Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Do you need to use PowerShell to administer the Azure Rights Management encryption service from Microsoft Purview Information Protection? You might not need to if all your configuration can be done in the Microosft Purview portal. However, you need to use PowerShell for some advanced configurations and you might also prefer to use PowerShell for more efficient command-line control and scripting.
The table in the next section includes some of the advanced configuration scenarios that use PowerShell. When the configuration can also be completed without using PowerShell, this information is also included in the table.
For a complete list of the available cmdlets for this module, with more information about each one, see AIPService.
To install this PowerShell module, see Install the AIPService PowerShell module for the Azure Right Management service.
Tip
In addition to this service-side PowerShell module, the Microsoft Purview Information Protection client installs a supplemental PowerShell module, PurviewInformationProtection.
This client module supports labeling and encrypting multiple files so that, for example, you can bulk-protect all files in a folder. For more information, see Set up the information protection client using PowerShell.
Cmdlets grouped by administration task
| If you need to… | …use the following cmdlets |
|---|---|
| Migrate from on-premises Rights Management (AD RMS or Windows RMS) to the Azure Rights Management service from Microsoft Purview Information Protection. | Import-AipServiceTpd Set-AipServiceKeyProperties |
| Connect to or disconnect from the Rights Management service for your organization. | Connect-AipService Disconnect-AipServiceService |
| Generate and manage your own Azure Rights Management tenant key – the bring your own key (BYOK) scenario. | Set-AipServiceKeyProperties Use-AipServiceKeyVaultKey Get-AipServiceKeys |
| Activate or deactivate the Azure Rights Management service for your organization. | Enable-AipService Disable-AipService |
| Configure onboarding controls for a phased deployment of the Azure Rights Management service. | Get-AipServiceOnboardingControlPolicy Set-AipServiceOnboardingControlPolicy |
| Create and manage Rights Management templates for your organization. | Add-AipServiceTemplate Export-AipServiceTemplate Get-AipServiceTemplate Get-AipServiceTemplateProperty Import-AipServiceTemplate New-AipServiceRightsDefinition Remove-AipServiceTemplate Set-AipServiceTemplateProperty |
| Configure the maximum number of days that content that your organization encrypts can be accessed without an internet connection (the use license validity period). | Get-AipServiceMaxUseLicenseValidityTime Set-AipServiceMaxUseLicenseValidityTime |
| Manage the super user feature of Azure Rights Management for your organization. | Enable-AipServiceSuperUserFeature Disable-AipServiceSuperUserFeature Add-AipServiceSuperUser Get-AipServiceSuperUser Remove-AipServiceSuperUser Set-AAipServiceSuperUserGroup Get-AipServiceSuperUserGroup Clear-AipServiceSuperUserGroup |
| Manage users and groups who are authorized to administer the Azure Rights Management service for your organization. | Add-Aip-ServiceRoleBasedAdministrator Get-Aip-ServiceRoleBasedAdministrator Remove-Aip-ServiceRoleBasedAdministrator |
| Get a log of Azure Rights Management administrative tasks for your organization. | Get-AipServiceAdminLog |
| Log and analyze usage logging for the Azure Rights Management service. | Get-AipServiceUserLog |
| Display the current Azure Rights Management service configuration for your organization. | Get-AipServiceConfiguration |
| Migrate your organization from Azure Rights Management to an on-premises AD RMS deployment. | Set-AipServiceMigrationUrl Get-AipServiceMigrationUrl |
| Manage the legacy document tracking site for rights-protected documents | Disable-AipServiceDocumentTrackingFeature Enable-AipServiceDocumentTrackingFeature Get-AipServiceDocumentTrackingFeature Set-AipServiceDoNotTrackUserGroup Clear-AipServiceDoNotTrackUserGroup Get-AipServiceDoNotTrackUserGroup Get-AipServiceTrackingLog Get-AipServiceDocumentLog |