Microsoft 365: konfiguration för onlinetjänster att använda Azure Rights Management-tjänstenMicrosoft 365: Configuration for online services to use the Azure Rights Management service

Gäller för: Azure information Protection, Office 365Applies to: Azure Information Protection, Office 365

Använd följande avsnitt som hjälp för att konfigurera Exchange Online, Microsoft SharePoint och Microsoft OneDrive för att använda Azure Rights Management-tjänsten från Azure Information Protection.Use the following sections to help you configure Exchange Online, Microsoft SharePoint, and Microsoft OneDrive to use the Azure Rights Management service from Azure Information Protection.

Exchange Online: IRM-konfigurationExchange Online: IRM Configuration

Information om hur Exchange Online fungerar med Azure Rights Management-tjänsten finns i avsnittet Exchange Online och Exchange Server i hur Office-program och-tjänster stöder Azure Rights Management.For information about how Exchange Online works with the Azure Rights Management service, see the Exchange Online and Exchange Server section from How Office applications and services support Azure Rights Management.

Exchange Online kanske redan är aktiverat för att använda Azure Rights Management-tjänsten.Exchange Online might already be enabled to use the Azure Rights Management service. Kontrol lera genom att köra följande kommandon:To check, run the following commands:

  1. Om det är första gången du använder Windows PowerShell för Exchange Online på datorn, måste du konfigurera Windows PowerShell till att köra signerade skript.If this is the first time that you have used Windows PowerShell for Exchange Online on your computer, you must configure Windows PowerShell to run signed scripts. Starta en Windows PowerShell-session med alternativet Kör som administratör och skriv sedan:Start your Windows PowerShell session by using the Run as administrator option, and then type:

    Set-ExecutionPolicy RemoteSigned
    

    Tryck på Y för att bekräfta.Press Y to confirm.

  2. Under Windows PowerShell-sessionen loggar du in på Exchange Online med ett konto som är aktiverat för fjärrgränssnittsåtkomst.In your Windows PowerShell session, sign in to Exchange Online by using an account that is enabled for remote Shell access. Som standard är alla konton som skapas i Exchange Online aktiverade för åtkomst till fjärrgränssnitt, men det kan inaktive ras (och aktive RAS) med kommandot Set-User < UserIdentity > -RemotePowerShellEnabled .By default, all accounts that are created in Exchange Online are enabled for remote Shell access but this can be disabled (and enabled) by using the Set-User <UserIdentity> -RemotePowerShellEnabled command.

    Logga in med den första typen:To sign in, first type:

    $Cred = Get-Credential
    

    Ange sedan ditt Microsoft 365 användar namn och lösen ord i dialog rutan begäran om autentiseringsuppgifter för Windows PowerShell .Then, in the Windows PowerShell credential request dialog box, supply your Microsoft 365 user name and password.

  3. Anslut till Exchange Online-tjänsten genom att först ange en variabel:Connect to the Exchange Online service by first setting a variable:

    $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $Cred -Authentication Basic –AllowRedirection
    

    Kör följande kommando:Then run the following command:

    Import-PSSession $Session
    
  4. Kör kommandot Get-IRMConfiguration för att visa din Exchange Online-konfiguration för skydds tjänsten:Run the Get-IRMConfiguration command to view your Exchange Online configuration for the protection service:

    Get-IRMConfiguration
    

    Leta upp värdet AzureRMSLicensingEnabled i utdata:From the output, locate the AzureRMSLicensingEnabled value:

    • Om AzureRMSLicensingEnabled är inställt på Santär Exchange Online redan aktiverat för Azure Rights Management-tjänsten.If AzureRMSLicensingEnabled is set to True, Exchange Online is already enabled for the Azure Rights Management service.

    • Om AzureRMSLicensingEnabled har värdet falsekör du följande kommando för att aktivera Exchange Online för Azure Rights Management-tjänsten: Set-IRMConfiguration -AzureRMSLicensingEnabled $trueIf AzureRMSLicensingEnabled is set False, run the follow command to enable Exchange Online for the Azure Rights Management service: Set-IRMConfiguration -AzureRMSLicensingEnabled $true

  5. Kör följande kommando för att testa att Exchange Online har kon figurer ATS korrekt:To test that Exchange Online is configured successfully, run the following command:

    Test-IRMConfiguration -Sender <user email address>
    

    Exempel: test-IRMConfiguration-Sender adams @ contoso.comFor example: Test-IRMConfiguration -Sender adams@contoso.com

    Det här kommandot kör en serie kontroller som omfattar att anslutningen till tjänsten verifieras och att konfigurationen, URI: er, licenser och mallar hämtas.This command runs a series of checks that includes verifying connectivity to the service, retrieving the configuration, retrieving URIs, licenses, and any templates. Under Windows PowerShell-sessionen visas resultaten för dem och om allt går igenom kontrollerna visas: TOTALT RESULTAT: GODKÄNTIn the Windows PowerShell session, you will see the results of each and at the end, if everything passes these checks: OVERALL RESULT: PASS

När Exchange Online har Aktiver ATS för att använda Azure Rights Management-tjänsten kan du konfigurera funktioner som använder informations skydd automatiskt, till exempel regler för e-postflöde, principer för data förlust skydd (DLP)och skyddade röst meddelanden (Unified Messaging).When Exchange Online is enabled to use the Azure Rights Management service, you can configure features that apply information protection automatically, such as mail flow rules, data loss prevention (DLP) policies, and protected voice mail (Unified Messaging).

SharePoint i Microsoft 365 och OneDrive: IRM-konfigurationSharePoint in Microsoft 365 and OneDrive: IRM Configuration

Information om hur SharePoint IRM fungerar med Azure Rights Management-tjänsten finns i SharePoint i Microsoft 365 och SharePoint Server från avsnittet Rights Management skydd i den här dokumentationen.For information about how SharePoint IRM works with the Azure Rights Management service, see SharePoint in Microsoft 365 and SharePoint Server from the Rights Management protection section of this documentation.

Om du vill konfigurera SharePoint i Microsoft 365 och OneDrive för att stödja Azure Rights Management-tjänsten måste du först aktivera tjänsten IRM (Information Rights Management) för SharePoint genom att använda administrations centret för SharePoint.To configure SharePoint in Microsoft 365 and OneDrive to support the Azure Rights Management service, you must first enable the information rights management (IRM) service for SharePoint by using the SharePoint admin center. Sedan kan webbplats ägare IRM-skydda sina SharePoint-listor och dokument bibliotek, och användare kan IRM-skydda sina OneDrive-bibliotek så att dokument som sparas där och delas med andra skyddas automatiskt av Azure Rights Management-tjänsten.Then, site owners can IRM-protect their SharePoint lists and document libraries, and users can IRM-protect their OneDrive library so that documents that are saved there, and shared with others, are automatically protected by the Azure Rights Management service.

Anteckning

IRM-skyddade bibliotek för SharePoint i Microsoft 365 och OneDrive kräver den senaste versionen av den nya OneDrive sync-klienten (OneDrive.exe) och versionen av RMS- klienten från Microsoft Download Center.IRM-protected libraries for SharePoint in Microsoft 365 and OneDrive require the latest version of the new OneDrive sync client (OneDrive.exe), and the version of the RMS client from the Microsoft Download Center. Installera den här versionen av RMS-klienten även om du har installerat Azure Information Protection-klienten.Install this version of the RMS client even if you have installed the Azure Information Protection client. Mer information om det här distributions scenariot finns i distribuera den nya OneDrive-synkroniseringsklienten i en företags miljö.For more information about this deployment scenario, see Deploy the new OneDrive sync client in an enterprise environment.

Om du vill aktivera IRM-tjänsten (Information Rights Management) för SharePoint, se följande instruktioner i Office-dokumentationen:To enable the information rights management (IRM) service for SharePoint, see the following instructions from the Office documentation:

Den här konfigurationen utförs av Microsoft 365 administratören.This configuration is done by the Microsoft 365 administrator.

Konfigurera IRM för bibliotek och listorConfiguring IRM for libraries and lists

När du har aktiverat IRM-tjänsten för SharePoint kan webbplatsägare skydda sina SharePoint-dokumentbibliotek och SharePoint-listor med IRM.After you have enabled the IRM service for SharePoint, site owners can IRM-protect their SharePoint document libraries and lists. Du hittar anvisningar i följande avsnitt på Office-webbplatsen:For instructions, see the following from the Office website:

Den här konfigurationen genomförs av SharePoint-webbplatsens administratör.This configuration is done by the SharePoint site administrator.

Konfigurera IRM för OneDriveConfiguring IRM for OneDrive

När du har aktiverat IRM-tjänsten för SharePoint kan användarens OneDrive-dokumentbibliotek eller enskilda mappar konfigureras för Rights Management skydd.After you have enabled the IRM service for SharePoint, users' OneDrive document library or individual folders can then be configured for Rights Management protection. Användarna kan konfigurera detta för sig själva genom att använda deras OneDrive-webbplats.Users can configure this for themselves by using their OneDrive website. Även om administratörer inte kan konfigurera det här skyddet för dem med hjälp av administrations centret för SharePoint kan du göra detta med hjälp av Windows PowerShell.Although administrators cannot configure this protection for them by using the SharePoint admin center, you can do this by using Windows PowerShell.

Anteckning

Mer information om hur du konfigurerar OneDrive finns i OneDrive -dokumentationen.For more information about configuring OneDrive, see the OneDrive documentation.

Konfiguration för användareConfiguration for users

Ge användarna följande instruktioner så att de kan konfigurera OneDrive för att skydda sina affärs filer.Give users the following instructions so that they can configure their OneDrive to protect their business files.

  1. Logga in på Microsoft 365 med ditt arbets-eller skol konto och gå till OneDrive-webbplatsen.Sign in to Microsoft 365 with your work or school account and go to the OneDrive website.

  2. I navigerings fönstret, längst ned väljer du återgå till klassiskt OneDrive.In the navigation pane, at the bottom, select Return to classic OneDrive.

  3. Välj ikonen Inställningar .Select the Settings icon. I fönstret Inställningar , om menyfliken är inställt på av, väljer du den här inställningen för att aktivera menyfliksområdet.In the Settings pane, if the Ribbon is set to Off, select this setting to turn the ribbon on.

  4. Om du vill konfigurera alla OneDrive-filer som ska skyddas väljer du fliken bibliotek i menyfliksområdet och väljer sedan biblioteks inställningar.To configure all OneDrive files to be protected, select the LIBRARY tab from the ribbon, and then select Library Settings.

  5. På sidan dokument > inställningar i avsnittet behörigheter och hantering väljer du Information Rights Management.On the Documents > Settings page, in the Permissions and Management section, select Information Rights Management.

  6. På sidan Information Rights Management inställningar markerar du kryss rutan Begränsa behörigheterna för det här biblioteket vid hämtning .On the Information Rights Management Settings page, select Restrict permissions on this library on download check box. Ange önskat namn och en beskrivning för behörigheterna och alternativt, klicka på Visa alternativ för att konfigurera valfria konfigurationer och klicka sedan på OK.Specify your choice of name and a description for the permissions, and optionally, click SHOW OPTIONS to configure optional configurations, and then click OK.

    Mer information om konfigurationsalternativen finns i anvisningarna i Tillämpa IRM (Information Rights Management) på en lista eller ett bibliotek i Office-dokumentationen.For more information about the configuration options, see the instructions in Apply Information Rights Management to a list or library from the Office documentation.

Eftersom den här konfigurationen är beroende av användare i stället för en administratör för IRM-skydda sina OneDrive-filer, lär du användarna om fördelarna med att skydda sina filer och hur du gör detta.Because this configuration relies on users rather than an administrator to IRM-protect their OneDrive files, educate users about the benefits of protecting their files and how to do this. Förklara till exempel att när de delar ett dokument från OneDrive, kan endast personer som de godkänner få åtkomst till det med alla begränsningar som de konfigurerar, även om filen får ett nytt namn och kopieras någon annan stans.For example, explain that when they share a document from OneDrive, only people they authorize can access it with any restrictions that they configure, even if the file is renamed and copied somewhere else.

Konfiguration för administratörerConfiguration for administrators

Även om du inte kan konfigurera IRM för användare i OneDrive med hjälp av administrations centret för SharePoint kan du göra detta med hjälp av Windows PowerShell.Although you cannot configure IRM for users' OneDrive by using the SharePoint admin center, you can do this by using Windows PowerShell. Följ anvisningarna nedan om du vill aktivera IRM för dessa bibliotek:To enable IRM for these libraries, follow these steps:

  1. Hämta och installera SharePoint-klientens komponenter SDK.Download and install the SharePoint Client Components SDK.

  2. Hämta och installera hanterings gränssnittet för SharePoint.Download and install the SharePoint Management Shell.

  3. Kopiera innehållet i följande skript och ge filen namnet Set-IRMOnOneDriveForBusiness.ps1 på datorn.Copy the contents of the following script and name the file Set-IRMOnOneDriveForBusiness.ps1 on your computer.

    **Friskrivning **: Det här exempelskriptet stöds inte av Microsofts standardsupportprogram eller -tjänster.**Disclaimer**: This sample script is not supported under any Microsoft standard support program or service. Exempelskriptet tillhandahålls I BEFINTLIGT SKICK utan garantier av något slag.This sample script is provided AS IS without warranty of any kind.

    # Requires Windows PowerShell version 3
    
    <#
      Description:
    
        Configures IRM policy settings for OneDrive and can also be used for SharePoint libraries and lists
    
     Script Installation Requirements:
    
       SharePoint Client Components SDK
       https://www.microsoft.com/download/details.aspx?id=42038
    
       SharePoint Management Shell
       https://www.microsoft.com/download/details.aspx?id=35588
    
    ======
    #>
    
    # URL will be in the format https://<tenant-name>-admin.sharepoint.com
    $sharepointAdminCenterUrl = "https://contoso-admin.sharepoint.com"
    
    $tenantAdmin = "admin@contoso.com"
    
    $webUrls = @("https://contoso-my.sharepoint.com/personal/user1_contoso_com",
                 "https://contoso-my.sharepoint.com/personal/user2_contoso_com",
                 "https://contoso-my.sharepoint.com/personal/user3_contoso_com")
    
    <# As an alternative to specifying the URLs as an array, you can import them from a CSV file (no header, single value per row).
       Then, use: $webUrls = Get-Content -Path "File_path_and_name.csv"
    
    #>
    
    $listTitle = "Documents"
    
    function Load-SharePointOnlineClientComponentAssemblies
    {
        [cmdletbinding()]
        param()
    
        process
        {
            # assembly location: C:\Program Files\Common Files\microsoft shared\Web Server Extensions\16\ISAPI
            try
            {
                Write-Verbose "Loading Assembly: Microsoft.Office.Client.Policy, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
                [System.Reflection.Assembly]::Load("Microsoft.Office.Client.Policy, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null
    
                Write-Verbose "Loading Assembly: Microsoft.Office.Client.TranslationServices, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
                [System.Reflection.Assembly]::Load("Microsoft.Office.Client.TranslationServices, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null
    
                Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
                [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null
    
                Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client.DocumentManagement, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
                [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client.DocumentManagement, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null
    
                Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client.Publishing, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
                [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client.Publishing, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null
    
                Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client.Runtime, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
                [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client.Runtime, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null
    
                Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client.Search.Applications, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
                [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client.Search.Applications, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null
    
                Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client.Search, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
                [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client.Search, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null
    
                Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client.Taxonomy, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
                [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client.Taxonomy, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null
    
                Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client.UserProfiles, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
                [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client.UserProfiles, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null
    
                return $true
            }
            catch
            {
                if($_.Exception.Message -match "Could not load file or assembly")
                {
                    Write-Error -Message "Unable to load the SharePoint Server 2013 Client Components.`nDownload Location: https://www.microsoft.com/download/details.aspx?id=42038"
                }
                else
                {
                    Write-Error -Exception $_.Exception
                }
                return $false
            }
        }
    }
    
    function Load-SharePointOnlineModule
    {
        [cmdletbinding()]
        param()
    
        process
        {
            do
            {
                # Installation location: C:\Program Files\SharePoint Online Management Shell\Microsoft.Online.SharePoint.PowerShell
                $spoModule = Get-Module -Name Microsoft.Online.SharePoint.PowerShell -ErrorAction SilentlyContinue
    
                if(-not $spoModule)
                {
                    try
                    {
                        Import-Module Microsoft.Online.SharePoint.PowerShell -DisableNameChecking
                        return $true
                    }
                    catch
                    {
                        if($_.Exception.Message -match "Could not load file or assembly")
                        {
                            Write-Error -Message "Unable to load the SharePoint Online Management Shell.`nDownload Location: https://www.microsoft.com/download/details.aspx?id=35588"
                        }
                        else
                        {
                            Write-Error -Exception $_.Exception
                        }
                        return $false
                    }
                }
                else
                {
                    return $true
                }
            }
            while(-not $spoModule)
        }
    }
    
    function Set-IrmConfiguration
    {
        [cmdletbinding()]
        param(
            [parameter(Mandatory=$true)][Microsoft.SharePoint.Client.List]$List,
            [parameter(Mandatory=$true)][string]$PolicyTitle,
            [parameter(Mandatory=$true)][string]$PolicyDescription,
            [parameter(Mandatory=$false)][switch]$IrmReject,
            [parameter(Mandatory=$false)][DateTime]$ProtectionExpirationDate,
            [parameter(Mandatory=$false)][switch]$DisableDocumentBrowserView,
            [parameter(Mandatory=$false)][switch]$AllowPrint,
            [parameter(Mandatory=$false)][switch]$AllowScript,
            [parameter(Mandatory=$false)][switch]$AllowWriteCopy,
            [parameter(Mandatory=$false)][int]$DocumentAccessExpireDays,
            [parameter(Mandatory=$false)][int]$LicenseCacheExpireDays,
            [parameter(Mandatory=$false)][string]$GroupName
        )
    
        process
        {
            Write-Verbose "Applying IRM Configuration on '$($List.Title)'"
    
            # reset the value to the default settings
            $list.InformationRightsManagementSettings.Reset()
    
            $list.IrmEnabled = $true
    
            # IRM Policy title and description
    
                $list.InformationRightsManagementSettings.PolicyTitle       = $PolicyTitle
                $list.InformationRightsManagementSettings.PolicyDescription = $PolicyDescription
    
            # Set additional IRM library settings
    
                # Do not allow users to upload documents that do not support IRM
                $list.IrmReject = $IrmReject.IsPresent
    
                $parsedDate = Get-Date
                if([DateTime]::TryParse($ProtectionExpirationDate, [ref]$parsedDate))
                {
                    # Stop restricting access to the library at <date>
                    $list.IrmExpire = $true
                    $list.InformationRightsManagementSettings.DocumentLibraryProtectionExpireDate = $ProtectionExpirationDate
                }
    
                # Prevent opening documents in the browser for this Document Library
                $list.InformationRightsManagementSettings.DisableDocumentBrowserView = $DisableDocumentBrowserView.IsPresent
    
            # Configure document access rights
    
                # Allow viewers to print
                $list.InformationRightsManagementSettings.AllowPrint = $AllowPrint.IsPresent
    
                # Allow viewers to run script and screen reader to function on downloaded documents
                $list.InformationRightsManagementSettings.AllowScript = $AllowScript.IsPresent
    
                # Allow viewers to write on a copy of the downloaded document
                $list.InformationRightsManagementSettings.AllowWriteCopy = $AllowWriteCopy.IsPresent
    
                if($DocumentAccessExpireDays)
                {
                    # After download, document access rights will expire after these number of days (1-365)
                    $list.InformationRightsManagementSettings.EnableDocumentAccessExpire = $true
                    $list.InformationRightsManagementSettings.DocumentAccessExpireDays   = $DocumentAccessExpireDays
                }
    
            # Set group protection and credentials interval
    
                if($LicenseCacheExpireDays)
                {
                    # Users must verify their credentials using this interval (days)
                    $list.InformationRightsManagementSettings.EnableLicenseCacheExpire = $true
                    $list.InformationRightsManagementSettings.LicenseCacheExpireDays   = $LicenseCacheExpireDays
                }
    
                if($GroupName)
                {
                    # Allow group protection. Default group:
                    $list.InformationRightsManagementSettings.EnableGroupProtection = $true
                    $list.InformationRightsManagementSettings.GroupName             = $GroupName
                }
        }
        end
        {
            if($list)
            {
                Write-Verbose "Committing IRM configuration settings on '$($list.Title)'"
                $list.InformationRightsManagementSettings.Update()
                $list.Update()
                $script:clientContext.Load($list)
                $script:clientContext.ExecuteQuery()
            }
        }
    }
    
    function Get-CredentialFromCredentialCache
    {
        [cmdletbinding()]
        param([string]$CredentialName)
    
        #if( Test-Path variable:\global:CredentialCache )
        if( Get-Variable O365TenantAdminCredentialCache -Scope Global -ErrorAction SilentlyContinue )
        {
            if($global:O365TenantAdminCredentialCache.ContainsKey($CredentialName))
            {
                Write-Verbose "Credential Cache Hit: $CredentialName"
                return $global:O365TenantAdminCredentialCache[$CredentialName]
            }
        }
        Write-Verbose "Credential Cache Miss: $CredentialName"
        return $null
    }
    
    function Add-CredentialToCredentialCache
    {
        [cmdletbinding()]
        param([System.Management.Automation.PSCredential]$Credential)
    
        if(-not (Get-Variable CredentialCache -Scope Global -ErrorAction SilentlyContinue))
        {
            Write-Verbose "Initializing the Credential Cache"
            $global:O365TenantAdminCredentialCache = @{}
        }
    
        Write-Verbose "Adding Credential to the Credential Cache"
        $global:O365TenantAdminCredentialCache[$Credential.UserName] = $Credential
    }
    
    # load the required assemblies and Windows PowerShell modules
    
        if(-not ((Load-SharePointOnlineClientComponentAssemblies) -and (Load-SharePointOnlineModule)) ) { return }
    
    # Add the credentials to the client context and SharePoint service connection
    
        # check for cached credentials to use
        $o365TenantAdminCredential = Get-CredentialFromCredentialCache -CredentialName $tenantAdmin
    
        if(-not $o365TenantAdminCredential)
        {
            # when credentials are not cached, prompt for the tenant admin credentials
            $o365TenantAdminCredential = Get-Credential -UserName $tenantAdmin -Message "Enter the password for the Microsoft 365 admin"
    
            if(-not $o365TenantAdminCredential -or -not $o365TenantAdminCredential.UserName -or $o365TenantAdminCredential.Password.Length -eq 0 )
            {
                Write-Error -Message "Could not validate the supplied tenant admin credentials"
                return
            }
    
            # add the credentials to the cache
            Add-CredentialToCredentialCache -Credential $o365TenantAdminCredential
        }
    
    # connect to Office365 first, required for SharePoint cmdlets to run
    
        Connect-SPOService -Url $sharepointAdminCenterUrl -Credential $o365TenantAdminCredential
    
    # enumerate each of the specified site URLs
    
        foreach($webUrl in $webUrls)
        {
            $grantedSiteCollectionAdmin = $false
    
            try
            {
                # establish the client context and set the credentials to connect to the site
                $script:clientContext = New-Object Microsoft.SharePoint.Client.ClientContext($webUrl)
                $script:clientContext.Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($o365TenantAdminCredential.UserName, $o365TenantAdminCredential.Password)
    
                # initialize the site and web context
                $script:clientContext.Load($script:clientContext.Site)
                $script:clientContext.Load($script:clientContext.Web)
                $script:clientContext.ExecuteQuery()
    
                # load and ensure the tenant admin user account if present on the target SharePoint site
                $tenantAdminUser = $script:clientContext.Web.EnsureUser($o365TenantAdminCredential.UserName)
                $script:clientContext.Load($tenantAdminUser)
                $script:clientContext.ExecuteQuery()
    
                # check if the tenant admin is a site admin
                if( -not $tenantAdminUser.IsSiteAdmin )
                {
                    try
                    {
                        # grant the tenant admin temporary admin rights to the site collection
                        Set-SPOUser -Site $script:clientContext.Site.Url -LoginName $o365TenantAdminCredential.UserName -IsSiteCollectionAdmin $true | Out-Null
                        $grantedSiteCollectionAdmin = $true
                    }
                    catch
                    {
                        Write-Error $_.Exception
                        return
                    }
                }
    
                try
                {
                    # load the list orlibrary using CSOM
    
                    $list = $null
                    $list = $script:clientContext.Web.Lists.GetByTitle($listTitle)
                    $script:clientContext.Load($list)
                    $script:clientContext.ExecuteQuery()
    
                    # **************  ADMIN INSTRUCTIONS  **************
                    # If necessary, modify the following Set-IrmConfiguration parameters to match your required values
                    # The supplied options and values are for example only
                    # Example that shows the Set-IrmConfiguration command with all parameters: Set-IrmConfiguration -List $list -PolicyTitle "Protected Files" -PolicyDescription "This policy restricts access to authorized users" -IrmReject -ProtectionExpirationDate $(Get-Date).AddDays(180) -DisableDocumentBrowserView -AllowPrint -AllowScript -AllowWriteCopy -LicenseCacheExpireDays 25 -DocumentAccessExpireDays 90
    
                    Set-IrmConfiguration -List $list -PolicyTitle "Protected Files" -PolicyDescription "This policy restricts access to authorized users"  
                }
                catch
                {
                    Write-Error -Message "Error setting IRM configuration on site: $webUrl.`nError Details: $($_.Exception.ToString())"
                }
           }
           finally
           {
                if($grantedSiteCollectionAdmin)
                {
                    # remove the temporary admin rights to the site collection
                    Set-SPOUser -Site $script:clientContext.Site.Url -LoginName $o365TenantAdminCredential.UserName -IsSiteCollectionAdmin $false | Out-Null
                }
           }
        }
    
    Disconnect-SPOService -ErrorAction SilentlyContinue
    
  4. Granska skriptet och gör följande ändringar:Review the script and make the following changes:

    1. Sök efter $sharepointAdminCenterUrl och ersätt exempelvärde med din egen URL för administrationscentret för SharePoint.Search for $sharepointAdminCenterUrl and replace the example value with your own SharePoint admin center URL.

      Du hittar det här värdet som bas-URL när du går till administrations centret för SharePoint och har följande format: https://* < tenant_name > *-admin.SharePoint.comYou'll find this value as the base URL when you go into the SharePoint admin center, and it has the following format: https://<tenant_name>-admin.sharepoint.com

      Om klient namnet till exempel är "contoso", anger du: https://contoso-admin.sharepoint.comFor example, if the tenant name is "contoso", then you would specify: https://contoso-admin.sharepoint.com

    2. Sök efter $tenantAdmin och ersätt exempel värde med ditt eget fullständiga globala administratörs konto för Microsoft 365.Search for $tenantAdmin and replace the example value with your own fully qualified global administrator account for Microsoft 365.

      Värdet är samma som det du använder för att logga in på Microsoft 365 administrations Center som global administratör och har följande format: user_name@* < klient domän namn > *. comThis value is the same as the one you use to sign in to the Microsoft 365 admin center as the global administrator and has the following format: user_name@<tenant domain name>.com

      Om Microsoft 365 globala administratörs användar namnet till exempel är "admin" för klient domänen "contoso.com", anger du: **admin@contoso.com**For example, if the Microsoft 365 global administrator user name is "admin" for the "contoso.com" tenant domain, you would specify: **admin@contoso.com**

    3. Sök efter $webUrls och ersätt exempel värden med dina användares OneDrive webb-URL: er, Lägg till eller ta bort så många poster du behöver.Search for $webUrls and replace the example values with your users' OneDrive web URLs, adding or deleting as many entries as you need.

      Du kan också visa kommentarerna i skriptet om hur du ersätter dem genom att importera en CSV-fil som innehåller alla webbadresser du behöver konfigurera.Alternatively, see the comments in the script about how to replace this array by importing a .CSV file that contains all the URLs you need to configure. Vi tillhandahåller ett annat exempelskript för att automatiskt söka efter och extrahera webbadresser att fylla i CSV-filen med.We've provided another sample script to automatically search for and extract the URLs to populate this .CSV file. När du är redo att göra detta använder du det ytterligare skriptet för att mata ut alla OneDrive-URL: er till en. Avsnittet CSV-fil direkt efter de här stegen.When you're ready to do this, use the Additional script to output all OneDrive URLs to a .CSV file section immediately after these steps.

      Webb adressen för användarens OneDrive är i följande format: https://* < klient namn > -My.SharePoint.com/personal/ < > user_name*_* < klient namn > *comThe web URL for the user's OneDrive is in the following format: https://<tenant name>-my.sharepoint.com/personal/<user_name><tenant name>_com

      Om användaren i Contoso-klienten t. ex. har användar namnet "rsimone", anger du: https://contoso-my.sharepoint.com/personal/rsimone_contoso_comFor example, if the user in the contoso tenant has a user name of "rsimone", you would specify: https://contoso-my.sharepoint.com/personal/rsimone_contoso_com

    4. Eftersom vi använder skriptet för att konfigurera OneDrive ska du inte ändra värdet för dokument för $listTitle variabeln.Because we are using the script to configure OneDrive, do not change the value of Documents for the $listTitle variable.

    5. Sök efter ADMIN INSTRUCTIONS.Search for ADMIN INSTRUCTIONS. Om du inte gör några ändringar i det här avsnittet kommer användarens OneDrive att konfigureras för IRM med princip titeln "skyddade filer" och beskrivningen av "den här principen begränsar åtkomsten till behöriga användare".If you make no changes to this section, the user's OneDrive will be configured for IRM with the policy title of "Protected Files" and the description of "This policy restricts access to authorized users". Inga andra IRM-alternativ ställs in vilket troligen är bäst i de flesta miljöer.No other IRM options will be set, which is probably appropriate for most environments. Du kan emellertid ändra rubriken och beskrivningen för principen och lägga till andra IRM-alternativ som är lämpliga för miljön.However, you can change the suggested policy title and description, and also add any other IRM options that are appropriate for your environment. Ta hjälp av det kommenterade exemplet i skriptet när du skapar en egen uppsättning parametrar för kommandot Set-IrmConfiguration.See the commented example in the script to help you construct your own set of parameters for the Set-IrmConfiguration command.

  5. Spara skriptet och signera det.Save the script and sign it. Om du inte signerar skriptet (säkrare) måste du konfigurera Windows PowerShell på datorn till att köra osignerade skript.If you do not sign the script (more secure), Windows PowerShell must be configured on your computer to run unsigned scripts. Det gör du genom att köra en Windows PowerShell-session med alternativet Kör som administratör och ange: Set-ExecutionPolicy Obegränsad.To do this, run a Windows PowerShell session with the Run as Administrator option, and type: Set-ExecutionPolicy Unrestricted. Med den här konfigurationen kan dock alla osignerade skript köras (mindre säkert).However, this configuration lets all unsigned scripts run (less secure).

    Mer information om att signera Windows PowerShell-skript finns about_Signing i PowerShell-dokumentbiblioteket.For more information about signing Windows PowerShell scripts, see about_Signing in the PowerShell documentation library.

  6. Kör skriptet och ange lösen ordet för Microsoft 365 administratörs kontot om du uppmanas till det.Run the script and if prompted, supply the password for the Microsoft 365 admin account. Om du ändrar skriptet och kör det i samma Windows PowerShell-session ombeds du inte att ange autentiseringsuppgifter.If you modify the script and run it in the same Windows PowerShell session, you won't be prompted for credentials.

Tips

Du kan också använda det här skriptet för att konfigurera IRM för ett SharePoint-bibliotek.You can also use this script to configure IRM for a SharePoint library. För den här konfigurationen vill du förmodligen också aktivera alternativet Tillåt inte att användare laddar upp dokument som inte stöder IRM för att se till att biblioteket bara innehåller skyddade dokument.For this configuration, you will likely want to enable the additional option Do not allow users to upload documents that do not support IRM, to ensure that the library contains only protected documents. Du gör det genom att lägga till parametern -IrmReject i kommandot Set-IrmConfiguration i skriptet.To do that, add the -IrmReject parameter to the Set-IrmConfiguration command in the script.

Du måste också ändra $webUrls variabeln (till exempel https: / /contoso.SharePoint.com) och $listTitle variabeln (till exempel $reports).You would also need to modify the $webUrls variable (for example, https://contoso.sharepoint.com) and $listTitle variable (for example, $Reports).

Om du behöver inaktivera IRM för användarens OneDrive-bibliotek, se skriptet för att inaktivera IRM för OneDrive -avsnittet.If you need to disable IRM for user's OneDrive libraries, see the Script to disable IRM for OneDrive section.

Ytterligare skript för att mata ut alla OneDrive-URL: er till en. CSV-filAdditional script to output all OneDrive URLs to a .CSV file

I steg 4 a ovan kan du använda följande Windows PowerShell-skript för att extrahera URL: er för alla användares OneDrive-bibliotek, som du sedan kan kontrol lera, redigera vid behov och sedan importera till huvud skriptet.For step 4c above, you can use the following Windows PowerShell script to extract the URLs for all users' OneDrive libraries, which you can then check, edit if necessary, and then import into the main script.

Det här skriptet kräver också SharePoint-klientens komponenter SDK och hanterings gränssnittet för SharePoint.This script also requires the SharePoint Client Components SDK and the SharePoint Management Shell. Följ samma anvisningar för att kopiera och klistra in, spara filen lokalt (till exempel "rapport-OneDriveForBusinessSiteInfo.ps1"), ändra värdena $sharepointAdminCenterUrl och $tenantAdmin som tidigare och kör skriptet.Follow the same instructions to copy and paste it, save the file locally (for example, "Report-OneDriveForBusinessSiteInfo.ps1"), modify the $sharepointAdminCenterUrl and $tenantAdmin values as before, and then run the script.

**Friskrivning **: Det här exempelskriptet stöds inte av Microsofts standardsupportprogram eller -tjänster.**Disclaimer**: This sample script is not supported under any Microsoft standard support program or service. Exempelskriptet tillhandahålls I BEFINTLIGT SKICK utan garantier av något slag.This sample script is provided AS IS without warranty of any kind.

# Requires Windows PowerShell version 3

<#
  Description:

    Queries the search service of a Microsoft 365 tenant to retrieve all OneDrive sites.  
    Details of the discovered sites are written to a .CSV file (by default,"OneDriveForBusinessSiteInfo_<date>.csv").

 Script Installation Requirements:

   SharePoint Client Components SDK
   https://www.microsoft.com/download/details.aspx?id=42038

   SharePoint Management Shell
   https://www.microsoft.com/download/details.aspx?id=35588

======
#>

# URL will be in the format https://<tenant-name>-admin.sharepoint.com
$sharepointAdminCenterUrl = "https://contoso-admin.sharepoint.com"

$tenantAdmin = "admin@contoso.onmicrosoft.com"                           

$reportName = "OneDriveForBusinessSiteInfo_$((Get-Date).ToString("yyyy-MM-dd_hh.mm.ss")).csv"

$oneDriveForBusinessSiteUrls= @()
$resultsProcessed = 0

function Load-SharePointOnlineClientComponentAssemblies
{
    [cmdletbinding()]
    param()

    process
    {
        # assembly location: C:\Program Files\Common Files\microsoft shared\Web Server Extensions\16\ISAPI
        try
        {
            Write-Verbose "Loading Assembly: Microsoft.Office.Client.Policy, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
            [System.Reflection.Assembly]::Load("Microsoft.Office.Client.Policy, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null

            Write-Verbose "Loading Assembly: Microsoft.Office.Client.TranslationServices, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
            [System.Reflection.Assembly]::Load("Microsoft.Office.Client.TranslationServices, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null

            Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
            [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null

            Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client.DocumentManagement, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
            [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client.DocumentManagement, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null

            Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client.Publishing, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
            [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client.Publishing, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null

            Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client.Runtime, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
            [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client.Runtime, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null

            Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client.Search.Applications, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
            [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client.Search.Applications, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null

            Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client.Search, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
            [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client.Search, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null

            Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client.Taxonomy, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
            [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client.Taxonomy, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null

            Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client.UserProfiles, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
            [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client.UserProfiles, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null

            return $true
        }
        catch
        {
            if($_.Exception.Message -match "Could not load file or assembly")
            {
                Write-Error -Message "Unable to load the SharePoint Server 2013 Client Components.`nDownload Location: https://www.microsoft.com/download/details.aspx?id=42038"
            }
            else
            {
                Write-Error -Exception $_.Exception
            }
            return $false
        }
    }
}

function Load-SharePointOnlineModule
{
    [cmdletbinding()]
    param()

    process
    {
        do
        {
            # Installation location: C:\Program Files\SharePoint Online Management Shell\Microsoft.Online.SharePoint.PowerShell
            $spoModule = Get-Module -Name Microsoft.Online.SharePoint.PowerShell -ErrorAction SilentlyContinue

            if(-not $spoModule)
            {
                try
                {
                    Import-Module Microsoft.Online.SharePoint.PowerShell -DisableNameChecking
                    return $true
                }
                catch
                {
                    if($_.Exception.Message -match "Could not load file or assembly")
                    {
                        Write-Error -Message "Unable to load the SharePoint Online Management Shell.`nDownload Location: https://www.microsoft.com/download/details.aspx?id=35588"
                    }
                    else
                    {
                        Write-Error -Exception $_.Exception
                    }
                    return $false
                }
            }
            else
            {
                return $true
            }
        }
        while(-not $spoModule)
    }
}

function Get-CredentialFromCredentialCache
{
    [cmdletbinding()]
    param([string]$CredentialName)

    #if( Test-Path variable:\global:CredentialCache )
    if( Get-Variable O365TenantAdminCredentialCache -Scope Global -ErrorAction SilentlyContinue )
    {
        if($global:O365TenantAdminCredentialCache.ContainsKey($CredentialName))
        {
            Write-Verbose "Credential Cache Hit: $CredentialName"
            return $global:O365TenantAdminCredentialCache[$CredentialName]
        }
    }
    Write-Verbose "Credential Cache Miss: $CredentialName"
    return $null
}

function Add-CredentialToCredentialCache
{
    [cmdletbinding()]
    param([System.Management.Automation.PSCredential]$Credential)

    if(-not (Get-Variable CredentialCache -Scope Global -ErrorAction SilentlyContinue))
    {
        Write-Verbose "Initializing the Credential Cache"
        $global:O365TenantAdminCredentialCache = @{}
    }

    Write-Verbose "Adding Credential to the Credential Cache"
    $global:O365TenantAdminCredentialCache[$Credential.UserName] = $Credential
}

# load the required assemblies and Windows PowerShell modules

    if(-not ((Load-SharePointOnlineClientComponentAssemblies) -and (Load-SharePointOnlineModule)) ) { return }

# Add the credentials to the client context and SharePoint service connection

    # check for cached credentials to use
    $o365TenantAdminCredential = Get-CredentialFromCredentialCache -CredentialName $tenantAdmin

    if(-not $o365TenantAdminCredential)
    {
        # when credentials are not cached, prompt for the tenant admin credentials
        $o365TenantAdminCredential = Get-Credential -UserName $tenantAdmin -Message "Enter the password for the Office 365 admin"

        if(-not $o365TenantAdminCredential -or -not $o365TenantAdminCredential.UserName -or $o365TenantAdminCredential.Password.Length -eq 0 )
        {
            Write-Error -Message "Could not validate the supplied tenant admin credentials"
            return
        }

        # add the credentials to the cache
        Add-CredentialToCredentialCache -Credential $o365TenantAdminCredential
    }

# establish the client context and set the credentials to connect to the site

    $clientContext = New-Object Microsoft.SharePoint.Client.ClientContext($sharepointAdminCenterUrl)
    $clientContext.Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($o365TenantAdminCredential.UserName, $o365TenantAdminCredential.Password)

# run a query against the Microsoft 365 tenant search service to retrieve all OneDrive URLs

    do
    {
        # build the query object
        $query = New-Object Microsoft.SharePoint.Client.Search.Query.KeywordQuery($clientContext)
        $query.TrimDuplicates        = $false
        $query.RowLimit              = 500
        $query.QueryText             = "SPSiteUrl:'/personal/' AND contentclass:STS_Site"
        $query.StartRow              = $resultsProcessed
        $query.TotalRowsExactMinimum = 500000

        # run the query
        $searchExecutor = New-Object Microsoft.SharePoint.Client.Search.Query.SearchExecutor($clientContext)
        $queryResults = $searchExecutor.ExecuteQuery($query)
        $clientContext.ExecuteQuery()

        # enumerate the search results and store the site URLs
        $queryResults.Value[0].ResultRows | % {
            $oneDriveForBusinessSiteUrls += $_.Path
            $resultsProcessed++
        }
    }
    while($resultsProcessed -lt $queryResults.Value.TotalRows)

$oneDriveForBusinessSiteUrls | Out-File -FilePath $reportName
Skript för att inaktivera IRM för OneDriveScript to disable IRM for OneDrive

Använd följande exempel skript om du behöver inaktivera IRM för användarnas OneDrive.Use the following sample script if you need to disable IRM for users' OneDrive.

Det här skriptet kräver också SharePoint-klientens komponenter SDK och hanterings gränssnittet för SharePoint.This script also requires the SharePoint Client Components SDK and the SharePoint Management Shell. Kopiera och klistra in innehållet, spara filen lokalt (t.ex. "Inaktivera-IRMOnOneDriveForBusiness.ps1") och ändra värdena $sharepointAdminCenterUrl och $tenantAdmin.Copy and paste the contents, save the file locally (for example, "Disable-IRMOnOneDriveForBusiness.ps1"), and modify the $sharepointAdminCenterUrl and $tenantAdmin values. Ange OneDrive-URL: erna manuellt eller Använd skriptet i föregående avsnitt så att du kan importera dessa och sedan köra skriptet.Manually specify the OneDrive URLs or use the script in the previous section so that you can import these, and then run the script.

**Friskrivning **: Det här exempelskriptet stöds inte av Microsofts standardsupportprogram eller -tjänster.**Disclaimer**: This sample script is not supported under any Microsoft standard support program or service. Exempelskriptet tillhandahålls I BEFINTLIGT SKICK utan garantier av något slag.This sample script is provided AS IS without warranty of any kind.

# Requires Windows PowerShell version 3

<#
  Description:

    Disables IRM for OneDrive and can also be used for SharePoint libraries and lists

 Script Installation Requirements:

   SharePoint Client Components SDK
   https://www.microsoft.com/download/details.aspx?id=42038

   SharePoint Management Shell
   https://www.microsoft.com/download/details.aspx?id=35588

======
#>

$sharepointAdminCenterUrl = "https://contoso-admin.sharepoint.com"

$tenantAdmin = "admin@contoso.com"

$webUrls = @("https://contoso-my.sharepoint.com/personal/user1_contoso_com",
             "https://contoso-my.sharepoint.com/personal/user2_contoso_com",
             "https://contoso-my.sharepoint.com/personal/person3_contoso_com")

<# As an alternative to specifying the URLs as an array, you can import them from a CSV file (no header, single value per row).
   Then, use: $webUrls = Get-Content -Path "File_path_and_name.csv"

#>

$listTitle = "Documents"

function Load-SharePointOnlineClientComponentAssemblies
{
    [cmdletbinding()]
    param()

    process
    {
        # assembly location: C:\Program Files\Common Files\microsoft shared\Web Server Extensions\16\ISAPI
        try
        {
            Write-Verbose "Loading Assembly: Microsoft.Office.Client.Policy, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
            [System.Reflection.Assembly]::Load("Microsoft.Office.Client.Policy, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null

            Write-Verbose "Loading Assembly: Microsoft.Office.Client.TranslationServices, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
            [System.Reflection.Assembly]::Load("Microsoft.Office.Client.TranslationServices, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null

            Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
            [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null

            Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client.DocumentManagement, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
            [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client.DocumentManagement, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null

            Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client.Publishing, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
            [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client.Publishing, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null

            Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client.Runtime, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
            [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client.Runtime, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null

            Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client.Search.Applications, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
            [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client.Search.Applications, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null

            Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client.Search, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
            [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client.Search, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null

            Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client.Taxonomy, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
            [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client.Taxonomy, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null

            Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client.UserProfiles, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
            [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client.UserProfiles, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null

            return $true
        }
        catch
        {
            if($_.Exception.Message -match "Could not load file or assembly")
            {
                Write-Error -Message "Unable to load the SharePoint Server 2013 Client Components.`nDownload Location: https://www.microsoft.com/download/details.aspx?id=42038"
            }
            else
            {
                Write-Error -Exception $_.Exception
            }
            return $false
        }
    }
}

function Load-SharePointOnlineModule
{
    [cmdletbinding()]
    param()

    process
    {
        do
        {
            # Installation location: C:\Program Files\SharePoint Online Management Shell\Microsoft.Online.SharePoint.PowerShell
            $spoModule = Get-Module -Name Microsoft.Online.SharePoint.PowerShell -ErrorAction SilentlyContinue

            if(-not $spoModule)
            {
                try
                {
                    Import-Module Microsoft.Online.SharePoint.PowerShell -DisableNameChecking
                    return $true
                }
                catch
                {
                    if($_.Exception.Message -match "Could not load file or assembly")
                    {
                        Write-Error -Message "Unable to load the SharePoint Online Management Shell.`nDownload Location: https://www.microsoft.com/download/details.aspx?id=35588"
                    }
                    else
                    {
                        Write-Error -Exception $_.Exception
                    }
                    return $false
                }
            }
            else
            {
                return $true
            }
        }
        while(-not $spoModule)
    }
}

function Remove-IrmConfiguration
{
    [cmdletbinding()]
    param(
        [parameter(Mandatory=$true)][Microsoft.SharePoint.Client.List]$List
    )

    process
    {
        Write-Verbose "Disabling IRM Configuration on '$($List.Title)'"

        $List.IrmEnabled = $false
        $List.IrmExpire  = $false
        $List.IrmReject  = $false
        $List.InformationRightsManagementSettings.Reset()
    }
    end
    {
        if($List)
        {
            Write-Verbose "Committing IRM configuration settings on '$($list.Title)'"
            $list.InformationRightsManagementSettings.Update()
            $list.Update()
            $script:clientContext.Load($list)
            $script:clientContext.ExecuteQuery()
        }
    }
}

function Get-CredentialFromCredentialCache
{
    [cmdletbinding()]
    param([string]$CredentialName)

    #if( Test-Path variable:\global:CredentialCache )
    if( Get-Variable O365TenantAdminCredentialCache -Scope Global -ErrorAction SilentlyContinue )
    {
        if($global:O365TenantAdminCredentialCache.ContainsKey($CredentialName))
        {
            Write-Verbose "Credential Cache Hit: $CredentialName"
            return $global:O365TenantAdminCredentialCache[$CredentialName]
        }
    }
    Write-Verbose "Credential Cache Miss: $CredentialName"
    return $null
}

function Add-CredentialToCredentialCache
{
    [cmdletbinding()]
    param([System.Management.Automation.PSCredential]$Credential)

    if(-not (Get-Variable CredentialCache -Scope Global -ErrorAction SilentlyContinue))
    {
        Write-Verbose "Initializing the Credential Cache"
        $global:O365TenantAdminCredentialCache = @{}
    }

    Write-Verbose "Adding Credential to the Credential Cache"
    $global:O365TenantAdminCredentialCache[$Credential.UserName] = $Credential
}

# load the required assemblies and Windows PowerShell modules

    if(-not ((Load-SharePointOnlineClientComponentAssemblies) -and (Load-SharePointOnlineModule)) ) { return }

# Add the credentials to the client context and SharePoint service connection

    # check for cached credentials to use
    $o365TenantAdminCredential = Get-CredentialFromCredentialCache -CredentialName $tenantAdmin

    if(-not $o365TenantAdminCredential)
    {
        # when credentials are not cached, prompt for the tenant admin credentials
        $o365TenantAdminCredential = Get-Credential -UserName $tenantAdmin -Message "Enter the password for the Office 365 admin"

        if(-not $o365TenantAdminCredential -or -not $o365TenantAdminCredential.UserName -or $o365TenantAdminCredential.Password.Length -eq 0 )
        {
            Write-Error -Message "Could not validate the supplied tenant admin credentials"
            return
        }

        # add the credentials to the cache
        Add-CredentialToCredentialCache -Credential $o365TenantAdminCredential
    }

# connect to Office365 first, required for SharePoint cmdlets to run

    Connect-SPOService -Url $sharepointAdminCenterUrl -Credential $o365TenantAdminCredential

# enumerate each of the specified site URLs

    foreach($webUrl in $webUrls)
    {
        $grantedSiteCollectionAdmin = $false

        try
        {
            # establish the client context and set the credentials to connect to the site
            $script:clientContext = New-Object Microsoft.SharePoint.Client.ClientContext($webUrl)
            $script:clientContext.Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($o365TenantAdminCredential.UserName, $o365TenantAdminCredential.Password)

            # initialize the site and web context
            $script:clientContext.Load($script:clientContext.Site)
            $script:clientContext.Load($script:clientContext.Web)
            $script:clientContext.ExecuteQuery()

            # load and ensure the tenant admin user account if present on the target SharePoint site
            $tenantAdminUser = $script:clientContext.Web.EnsureUser($o365TenantAdminCredential.UserName)
            $script:clientContext.Load($tenantAdminUser)
            $script:clientContext.ExecuteQuery()

            # check if the tenant admin is a site admin
            if( -not $tenantAdminUser.IsSiteAdmin )
            {
                try
                {
                    # grant the tenant admin temporary admin rights to the site collection
                    Set-SPOUser -Site $script:clientContext.Site.Url -LoginName $o365TenantAdminCredential.UserName -IsSiteCollectionAdmin $true | Out-Null
                    $grantedSiteCollectionAdmin = $true
                }
                catch
                {
                    Write-Error $_.Exception
                    return
                }
            }

            try
            {
                # load the list orlibrary using CSOM

                $list = $null
                $list = $script:clientContext.Web.Lists.GetByTitle($listTitle)
                $script:clientContext.Load($list)
                $script:clientContext.ExecuteQuery()

               Remove-IrmConfiguration -List $list
            }
            catch
            {
                Write-Error -Message "Error setting IRM configuration on site: $webUrl.`nError Details: $($_.Exception.ToString())"
            }
       }
       finally
       {
            if($grantedSiteCollectionAdmin)
            {
                # remove the temporary admin rights to the site collection
                Set-SPOUser -Site $script:clientContext.Site.Url -LoginName $o365TenantAdminCredential.UserName -IsSiteCollectionAdmin $false | Out-Null
            }
       }
    }

Disconnect-SPOService -ErrorAction SilentlyContinue