como adicionar outras opções de IRM que se adequem ao seu ambiente.However, you can change the suggested policy title and description, and also add any other IRM options that are appropriate for your environment. Consulte o exemplo comentado no script para o ajudar a criar o seu próprio conjunto de parâmetros para o comando Set-IrmConfiguration.See the commented example in the script to help you construct your own set of parameters for the Set-IrmConfiguration command.

  5. Guarde o script e assine-o.Save the script and sign it. Se não assinar o script (mais seguro), tem de configurar o Windows PowerShell no seu computador para executar scripts não assinados.If you do not sign the script (more secure), Windows PowerShell must be configured on your computer to run unsigned scripts. Para o fazer, execute uma sessão do Windows PowerShell com a opção Executar como Administrador e escreva: Set-ExecutionPolicy Unrestricted.To do this, run a Windows PowerShell session with the Run as Administrator option, and type: Set-ExecutionPolicy Unrestricted. No entanto, esta configuração permite executar todos os scripts não assinados (menos seguro).However, this configuration lets all unsigned scripts run (less secure).

    Para obter mais informações sobre como assinar os scripts do Windows PowerShell, veja about_Signing na biblioteca de documentação do PowerShell.For more information about signing Windows PowerShell scripts, see about_Signing in the PowerShell documentation library.

  6. Execute o script e, se lhe for pedido, forneça a palavra-passe da conta de administrador do Office 365.Run the script and if prompted, supply the password for the Office 365 admin account. Se modificar o script e o executar na mesma sessão do Windows PowerShell, não lhe serão pedidas credenciais.If you modify the script and run it in the same Windows PowerShell session, you won't be prompted for credentials.

Dica

Também pode utilizar este script para configurar a IRM para uma biblioteca do SharePoint Online.You can also use this script to configure IRM for a SharePoint Online library. Para esta configuração, recomenda-se que ative a opção adicional Não permitir que os utilizadores carreguem documentos que não suportem a IRM, para se certificar de que a biblioteca contém apenas documentos protegidos.For this configuration, you will likely want to enable the additional option Do not allow users to upload documents that do not support IRM, to ensure that the library contains only protected documents. Para tal, adicione o parâmetro -IrmReject ao comando Set-IrmConfiguration no script.To do that, add the -IrmReject parameter to the Set-IrmConfiguration command in the script.

Também terá de modificar a variável $webUrls (por exemplo, https://contoso.sharepoint.com) e a variável $listTitle (por exemplo, $Reports).You would also need to modify the $webUrls variable (for example, https://contoso.sharepoint.com) and $listTitle variable (for example, $Reports).

Se precisar de desativar a IRM para as bibliotecas do OneDrive para Empresas do utilizador, consulte a secção Script para desativar a IRM para o OneDrive para Empresas.If you need to disable IRM for user's OneDrive for Business libraries, see the Script to disable IRM for OneDrive for Business section.

Script adicional para exportar todos os URLs do OneDrive para Empresas para um ficheiro .CSVAdditional script to output all OneDrive for Business URLs to a .CSV file

No passo 4c acima, pode utilizar o seguinte script do Windows PowerShell para extrair os URLs de todas as bibliotecas do OneDrive para Empresas dos utilizadores, os quais pode verificar e, se necessário, editar e, em seguida, importar para o script principal.For step 4c above, you can use the following Windows PowerShell script to extract the URLs for all users' OneDrive for Business libraries, which you can then check, edit if necessary, and then import into the main script.

Este script também requer o SDK de Componentes de Cliente do SharePoint Online e a Shell de Gestão do SharePoint Online.This script also requires the SharePoint Online Client Components SDK and the SharePoint Online Management Shell. Siga as mesmas instruções para o copiar e colar, guarde o ficheiro localmente (por exemplo, "Report-OneDriveForBusinessSiteInfo.ps1"), modifique os valores $sharepointAdminCenterUrl e $tenantAdmin como fez anteriormente e, em seguida, execute o script.Follow the same instructions to copy and paste it, save the file locally (for example, "Report-OneDriveForBusinessSiteInfo.ps1"), modify the $sharepointAdminCenterUrl and $tenantAdmin values as before, and then run the script.

**Exclusão de responsabilidade**: este script de exemplo não é suportado por qualquer serviço ou programa de suporte padrão da Microsoft.**Disclaimer**: This sample script is not supported under any Microsoft standard support program or service. Este script de exemplo é fornecido TAL COMO ESTÁ, sem qualquer tipo de garantia.This sample script is provided AS IS without warranty of any kind.

# Requires Windows PowerShell version 3

<#
  Description:

    Queries the search service of an Office 365 tenant to retrieve all OneDrive for Business sites.  
    Details of the discovered sites are written to a .CSV file (by default,"OneDriveForBusinessSiteInfo_<date>.csv").

 Script Installation Requirements:

   SharePoint Online Client Components SDK
   http://www.microsoft.com/en-us/download/details.aspx?id=42038

   SharePoint Online Management Shell
   http://www.microsoft.com/en-us/download/details.aspx?id=35588

======
#>

# URL will be in the format https://<tenant-name>-admin.sharepoint.com
$sharepointAdminCenterUrl = "https://contoso-admin.sharepoint.com"

$tenantAdmin = "admin@contoso.onmicrosoft.com"                           

$reportName = "OneDriveForBusinessSiteInfo_$((Get-Date).ToString("yyyy-MM-dd_hh.mm.ss")).csv"

$oneDriveForBusinessSiteUrls= @()
$resultsProcessed = 0

function Load-SharePointOnlineClientComponentAssemblies
{
    [cmdletbinding()]
    param()

    process
    {
        # assembly location: C:\Program Files\Common Files\microsoft shared\Web Server Extensions\16\ISAPI
        try
        {
            Write-Verbose "Loading Assembly: Microsoft.Office.Client.Policy, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
            [System.Reflection.Assembly]::Load("Microsoft.Office.Client.Policy, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null

            Write-Verbose "Loading Assembly: Microsoft.Office.Client.TranslationServices, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
            [System.Reflection.Assembly]::Load("Microsoft.Office.Client.TranslationServices, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null

            Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
            [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null

            Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client.DocumentManagement, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
            [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client.DocumentManagement, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null

            Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client.Publishing, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
            [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client.Publishing, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null

            Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client.Runtime, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
            [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client.Runtime, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null

            Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client.Search.Applications, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
            [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client.Search.Applications, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null

            Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client.Search, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
            [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client.Search, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null

            Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client.Taxonomy, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
            [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client.Taxonomy, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null

            Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client.UserProfiles, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
            [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client.UserProfiles, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null

            return $true
        }
        catch
        {
            if($_.Exception.Message -match "Could not load file or assembly")
            {
                Write-Error -Message "Unable to load the SharePoint Server 2013 Client Components.`nDownload Location: http://www.microsoft.com/en-us/download/details.aspx?id=42038"
            }
            else
            {
                Write-Error -Exception $_.Exception
            }
            return $false
        }
    }
}

function Load-SharePointOnlineModule
{
    [cmdletbinding()]
    param()

    process
    {
        do
        {
            # Installation location: C:\Program Files\SharePoint Online Management Shell\Microsoft.Online.SharePoint.PowerShell
            $spoModule = Get-Module -Name Microsoft.Online.SharePoint.PowerShell -ErrorAction SilentlyContinue

            if(-not $spoModule)
            {
                try
                {
                    Import-Module Microsoft.Online.SharePoint.PowerShell -DisableNameChecking
                    return $true
                }
                catch
                {
                    if($_.Exception.Message -match "Could not load file or assembly")
                    {
                        Write-Error -Message "Unable to load the SharePoint Online Management Shell.`nDownload Location: http://www.microsoft.com/en-us/download/details.aspx?id=35588"
                    }
                    else
                    {
                        Write-Error -Exception $_.Exception
                    }
                    return $false
                }
            }
            else
            {
                return $true
            }
        }
        while(-not $spoModule)
    }
}

function Get-CredentialFromCredentialCache
{
    [cmdletbinding()]
    param([string]$CredentialName)

    #if( Test-Path variable:\global:CredentialCache )
    if( Get-Variable O365TenantAdminCredentialCache -Scope Global -ErrorAction SilentlyContinue )
    {
        if($global:O365TenantAdminCredentialCache.ContainsKey($CredentialName))
        {
            Write-Verbose "Credential Cache Hit: $CredentialName"
            return $global:O365TenantAdminCredentialCache[$CredentialName]
        }
    }
    Write-Verbose "Credential Cache Miss: $CredentialName"
    return $null
}

function Add-CredentialToCredentialCache
{
    [cmdletbinding()]
    param([System.Management.Automation.PSCredential]$Credential)

    if(-not (Get-Variable CredentialCache -Scope Global -ErrorAction SilentlyContinue))
    {
        Write-Verbose "Initializing the Credential Cache"
        $global:O365TenantAdminCredentialCache = @{}
    }

    Write-Verbose "Adding Credential to the Credential Cache"
    $global:O365TenantAdminCredentialCache[$Credential.UserName] = $Credential
}

# load the required assemblies and Windows PowerShell modules

    if(-not ((Load-SharePointOnlineClientComponentAssemblies) -and (Load-SharePointOnlineModule)) ) { return }

# Add the credentials to the client context and SharePoint Online service connection

    # check for cached credentials to use
    $o365TenantAdminCredential = Get-CredentialFromCredentialCache -CredentialName $tenantAdmin

    if(-not $o365TenantAdminCredential)
    {
        # when credentials are not cached, prompt for the tenant admin credentials
        $o365TenantAdminCredential = Get-Credential -UserName $tenantAdmin -Message "Enter the password for the Office 365 admin"

        if(-not $o365TenantAdminCredential -or -not $o365TenantAdminCredential.UserName -or $o365TenantAdminCredential.Password.Length -eq 0 )
        {
            Write-Error -Message "Could not validate the supplied tenant admin credentials"
            return
        }

        # add the credentials to the cache
        Add-CredentialToCredentialCache -Credential $o365TenantAdminCredential
    }

# establish the client context and set the credentials to connect to the site

    $clientContext = New-Object Microsoft.SharePoint.Client.ClientContext($sharepointAdminCenterUrl)
    $clientContext.Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($o365TenantAdminCredential.UserName, $o365TenantAdminCredential.Password)

# run a query against the Office 365 tenant search service to retrieve all OneDrive for Business URLs

    do
    {
        # build the query object
        $query = New-Object Microsoft.SharePoint.Client.Search.Query.KeywordQuery($clientContext)
        $query.TrimDuplicates        = $false
        $query.RowLimit              = 500
        $query.QueryText             = "SPSiteUrl:'/personal/' AND contentclass:STS_Site"
        $query.StartRow              = $resultsProcessed
        $query.TotalRowsExactMinimum = 500000

        # run the query
        $searchExecutor = New-Object Microsoft.SharePoint.Client.Search.Query.SearchExecutor($clientContext)
        $queryResults = $searchExecutor.ExecuteQuery($query)
        $clientContext.ExecuteQuery()

        # enumerate the search results and store the site URLs
        $queryResults.Value[0].ResultRows | % {
            $oneDriveForBusinessSiteUrls += $_.Path
            $resultsProcessed++
        }
    }
    while($resultsProcessed -lt $queryResults.Value.TotalRows)

$oneDriveForBusinessSiteUrls | Out-File -FilePath $reportName
Script para desativar a IRM para o OneDrive para EmpresasScript to disable IRM for OneDrive for Business

Utilize o seguinte script de exemplo caso precise de desativar a IRM do OneDrive para Empresas dos utilizadores.Use the following sample script if you need to disable IRM for users' OneDrive for Business.

Este script também requer o SDK de Componentes de Cliente do SharePoint Online e a Shell de Gestão do SharePoint Online.This script also requires the SharePoint Online Client Components SDK and the SharePoint Online Management Shell. Copie e cole o conteúdo, guarde o ficheiro localmente (por exemplo, "Disable-IRMOnOneDriveForBusiness.ps1") e modifique os valores $sharepointAdminCenterUrl e $tenantAdmin.Copy and paste the contents, save the file locally (for example, "Disable-IRMOnOneDriveForBusiness.ps1"), and modify the $sharepointAdminCenterUrl and $tenantAdmin values. Especifique manualmente os URLs do OneDrive para Empresas ou utilize o script da secção anterior para poder importar os mesmos e, em seguida, execute o script.Manually specify the OneDrive for Business URLs or use the script in the previous section so that you can import these, and then run the script.

**Exclusão de responsabilidade**: este script de exemplo não é suportado por qualquer serviço ou programa de suporte padrão da Microsoft.**Disclaimer**: This sample script is not supported under any Microsoft standard support program or service. Este script de exemplo é fornecido TAL COMO ESTÁ, sem qualquer tipo de garantia.This sample script is provided AS IS without warranty of any kind.

# Requires Windows PowerShell version 3

<#
  Description:

    Disables IRM for OneDrive for Business and can also be used for SharePoint Online libraries and lists

 Script Installation Requirements:

   SharePoint Online Client Components SDK
   http://www.microsoft.com/en-us/download/details.aspx?id=42038

   SharePoint Online Management Shell
   http://www.microsoft.com/en-us/download/details.aspx?id=35588

======
#>

$sharepointAdminCenterUrl = "https://contoso-admin.sharepoint.com"

$tenantAdmin = "admin@contoso.com"

$webUrls = @("https://contoso-my.sharepoint.com/personal/user1_contoso_com",
             "https://contoso-my.sharepoint.com/personal/user2_contoso_com",
             "https://contoso-my.sharepoint.com/personal/person3_contoso_com")

<# As an alternative to specifying the URLs as an array, you can import them from a CSV file (no header, single value per row).
   Then, use: $webUrls = Get-Content -Path "File_path_and_name.csv"

#>

$listTitle = "Documents"

function Load-SharePointOnlineClientComponentAssemblies
{
    [cmdletbinding()]
    param()

    process
    {
        # assembly location: C:\Program Files\Common Files\microsoft shared\Web Server Extensions\16\ISAPI
        try
        {
            Write-Verbose "Loading Assembly: Microsoft.Office.Client.Policy, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
            [System.Reflection.Assembly]::Load("Microsoft.Office.Client.Policy, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null

            Write-Verbose "Loading Assembly: Microsoft.Office.Client.TranslationServices, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
            [System.Reflection.Assembly]::Load("Microsoft.Office.Client.TranslationServices, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null

            Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
            [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null

            Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client.DocumentManagement, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
            [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client.DocumentManagement, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null

            Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client.Publishing, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
            [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client.Publishing, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null

            Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client.Runtime, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
            [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client.Runtime, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null

            Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client.Search.Applications, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
            [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client.Search.Applications, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null

            Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client.Search, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
            [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client.Search, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null

            Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client.Taxonomy, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
            [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client.Taxonomy, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null

            Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client.UserProfiles, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
            [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client.UserProfiles, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null

            return $true
        }
        catch
        {
            if($_.Exception.Message -match "Could not load file or assembly")
            {
                Write-Error -Message "Unable to load the SharePoint Server 2013 Client Components.`nDownload Location: http://www.microsoft.com/en-us/download/details.aspx?id=42038"
            }
            else
            {
                Write-Error -Exception $_.Exception
            }
            return $false
        }
    }
}

function Load-SharePointOnlineModule
{
    [cmdletbinding()]
    param()

    process
    {
        do
        {
            # Installation location: C:\Program Files\SharePoint Online Management Shell\Microsoft.Online.SharePoint.PowerShell
            $spoModule = Get-Module -Name Microsoft.Online.SharePoint.PowerShell -ErrorAction SilentlyContinue

            if(-not $spoModule)
            {
                try
                {
                    Import-Module Microsoft.Online.SharePoint.PowerShell -DisableNameChecking
                    return $true
                }
                catch
                {
                    if($_.Exception.Message -match "Could not load file or assembly")
                    {
                        Write-Error -Message "Unable to load the SharePoint Online Management Shell.`nDownload Location: http://www.microsoft.com/en-us/download/details.aspx?id=35588"
                    }
                    else
                    {
                        Write-Error -Exception $_.Exception
                    }
                    return $false
                }
            }
            else
            {
                return $true
            }
        }
        while(-not $spoModule)
    }
}

function Remove-IrmConfiguration
{
    [cmdletbinding()]
    param(
        [parameter(Mandatory=$true)][Microsoft.SharePoint.Client.List]$List
    )

    process
    {
        Write-Verbose "Disabling IRM Configuration on '$($List.Title)'"

        $List.IrmEnabled = $false
        $List.IrmExpire  = $false
        $List.IrmReject  = $false
        $List.InformationRightsManagementSettings.Reset()
    }
    end
    {
        if($List)
        {
            Write-Verbose "Committing IRM configuration settings on '$($list.Title)'"
            $list.InformationRightsManagementSettings.Update()
            $list.Update()
            $script:clientContext.Load($list)
            $script:clientContext.ExecuteQuery()
        }
    }
}

function Get-CredentialFromCredentialCache
{
    [cmdletbinding()]
    param([string]$CredentialName)

    #if( Test-Path variable:\global:CredentialCache )
    if( Get-Variable O365TenantAdminCredentialCache -Scope Global -ErrorAction SilentlyContinue )
    {
        if($global:O365TenantAdminCredentialCache.ContainsKey($CredentialName))
        {
            Write-Verbose "Credential Cache Hit: $CredentialName"
            return $global:O365TenantAdminCredentialCache[$CredentialName]
        }
    }
    Write-Verbose "Credential Cache Miss: $CredentialName"
    return $null
}

function Add-CredentialToCredentialCache
{
    [cmdletbinding()]
    param([System.Management.Automation.PSCredential]$Credential)

    if(-not (Get-Variable CredentialCache -Scope Global -ErrorAction SilentlyContinue))
    {
        Write-Verbose "Initializing the Credential Cache"
        $global:O365TenantAdminCredentialCache = @{}
    }

    Write-Verbose "Adding Credential to the Credential Cache"
    $global:O365TenantAdminCredentialCache[$Credential.UserName] = $Credential
}

# load the required assemblies and Windows PowerShell modules

    if(-not ((Load-SharePointOnlineClientComponentAssemblies) -and (Load-SharePointOnlineModule)) ) { return }

# Add the credentials to the client context and SharePoint Online service connection

    # check for cached credentials to use
    $o365TenantAdminCredential = Get-CredentialFromCredentialCache -CredentialName $tenantAdmin

    if(-not $o365TenantAdminCredential)
    {
        # when credentials are not cached, prompt for the tenant admin credentials
        $o365TenantAdminCredential = Get-Credential -UserName $tenantAdmin -Message "Enter the password for the Office 365 admin"

        if(-not $o365TenantAdminCredential -or -not $o365TenantAdminCredential.UserName -or $o365TenantAdminCredential.Password.Length -eq 0 )
        {
            Write-Error -Message "Could not validate the supplied tenant admin credentials"
            return
        }

        # add the credentials to the cache
        Add-CredentialToCredentialCache -Credential $o365TenantAdminCredential
    }

# connect to Office365 first, required for SharePoint Online cmdlets to run

    Connect-SPOService -Url $sharepointAdminCenterUrl -Credential $o365TenantAdminCredential

# enumerate each of the specified site URLs

    foreach($webUrl in $webUrls)
    {
        $grantedSiteCollectionAdmin = $false

        try
        {
            # establish the client context and set the credentials to connect to the site
            $script:clientContext = New-Object Microsoft.SharePoint.Client.ClientContext($webUrl)
            $script:clientContext.Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($o365TenantAdminCredential.UserName, $o365TenantAdminCredential.Password)

            # initialize the site and web context
            $script:clientContext.Load($script:clientContext.Site)
            $script:clientContext.Load($script:clientContext.Web)
            $script:clientContext.ExecuteQuery()

            # load and ensure the tenant admin user account if present on the target SharePoint site
            $tenantAdminUser = $script:clientContext.Web.EnsureUser($o365TenantAdminCredential.UserName)
            $script:clientContext.Load($tenantAdminUser)
            $script:clientContext.ExecuteQuery()

            # check if the tenant admin is a site admin
            if( -not $tenantAdminUser.IsSiteAdmin )
            {
                try
                {
                    # grant the tenant admin temporary admin rights to the site collection
                    Set-SPOUser -Site $script:clientContext.Site.Url -LoginName $o365TenantAdminCredential.UserName -IsSiteCollectionAdmin $true | Out-Null
                    $grantedSiteCollectionAdmin = $true
                }
                catch
                {
                    Write-Error $_.Exception
                    return
                }
            }

            try
            {
                # load the list orlibrary using CSOM

                $list = $null
                $list = $script:clientContext.Web.Lists.GetByTitle($listTitle)
                $script:clientContext.Load($list)
                $script:clientContext.ExecuteQuery()

               Remove-IrmConfiguration -List $list                 
            }
            catch
            {
                Write-Error -Message "Error setting IRM configuration on site: $webUrl.`nError Details: $($_.Exception.ToString())"
            }
       }
       finally
       {
            if($grantedSiteCollectionAdmin)
            {
                # remove the temporary admin rights to the site collection
                Set-SPOUser -Site $script:clientContext.Site.Url -LoginName $o365TenantAdminCredential.UserName -IsSiteCollectionAdmin $false | Out-Null
            }
       }
    }

Disconnect-SPOService -ErrorAction SilentlyContinue

ComentáriosComments

Antes de inserir um comentário, pedimos-lhe que reveja as nossas Regras básicas.Before commenting, we ask that you review our House rules.