Set-AipServiceKeyProperties
Updates the properties of a tenant key object for Azure Information Protection.
Syntax
Set-AipServiceKeyProperties
[-Force]
-KeyIdentifier <String>
-Active <Boolean>
[-WhatIf]
[-Confirm]
[-RefreshSlcName]
[<CommonParameters>] Description
The Set-AipServiceKeyProperties cmdlet changes an Archived status for a specified key object for the tenant to be Active. Because there can be only one active tenant key at any one time, the previously active tenant key is automatically set to Archived.
New users of Azure Information Protection immediately use the identified tenant key to protect content. Existing users of the service gradually transition from the previously active tenant key to the newly active tenant key, and this staggered transition can take a few weeks to complete. You can force the update on clients by re-initializing the user environment (also known as bootstrapping). Documents and files that were protected with the previously active tenant key remain accessible to authorized users by using the tenant key that is now archived.
Setting the tenant key object status to Active also resigns all protection templates with the newly active tenant key. Because this can be a time-consuming operation, especially if you have many protection templates, we do not recommend that you run this operation frequently.
To run this cmdlet, you must specify the KeyIdentifier for the tenant key object that you want to set to Active. To get this value, use the Get-AipServiceKeys cmdlet.
Unless you are in middle of a migration from AD RMS, do not activate a 1024-bit RSA key, which is considered an inadequate level of protection. Microsoft doesn’t endorse the use of lower key lengths such as 1024-bit RSA keys and the associated use of protocols that offer inadequate levels of protection, such as SHA-1. We recommend moving to a higher key length.
Note
You cannot use this cmdlet to change an Active status to be Archived. To set a tenant key object to have a status of Archived, you must set another tenant key object to Active.
For more information about the tenant key, see Planning and implementing your Azure Information Protection tenant key.
Examples
Example 1: Change the status of a tenant key object to be active
PS C:\> Set-AipServiceKeyProperties -Force -KeyIdentifier "c0f102b3-02cc-4816-b732-fcee73edd0e6" -Active $TrueThis command changes the status of a tenant key object from Archived to Active. The KeyIdentifier parameter identifies the tenant key object to change, and this value can be found by running Get-AipServiceKeys. The tenant key object that previously had a status of Active is automatically set to Archived.
Because the command specifies the Force parameter, the command does not prompt you for confirmation.
Example 2: Refresh SLC to reflect tenant friendly name
PS C:\> Set-AipServiceKeyProperties -KeyIdentifier "c0f102b3-02cc-4816-b732-fcee73edd0e6" -RefreshSlcNameThis command retrieves the current tenant friendly name from Azure Active Directory and updates the SLC to have the user keys reflect the same name.
Parameters
-Active
Sets the status of the tenant key object.
This parameter can only be use with the value of $True, which sets the status to be Active. If you want to change the status of a tenant key object to Archived, you must set another tenant key object to Active.
| Type: | Boolean |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-Confirm
Prompts you for confirmation before running the cmdlet.
| Type: | SwitchParameter |
| Aliases: | cf |
| Position: | Named |
| Default value: | False |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Force
Forces the command to run without asking for user confirmation.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-KeyIdentifier
Specifies the key identifier for the tenant key object. You can get this value by running Get-AipServiceKeys.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-RefreshSlcName
Refreshes the user key (SLC) to reflect the tenant-friendly name.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-WhatIf
Shows what would happen if the cmdlet runs. The cmdlet is not run.
| Type: | SwitchParameter |
| Aliases: | wi |
| Position: | Named |
| Default value: | False |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |