Share via


Remove-AipServiceRoleBasedAdministrator

Removes administrative rights from Azure Information Protection.

Syntax

Remove-AipServiceRoleBasedAdministrator
      [-ObjectId <Guid>]
      [-Role <Role>]
      [<CommonParameters>]
Remove-AipServiceRoleBasedAdministrator
      [-SecurityGroupDisplayName <String>]
      [-Role <Role>]
      [<CommonParameters>]
Remove-AipServiceRoleBasedAdministrator
      [-EmailAddress <String>]
      [-Role <Role>]
      [<CommonParameters>]

Description

The Remove-AipServiceRoleBasedAdministrator cmdlet removes administrative rights from Azure Information Protection, so that administrators you have previously delegated to configure the protection service can no longer do so by using PowerShell commands.

You must use PowerShell to configure delegated administrative control for the protection service from Azure Information Protection, you cannot do this configuration by using a management portal.

To see the full list of delegated administrators for the protection service, use Get-AipServiceRoleBasedAdministrator. Run the Remove-AipServiceRoleBasedAdministrator cmdlet for each user or group that you want to remove from the list.

Examples

Example 1: Remove administrative rights by using a display name

PS C:\>Remove-AipServiceRoleBasedAdministrator -SecurityGroupDisplayName "Finance Employees"

This command removes administrative rights from Azure Information Protection for the group that has a display name of "Finance Employees".

Example 2: Remove administrative rights by using an email address

PS C:\>Remove-AipServiceRoleBasedAdministrator -EmailAddress "EvanNarvaez@Contoso.com"

This command removes administrative rights from Azure Information Protection for the user who has an email address of "EvanNarvaez@Contoso.com".

Parameters

-EmailAddress

Specifies the email address of a user or group to remove administrative rights from Azure Information Protection. If the user has no email address, specify the user's Universal Principal Name.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-ObjectId

Specifies the GUID of a user or group to remove administrative rights from Azure Information Protection.

Type:Guid
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-Role

Specifies a role. The cmdlet removes an administrator that belongs to the role that you specify.

The acceptable values for this parameter are:

  • ConnectorAdministrator

  • GlobalAdministrator

If you do not specify a role, the cmdlet removes the administrator from the GlobalAdministrator role.

Type:Role
Accepted values:GlobalAdministrator, ConnectorAdministrator
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-SecurityGroupDisplayName

Specifies the display name of a user or group that should no longer have administrative rights for Azure Information Protection.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False