This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Dear MS Support Team,
Let's say my company has used Active Directory Right Management System to secure 'confidential documents/emails' in the company.
Today, we have ediscovery issue with competitors, so need to provide some of 'confidential documents/emails' to our law firm/ediscovery vendor to submit as evidence.
In this situation, how we can de-activate the ADRMS of the 'confidential documents/emails' by mass operation, not manual job(one by one)?
In addition, even though we tried to de-activate the ADRMS as much as possible, some of encrypted(by ADRMS) could be appeared by extracting from archive files, etc.
Let's law firm/discovery vendors export/send several encrypted files to us(via FTP or external HDD), how we can do mass-deactivate them?
Please advise.
Thank you.
In such scenarios, you usually enable the super-user functionality. Open the ADRMs console > Security policies > Super users. Enable the feature then add members as needed.
Hi Michev,
Thanks for your reply.
I understand 'Super user' can decrypt all files in the company.
Could you let me know how to mass-decrypt the files in the path(i.e. D:\need decryption)?
(Let's say my vendor gathered protected documents and provided me via external HDD and it is plugged to my pc.)
I tried to find 'how to do mass-decrypt', but only can find 'how to assign super user'
https://techcommunity.microsoft.com/t5/security-compliance-and-identity/using-azure-pim-for-the-aip-super-user-feature-management/ba-p/1587690
Thank you.
The Unprotect-RMSFile cmdlet from the AzureInformationProtection module can be used for that bulk decrypting files. Make sure you configure the prerequisites for AD RMS as detailed here: https://github.com/MicrosoftDocs/Azure-RMSDocs/blob/master/Azure-RMSDocs/rms-client/client-admin-guide-powershell.md#active-directory-rights-management-services
Here's the cmdlet help itself: https://learn.microsoft.com/en-us/powershell/module/azureinformationprotection/unprotect-rmsfile?view=azureipps