This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(121.6, 14.000000000000002%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETK%3C/text%3E%3C/svg%3E)
Dear MS Support Team,
Let's say my company has used Active Directory Right Management System to secure 'confidential documents/emails' in the company.
Today, we have ediscovery issue with competitors, so need to provide some of 'confidential documents/emails' to our law firm/ediscovery vendor to submit as evidence.
In this situation, how we can de-activate the ADRMS of the 'confidential documents/emails' by mass operation, not manual job(one by one)?
In addition, even though we tried to de-activate the ADRMS as much as possible, some of encrypted(by ADRMS) could be appeared by extracting from archive files, etc.
Let's law firm/discovery vendors export/send several encrypted files to us(via FTP or external HDD), how we can do mass-deactivate them?
Please advise.
Thank you.
In such scenarios, you usually enable the super-user functionality. Open the ADRMs console > Security policies > Super users. Enable the feature then add members as needed.
Hi Michev,
Thanks for your reply.
I understand 'Super user' can decrypt all files in the company.
Could you let me know how to mass-decrypt the files in the path(i.e. D:\need decryption)?
(Let's say my vendor gathered protected documents and provided me via external HDD and it is plugged to my pc.)
I tried to find 'how to do mass-decrypt', but only can find 'how to assign super user'
https://techcommunity.microsoft.com/t5/security-compliance-and-identity/using-azure-pim-for-the-aip-super-user-feature-management/ba-p/1587690
Thank you.
The Unprotect-RMSFile cmdlet from the AzureInformationProtection module can be used for that bulk decrypting files. Make sure you configure the prerequisites for AD RMS as detailed here: https://github.com/MicrosoftDocs/Azure-RMSDocs/blob/master/Azure-RMSDocs/rms-client/client-admin-guide-powershell.md#active-directory-rights-management-services
Here's the cmdlet help itself: https://learn.microsoft.com/en-us/powershell/module/azureinformationprotection/unprotect-rmsfile?view=azureipps