unified labeling

Azure RMS Super Users

Azure RMS and Azure Information Protection offer excellent tools to protect information in your organization.  Using them it is easy for end users to encrypt sensitive information so that no matter where that information may go, it will still be secure.  The Digital Rights Management (DRM) is embedded in the document itself and before someone can open it, they have to authenticate with your Azure AD.

Azure RMS super users

So, what happens when an employee leaves the organization and they have a bunch of encrypted files left behind, or an Admin needs to remove the encryption from files?

This is where Azure RMS Super Users come into play.  You can download the PDF that describes them https://gallery.technet.microsoft.com/Azure-RMS-Super-Users-e6ce395c

This is all done via PowerShell and if automatically configured for users when they are working in the Security and Compliance Center if you assign the Decrypt RMS role to the user.  The cmdlet you use is:

To remove Azure RMS encryption you can then use the Unprotect-RMSFile cmdlet and if you need to encrypt files you can use the Protect-RMSFile

These can be used on a single file, or on a folder for bulk updates.

Hope this helps Admins that are looking to programmatically remove Azure RMS encryption via PowerShell!

Leave a Reply


We use cookies to ensure the best possible experience on our website. Detailed information on the use of cookies on this site is provided in our Privacy and Cookie Policy. Further instruction on how to disable our cookies can be found there.