How To Create Azure Rights Management Template for Users Across Organizations
Azure Rights Management, enables implicit trust between organizations and users in any organization. This means that protected content can be shared between users within the same organization or across organizations when users have Microsoft Office 365, or Azure Rights Management, or users sign up for RMS for individuals. There is a default Do Not Forward template that can be used across organizations. The Do Not Forward Template allows recipients to read the message, but cannot Forward, Print or Copy content. For additional settings and templates to use across organication, you must create a new Rights Management Template using PowerShell.
I will detail the steps in this blog to show how to create an Azure Rights Management Template for Users Across an Organization.
Step 1: Connect to Azure Rights Management using Windows PowerShell
Run the following command: $AdminCredentials = Get-Credential
Type your Azure user name and password, and then click OK
Run the following command: Connect -AadrmService -Credential $AdminCredentials
Step 2: Create Azure Rights Management Template
Run the following commands to create a Template for Marketing where joe@company123.com only has View and Export rights and the Marketing Department has Co-Author rights:
Specify Name and Local Variable: $names = @{}
Specify Name and Local: $names[1033] = "Company123 - External Company Confidential"
Specify Description Variable: $descriptions = @{}
Specify Description: $descriptions[1033] = "This content is confidential and should only be Viewed by Joe at Company 123"
Specify Rights for Joe at Company 123: $r1 = New-AadrmRightsDefinition –EmailAddress joe@company123.com -Rights "VIEW","EXPORT"
Specify Rights for Marketing Department: $r2 = New-AadrmRightsDefinition –EmailAddress marketing@contoso.com -Rights "Co-Author"
Create and Publish Template: Add-AadrmTemplate -Names $names –Descriptions $Descriptions -RightsDefinitions $r1, $r2 -Status Published
Step 3: Connect to Exchange Online using remote PowerShell
Launch Windows PowerShell from a Windows 7, 8 or 8.1 with .NET Framework 4.5 or higher and Windows Framework 3.0 or higher
Run the following command: $UserCredential = Get-Credential
Type your Exchange Online user name and password, and then click OK
Run the following command: $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection
Run the following command: Import-PSSession $Session
Step 4: Updates Templates for Exchange Online
Using Windows PowerShell in Exchange Online from Step 3
Run the following command: Import-RMSTrustedPublishingDomain -Name "RMS Online - 1" -RefreshTemplates –RMSOnline
To confirm that the templates have imported successfully, wait a few minutes
Run the following command: Get-RMSTemplate
Note: I used the default TPD Name "RMS Online - 1". To verify your TPD name, you can run the following command Get-RMSTrustedPublishingDomain
MSDN Links:
Azure Rights Management Cmdlets - https://msdn.microsoft.com/en-us/library/azure/dn629398.aspx
Connect-AadrmService - https://msdn.microsoft.com/en-us/library/azure/dn629415.aspx
Add-AadrmTemplate - https://msdn.microsoft.com/en-us/library/azure/dn727075.aspx