Microsoft 365: Konfigurasi untuk layanan online menggunakan layanan Azure Rights Management

Gunakan bagian berikut untuk membantu Anda mengonfigurasi Exchange Online, Microsoft SharePoint, dan Microsoft OneDrive untuk menggunakan layanan Azure Rights Management dari Perlindungan Informasi Azure.

Exchange Online: Konfigurasi IRM

Untuk informasi tentang cara kerja Exchange Online dengan layanan Azure Rights Management, lihat bagian Exchange Online dan Server Exchange dari Cara aplikasi Office likasi dan layanan mendukung Azure Rights Management.

Exchange Online mungkin sudah diaktifkan untuk menggunakan layanan Azure Rights Management. Untuk memeriksanya, jalankan perintah berikut:

1. Jika ini pertama kalinya Anda menggunakan Windows PowerShell untuk Exchange Online di komputer, Anda harus mengonfigurasi Windows PowerShell untuk menjalankan skrip yang ditandatangani. Mulai sesi Windows PowerShell Anda dengan menggunakan opsi Jalankan sebagai administrator , lalu ketik:

   Set-ExecutionPolicy RemoteSigned
   

   Tekan Y untuk mengonfirmasi.

2. Di sesi Windows PowerShell Anda, masuk ke Exchange Online dengan menggunakan akun yang diaktifkan untuk akses Shell jarak jauh. Secara default, semua akun yang dibuat di Exchange Online diaktifkan untuk akses Shell jarak jauh tetapi ini dapat dinonaktifkan (dan diaktifkan) dengan menggunakan perintah Set-UserIdentity <> -RemotePowerShellEnabled.

   Untuk masuk, ketik pertama:

   Connect-ExchangeOnline
   

   Kemudian, dalam kotak dialog permintaan kredensial Windows PowerShell, berikan nama pengguna dan kata sandi Microsoft 365 Anda.

3. Jalankan perintah Get-IRMConfiguration untuk menampilkan konfigurasi Exchange Online Anda untuk layanan perlindungan:

   Get-IRMConfiguration
   

   Dari output, temukan nilai AzureRMSLicensingEnabled :

   • Jika AzureRMSLicensingEnabled diatur ke True, Exchange Online sudah diaktifkan untuk layanan Azure Rights Management.

   • Jika AzureRMSLicensingEnabled diatur False, jalankan perintah berikut untuk mengaktifkan Exchange Online untuk layanan Azure Rights Management: Set-IRMConfiguration -AzureRMSLicensingEnabled $true

4. Untuk menguji bahwa Exchange Online berhasil dikonfigurasi, jalankan perintah berikut:

   Test-IRMConfiguration -Sender <user email address>
   

   Misalnya: Test-IRMConfiguration -Sender adams@contoso.com

   Perintah ini menjalankan serangkaian pemeriksaan yang mencakup verifikasi konektivitas ke layanan, mengambil konfigurasi, mengambil URI, lisensi, dan templat apa pun. Dalam sesi Windows PowerShell, Anda akan melihat hasil masing-masing dan di akhir, jika semuanya melewati pemeriksaan ini: HASIL KESELURUHAN: LULUS

Saat Exchange Online diaktifkan untuk menggunakan layanan Azure Rights Management, Anda bisa mengonfigurasi fitur berikut:

• Enkripsi Pesan Purview menggunakan aturan alur email.

• Enkripsi menggunakan kebijakan pencegahan kehilangan data (DLP).

• Label sensitivitas dengan enkripsi menggunakan Outlook di Web, Mac, iOS, dan Android.

• Kebijakan pelabelan otomatis di Exchange untuk menerapkan label sensitivitas dengan enkripsi ke email dan pesan pesan suara yang dilindungi.

SharePoint di Microsoft 365 dan OneDrive: Konfigurasi IRM

Untuk informasi tentang cara kerja SharePoint IRM dengan layanan Azure Rights Management, lihat SharePoint di Microsoft 365 dan SharePoint Server dari bagian perlindungan Manajemen Hak dari dokumentasi ini.

Untuk mengonfigurasi SharePoint di Microsoft 365 dan OneDrive untuk mendukung layanan Azure Rights Management, Anda harus terlebih dahulu mengaktifkan layanan manajemen hak informasi (IRM) untuk SharePoint dengan menggunakan pusat admin SharePoint. Kemudian, pemilik situs dapat memproteksi daftar SharePoint dan pustaka dokumen mereka, dan pengguna dapat melindungi pustaka OneDrive mereka secara IRM sehingga dokumen yang disimpan di sana, dan dibagikan dengan orang lain, secara otomatis dilindungi oleh layanan Manajemen Hak Azure.

Catatan

Pustaka yang dilindungi IRM untuk SharePoint di Microsoft 365 dan OneDrive memerlukan versi terbaru klien sinkronisasi OneDrive baru (OneDrive.exe), dan versi klien RMS dari Pusat Unduhan Microsoft. Instal versi klien RMS ini meskipun Anda telah menginstal klien Perlindungan Informasi Azure. Untuk informasi selengkapnya tentang skenario penyebaran ini, lihat Menyebarkan klien sinkronisasi OneDrive baru di lingkungan perusahaan.

Untuk mengaktifkan layanan manajemen hak informasi (IRM) untuk SharePoint, lihat instruksi berikut dari dokumentasi Office:

• Menyiapkan Manajemen Hak Informasi (IRM) di pusat admin SharePoint

Konfigurasi ini dilakukan oleh administrator Microsoft 365.

Mengonfigurasi IRM untuk pustaka dan daftar

Setelah Anda mengaktifkan layanan IRM untuk SharePoint, pemilik situs bisa memproteksi pustaka dan daftar dokumen SharePoint mereka. Untuk petunjuknya, lihat hal berikut ini dari situs web Office:

• Menerapkan Manajemen Hak Informasi ke daftar atau pustaka

Konfigurasi ini dilakukan oleh administrator situs SharePoint.

Mengonfigurasi IRM untuk OneDrive

Setelah Anda mengaktifkan layanan IRM untuk SharePoint, pustaka dokumen OneDrive pengguna atau folder individual kemudian dapat dikonfigurasi untuk perlindungan Manajemen Hak. Pengguna dapat mengonfigurasi ini sendiri dengan menggunakan situs web OneDrive mereka. Meskipun administrator tidak dapat mengonfigurasi perlindungan ini untuk mereka dengan menggunakan pusat admin SharePoint, Anda bisa melakukannya dengan menggunakan Windows PowerShell.

Catatan

Untuk informasi selengkapnya tentang mengonfigurasi OneDrive, lihat dokumentasi OneDrive .

Konfigurasi untuk pengguna

Beri pengguna instruksi berikut sehingga mereka bisa mengonfigurasi OneDrive mereka untuk melindungi file bisnis mereka.

1. Masuk ke Microsoft 365 dengan akun kerja atau sekolah Anda dan buka situs web OneDrive.

2. Di panel navigasi, di bagian bawah, pilih Kembali ke OneDrive klasik.

3. Pilih ikon Pengaturan. Di panel Pengaturan, jika Pita diatur ke Nonaktif, pilih pengaturan ini untuk mengaktifkan pita.

4. Untuk mengonfigurasi semua file OneDrive yang akan diproteksi, pilih tab PUSTAKA dari pita, lalu pilih Pustaka Pengaturan.

5. Pada halaman Pengaturan Dokumen > , di bagian Izin dan Manajemen, pilih Manajemen Hak Informasi.

6. Pada halaman Pengaturan Manajemen Hak Informasi, pilih kotak centang Batasi izin pada pustaka ini pada unduhan. Tentukan nama pilihan Anda dan deskripsi untuk izin, dan secara opsional, klik TAMPILKAN OPSI untuk mengonfigurasi konfigurasi opsional, lalu klik OK.

Karena konfigurasi ini bergantung pada pengguna daripada administrator untuk melindungi file OneDrive mereka IRM, mendidik pengguna tentang manfaat melindungi file mereka dan cara melakukan ini. Misalnya, jelaskan bahwa ketika mereka berbagi dokumen dari OneDrive, hanya orang yang mereka otorisasi yang dapat mengaksesnya dengan batasan apa pun yang mereka konfigurasi, bahkan jika file diganti namanya dan disalin di tempat lain.

Konfigurasi untuk administrator

Meskipun Anda tidak dapat mengonfigurasi IRM untuk OneDrive pengguna dengan menggunakan pusat admin SharePoint, Anda bisa melakukannya dengan menggunakan Windows PowerShell. Untuk mengaktifkan IRM untuk pustaka ini, ikuti langkah-langkah berikut:

1. Unduh dan instal SDK Komponen Klien SharePoint.

2. Unduh dan instal SharePoint Management Shell.

3. Salin konten skrip berikut dan beri nama file Set-IRMOnOneDriveForBusiness.ps1 di komputer Anda.

   **Penafian**: Contoh skrip ini tidak didukung di bawah program atau layanan dukungan standar Microsoft apa pun. Contoh skrip ini disediakan AS IS tanpa jaminan apa pun.

   # Requires Windows PowerShell version 3
   
   <#
     Description:
   
       Configures IRM policy settings for OneDrive and can also be used for SharePoint libraries and lists
   
    Script Installation Requirements:
   
      SharePoint Client Components SDK
      https://www.microsoft.com/download/details.aspx?id=42038
   
      SharePoint Management Shell
      https://www.microsoft.com/download/details.aspx?id=35588
   
   ======
   #>
   
   # URL will be in the format https://<tenant-name>-admin.sharepoint.com
   $sharepointAdminCenterUrl = "https://contoso-admin.sharepoint.com"
   
   $tenantAdmin = "admin@contoso.com"
   
   $webUrls = @("https://contoso-my.sharepoint.com/personal/user1_contoso_com",
                "https://contoso-my.sharepoint.com/personal/user2_contoso_com",
                "https://contoso-my.sharepoint.com/personal/user3_contoso_com")
   
   <# As an alternative to specifying the URLs as an array, you can import them from a CSV file (no header, single value per row).
      Then, use: $webUrls = Get-Content -Path "File_path_and_name.csv"
   
   #>
   
   $listTitle = "Documents"
   
   function Load-SharePointOnlineClientComponentAssemblies
   {
       [cmdletbinding()]
       param()
   
       process
       {
           # assembly location: C:\Program Files\Common Files\microsoft shared\Web Server Extensions\16\ISAPI
           try
           {
               Write-Verbose "Loading Assembly: Microsoft.Office.Client.Policy, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
               [System.Reflection.Assembly]::Load("Microsoft.Office.Client.Policy, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null
   
               Write-Verbose "Loading Assembly: Microsoft.Office.Client.TranslationServices, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
               [System.Reflection.Assembly]::Load("Microsoft.Office.Client.TranslationServices, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null
   
               Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
               [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null
   
               Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client.DocumentManagement, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
               [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client.DocumentManagement, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null
   
               Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client.Publishing, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
               [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client.Publishing, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null
   
               Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client.Runtime, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
               [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client.Runtime, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null
   
               Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client.Search.Applications, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
               [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client.Search.Applications, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null
   
               Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client.Search, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
               [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client.Search, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null
   
               Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client.Taxonomy, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
               [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client.Taxonomy, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null
   
               Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client.UserProfiles, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
               [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client.UserProfiles, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null
   
               return $true
           }
           catch
           {
               if($_.Exception.Message -match "Could not load file or assembly")
               {
                   Write-Error -Message "Unable to load the SharePoint Server 2013 Client Components.`nDownload Location: https://www.microsoft.com/download/details.aspx?id=42038"
               }
               else
               {
                   Write-Error -Exception $_.Exception
               }
               return $false
           }
       }
   }
   
   function Load-SharePointOnlineModule
   {
       [cmdletbinding()]
       param()
   
       process
       {
           do
           {
               # Installation location: C:\Program Files\SharePoint Online Management Shell\Microsoft.Online.SharePoint.PowerShell
               $spoModule = Get-Module -Name Microsoft.Online.SharePoint.PowerShell -ErrorAction SilentlyContinue
   
               if(-not $spoModule)
               {
                   try
                   {
                       Import-Module Microsoft.Online.SharePoint.PowerShell -DisableNameChecking
                       return $true
                   }
                   catch
                   {
                       if($_.Exception.Message -match "Could not load file or assembly")
                       {
                           Write-Error -Message "Unable to load the SharePoint Online Management Shell.`nDownload Location: https://www.microsoft.com/download/details.aspx?id=35588"
                       }
                       else
                       {
                           Write-Error -Exception $_.Exception
                       }
                       return $false
                   }
               }
               else
               {
                   return $true
               }
           }
           while(-not $spoModule)
       }
   }
   
   function Set-IrmConfiguration
   {
       [cmdletbinding()]
       param(
           [parameter(Mandatory=$true)][Microsoft.SharePoint.Client.List]$List,
           [parameter(Mandatory=$true)][string]$PolicyTitle,
           [parameter(Mandatory=$true)][string]$PolicyDescription,
           [parameter(Mandatory=$false)][switch]$IrmReject,
           [parameter(Mandatory=$false)][DateTime]$ProtectionExpirationDate,
           [parameter(Mandatory=$false)][switch]$DisableDocumentBrowserView,
           [parameter(Mandatory=$false)][switch]$AllowPrint,
           [parameter(Mandatory=$false)][switch]$AllowScript,
           [parameter(Mandatory=$false)][switch]$AllowWriteCopy,
           [parameter(Mandatory=$false)][int]$DocumentAccessExpireDays,
           [parameter(Mandatory=$false)][int]$LicenseCacheExpireDays,
           [parameter(Mandatory=$false)][string]$GroupName
       )
   
       process
       {
           Write-Verbose "Applying IRM Configuration on '$($List.Title)'"
   
           # reset the value to the default settings
           $list.InformationRightsManagementSettings.Reset()
   
           $list.IrmEnabled = $true
   
           # IRM Policy title and description
   
               $list.InformationRightsManagementSettings.PolicyTitle       = $PolicyTitle
               $list.InformationRightsManagementSettings.PolicyDescription = $PolicyDescription
   
           # Set additional IRM library settings
   
               # Do not allow users to upload documents that do not support IRM
               $list.IrmReject = $IrmReject.IsPresent
   
               $parsedDate = Get-Date
               if([DateTime]::TryParse($ProtectionExpirationDate, [ref]$parsedDate))
               {
                   # Stop restricting access to the library at <date>
                   $list.IrmExpire = $true
                   $list.InformationRightsManagementSettings.DocumentLibraryProtectionExpireDate = $ProtectionExpirationDate
               }
   
               # Prevent opening documents in the browser for this Document Library
               $list.InformationRightsManagementSettings.DisableDocumentBrowserView = $DisableDocumentBrowserView.IsPresent
   
           # Configure document access rights
   
               # Allow viewers to print
               $list.InformationRightsManagementSettings.AllowPrint = $AllowPrint.IsPresent
   
               # Allow viewers to run script and screen reader to function on downloaded documents
               $list.InformationRightsManagementSettings.AllowScript = $AllowScript.IsPresent
   
               # Allow viewers to write on a copy of the downloaded document
               $list.InformationRightsManagementSettings.AllowWriteCopy = $AllowWriteCopy.IsPresent
   
               if($DocumentAccessExpireDays)
               {
                   # After download, document access rights will expire after these number of days (1-365)
                   $list.InformationRightsManagementSettings.EnableDocumentAccessExpire = $true
                   $list.InformationRightsManagementSettings.DocumentAccessExpireDays   = $DocumentAccessExpireDays
               }
   
           # Set group protection and credentials interval
   
               if($LicenseCacheExpireDays)
               {
                   # Users must verify their credentials using this interval (days)
                   $list.InformationRightsManagementSettings.EnableLicenseCacheExpire = $true
                   $list.InformationRightsManagementSettings.LicenseCacheExpireDays   = $LicenseCacheExpireDays
               }
   
               if($GroupName)
               {
                   # Allow group protection. Default group:
                   $list.InformationRightsManagementSettings.EnableGroupProtection = $true
                   $list.InformationRightsManagementSettings.GroupName             = $GroupName
               }
       }
       end
       {
           if($list)
           {
               Write-Verbose "Committing IRM configuration settings on '$($list.Title)'"
               $list.InformationRightsManagementSettings.Update()
               $list.Update()
               $script:clientContext.Load($list)
               $script:clientContext.ExecuteQuery()
           }
       }
   }
   
   function Get-CredentialFromCredentialCache
   {
       [cmdletbinding()]
       param([string]$CredentialName)
   
       #if( Test-Path variable:\global:CredentialCache )
       if( Get-Variable O365TenantAdminCredentialCache -Scope Global -ErrorAction SilentlyContinue )
       {
           if($global:O365TenantAdminCredentialCache.ContainsKey($CredentialName))
           {
               Write-Verbose "Credential Cache Hit: $CredentialName"
               return $global:O365TenantAdminCredentialCache[$CredentialName]
           }
       }
       Write-Verbose "Credential Cache Miss: $CredentialName"
       return $null
   }
   
   function Add-CredentialToCredentialCache
   {
       [cmdletbinding()]
       param([System.Management.Automation.PSCredential]$Credential)
   
       if(-not (Get-Variable CredentialCache -Scope Global -ErrorAction SilentlyContinue))
       {
           Write-Verbose "Initializing the Credential Cache"
           $global:O365TenantAdminCredentialCache = @{}
       }
   
       Write-Verbose "Adding Credential to the Credential Cache"
       $global:O365TenantAdminCredentialCache[$Credential.UserName] = $Credential
   }
   
   # load the required assemblies and Windows PowerShell modules
   
       if(-not ((Load-SharePointOnlineClientComponentAssemblies) -and (Load-SharePointOnlineModule)) ) { return }
   
   # Add the credentials to the client context and SharePoint service connection
   
       # check for cached credentials to use
       $o365TenantAdminCredential = Get-CredentialFromCredentialCache -CredentialName $tenantAdmin
   
       if(-not $o365TenantAdminCredential)
       {
           # when credentials are not cached, prompt for the tenant admin credentials
           $o365TenantAdminCredential = Get-Credential -UserName $tenantAdmin -Message "Enter the password for the Microsoft 365 admin"
   
           if(-not $o365TenantAdminCredential -or -not $o365TenantAdminCredential.UserName -or $o365TenantAdminCredential.Password.Length -eq 0 )
           {
               Write-Error -Message "Could not validate the supplied tenant admin credentials"
               return
           }
   
           # add the credentials to the cache
           Add-CredentialToCredentialCache -Credential $o365TenantAdminCredential
       }
   
   # connect to Office365 first, required for SharePoint cmdlets to run
   
       Connect-SPOService -Url $sharepointAdminCenterUrl -Credential $o365TenantAdminCredential
   
   # enumerate each of the specified site URLs
   
       foreach($webUrl in $webUrls)
       {
           $grantedSiteCollectionAdmin = $false
   
           try
           {
               # establish the client context and set the credentials to connect to the site
               $script:clientContext = New-Object Microsoft.SharePoint.Client.ClientContext($webUrl)
               $script:clientContext.Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($o365TenantAdminCredential.UserName, $o365TenantAdminCredential.Password)
   
               # initialize the site and web context
               $script:clientContext.Load($script:clientContext.Site)
               $script:clientContext.Load($script:clientContext.Web)
               $script:clientContext.ExecuteQuery()
   
               # load and ensure the tenant admin user account if present on the target SharePoint site
               $tenantAdminUser = $script:clientContext.Web.EnsureUser($o365TenantAdminCredential.UserName)
               $script:clientContext.Load($tenantAdminUser)
               $script:clientContext.ExecuteQuery()
   
               # check if the tenant admin is a site admin
               if( -not $tenantAdminUser.IsSiteAdmin )
               {
                   try
                   {
                       # grant the tenant admin temporary admin rights to the site collection
                       Set-SPOUser -Site $script:clientContext.Site.Url -LoginName $o365TenantAdminCredential.UserName -IsSiteCollectionAdmin $true | Out-Null
                       $grantedSiteCollectionAdmin = $true
                   }
                   catch
                   {
                       Write-Error $_.Exception
                       return
                   }
               }
   
               try
               {
                   # load the list orlibrary using CSOM
   
                   $list = $null
                   $list = $script:clientContext.Web.Lists.GetByTitle($listTitle)
                   $script:clientContext.Load($list)
                   $script:clientContext.ExecuteQuery()
   
                   # **************  ADMIN INSTRUCTIONS  **************
                   # If necessary, modify the following Set-IrmConfiguration parameters to match your required values
                   # The supplied options and values are for example only
                   # Example that shows the Set-IrmConfiguration command with all parameters: Set-IrmConfiguration -List $list -PolicyTitle "Protected Files" -PolicyDescription "This policy restricts access to authorized users" -IrmReject -ProtectionExpirationDate $(Get-Date).AddDays(180) -DisableDocumentBrowserView -AllowPrint -AllowScript -AllowWriteCopy -LicenseCacheExpireDays 25 -DocumentAccessExpireDays 90
   
                   Set-IrmConfiguration -List $list -PolicyTitle "Protected Files" -PolicyDescription "This policy restricts access to authorized users"  
               }
               catch
               {
                   Write-Error -Message "Error setting IRM configuration on site: $webUrl.`nError Details: $($_.Exception.ToString())"
               }
          }
          finally
          {
               if($grantedSiteCollectionAdmin)
               {
                   # remove the temporary admin rights to the site collection
                   Set-SPOUser -Site $script:clientContext.Site.Url -LoginName $o365TenantAdminCredential.UserName -IsSiteCollectionAdmin $false | Out-Null
               }
          }
       }
   
   Disconnect-SPOService -ErrorAction SilentlyContinue
   

4. Tinjau skrip dan buat perubahan berikut:

   1. Cari $sharepointAdminCenterUrl dan ganti nilai contoh dengan URL pusat admin SharePoint Anda sendiri.

      Anda akan menemukan nilai ini sebagai URL dasar saat masuk ke pusat admin SharePoint, dan memiliki format berikut: https://< tenant_name-admin.sharepoint.com>

      Misalnya, jika nama penyewa adalah "contoso", maka Anda akan menentukan: https://contoso-admin.sharepoint.com

   2. Cari $tenantAdmin dan ganti nilai contoh dengan akun administrator global Anda sendiri yang sepenuhnya memenuhi syarat untuk Microsoft 365.

      Nilai ini sama dengan yang Anda gunakan untuk masuk ke pusat admin Microsoft 365 sebagai administrator global dan memiliki format berikut: nama> domain user_name@<tenant.com

      Misalnya, jika nama pengguna administrator global Microsoft 365 adalah "admin" untuk domain penyewa "contoso.com", Anda akan menentukan: admin@contoso.com

   3. Cari $webUrls dan ganti nilai contoh dengan URL web OneDrive pengguna Anda, menambahkan atau menghapus entri sebanyak yang Anda butuhkan.

      Atau, lihat komentar dalam skrip tentang cara mengganti array ini dengan mengimpor . File CSV yang berisi semua URL yang perlu Anda konfigurasi. Kami telah menyediakan contoh skrip lain untuk mencari dan mengekstrak URL secara otomatis untuk mengisi ini. File CSV. Saat Anda siap untuk melakukan ini, gunakan Skrip tambahan untuk menghasilkan semua URL OneDrive ke . Bagian file CSV segera setelah langkah-langkah ini.

      URL web untuk OneDrive pengguna dalam format berikut: https://< nama-my.sharepoint.com/personal/<> user_name>_<tenant_com>

      Misalnya, jika pengguna di penyewa contoso memiliki nama pengguna "rsimone", Anda akan menentukan: https://contoso-my.sharepoint.com/personal/rsimone_contoso_com

   4. Karena kita menggunakan skrip untuk mengonfigurasi OneDrive, jangan ubah nilai Dokumen untuk variabel tersebut $listTitle .

   5. Cari ADMIN INSTRUCTIONS. Jika Anda tidak membuat perubahan pada bagian ini, OneDrive pengguna akan dikonfigurasi untuk IRM dengan judul kebijakan "File Terproteksi" dan deskripsi "Kebijakan ini membatasi akses ke pengguna yang berwenang". Tidak ada opsi IRM lain yang akan diatur, yang mungkin sesuai untuk sebagian besar lingkungan. Namun, Anda dapat mengubah judul dan deskripsi kebijakan yang disarankan, dan juga menambahkan opsi IRM lain yang sesuai untuk lingkungan Anda. Lihat contoh yang dikomentari dalam skrip untuk membantu Anda membuat sekumpulan parameter Anda sendiri untuk perintah Set-IrmConfiguration.

5. Simpan skrip dan tanda tangani. Jika Anda tidak menandatangani skrip (lebih aman), Windows PowerShell harus dikonfigurasi di komputer Anda untuk menjalankan skrip yang tidak ditandatangani. Untuk melakukan ini, jalankan sesi Windows PowerShell dengan opsi Jalankan sebagai Administrator , dan ketik: Set-ExecutionPolicy Unrestricted. Namun, konfigurasi ini memungkinkan semua skrip yang tidak ditandatangani berjalan (kurang aman).

   Untuk informasi selengkapnya tentang menandatangani skrip Windows PowerShell, lihat about_Signing di pustaka dokumentasi PowerShell.

6. Jalankan skrip dan jika diminta, berikan kata sandi untuk akun admin Microsoft 365. Jika Anda mengubah skrip dan menjalankannya di sesi Windows PowerShell yang sama, Anda tidak akan dimintai kredensial.

Tip

Anda juga bisa menggunakan skrip ini untuk mengonfigurasi IRM untuk pustaka SharePoint. Untuk konfigurasi ini, Anda mungkin ingin mengaktifkan opsi tambahan Jangan izinkan pengguna mengunggah dokumen yang tidak mendukung IRM, untuk memastikan bahwa pustaka hanya berisi dokumen yang dilindungi. Untuk melakukannya, tambahkan -IrmReject parameter ke perintah Set-IrmConfiguration dalam skrip.

Anda juga perlu memodifikasi $webUrls variabel (misalnya, https://contoso.sharepoint.com) dan $listTitle variabel (misalnya, $Reports).

Jika Anda perlu menonaktifkan IRM untuk pustaka OneDrive pengguna, lihat bagian Skrip untuk menonaktifkan IRM untuk OneDrive .

Skrip tambahan untuk menghasilkan semua URL OneDrive ke . File CSV

Untuk langkah 4c di atas, Anda dapat menggunakan skrip Windows PowerShell berikut untuk mengekstrak URL untuk pustaka OneDrive semua pengguna, yang kemudian dapat Anda periksa, edit jika perlu, lalu impor ke skrip utama.

Skrip ini juga memerlukan SDK Komponen Klien SharePoint dan SharePoint Management Shell. Ikuti instruksi yang sama untuk menyalin dan menempelkannya, simpan file secara lokal (misalnya, "Report-OneDriveForBusinessSiteInfo.ps1"), ubah $sharepointAdminCenterUrl nilai dan $tenantAdmin seperti sebelumnya, lalu jalankan skrip.

**Penafian**: Contoh skrip ini tidak didukung di bawah program atau layanan dukungan standar Microsoft apa pun. Contoh skrip ini disediakan AS IS tanpa jaminan apa pun.

# Requires Windows PowerShell version 3

<#
  Description:

    Queries the search service of a Microsoft 365 tenant to retrieve all OneDrive sites.  
    Details of the discovered sites are written to a .CSV file (by default,"OneDriveForBusinessSiteInfo_<date>.csv").

 Script Installation Requirements:

   SharePoint Client Components SDK
   https://www.microsoft.com/download/details.aspx?id=42038

   SharePoint Management Shell
   https://www.microsoft.com/download/details.aspx?id=35588

======
#>

# URL will be in the format https://<tenant-name>-admin.sharepoint.com
$sharepointAdminCenterUrl = "https://contoso-admin.sharepoint.com"

$tenantAdmin = "admin@contoso.onmicrosoft.com"                           

$reportName = "OneDriveForBusinessSiteInfo_$((Get-Date).ToString("yyyy-MM-dd_hh.mm.ss")).csv"

$oneDriveForBusinessSiteUrls= @()
$resultsProcessed = 0

function Load-SharePointOnlineClientComponentAssemblies
{
    [cmdletbinding()]
    param()

    process
    {
        # assembly location: C:\Program Files\Common Files\microsoft shared\Web Server Extensions\16\ISAPI
        try
        {
            Write-Verbose "Loading Assembly: Microsoft.Office.Client.Policy, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
            [System.Reflection.Assembly]::Load("Microsoft.Office.Client.Policy, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null

            Write-Verbose "Loading Assembly: Microsoft.Office.Client.TranslationServices, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
            [System.Reflection.Assembly]::Load("Microsoft.Office.Client.TranslationServices, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null

            Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
            [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null

            Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client.DocumentManagement, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
            [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client.DocumentManagement, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null

            Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client.Publishing, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
            [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client.Publishing, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null

            Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client.Runtime, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
            [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client.Runtime, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null

            Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client.Search.Applications, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
            [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client.Search.Applications, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null

            Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client.Search, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
            [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client.Search, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null

            Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client.Taxonomy, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
            [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client.Taxonomy, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null

            Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client.UserProfiles, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
            [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client.UserProfiles, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null

            return $true
        }
        catch
        {
            if($_.Exception.Message -match "Could not load file or assembly")
            {
                Write-Error -Message "Unable to load the SharePoint Server 2013 Client Components.`nDownload Location: https://www.microsoft.com/download/details.aspx?id=42038"
            }
            else
            {
                Write-Error -Exception $_.Exception
            }
            return $false
        }
    }
}

function Load-SharePointOnlineModule
{
    [cmdletbinding()]
    param()

    process
    {
        do
        {
            # Installation location: C:\Program Files\SharePoint Online Management Shell\Microsoft.Online.SharePoint.PowerShell
            $spoModule = Get-Module -Name Microsoft.Online.SharePoint.PowerShell -ErrorAction SilentlyContinue

            if(-not $spoModule)
            {
                try
                {
                    Import-Module Microsoft.Online.SharePoint.PowerShell -DisableNameChecking
                    return $true
                }
                catch
                {
                    if($_.Exception.Message -match "Could not load file or assembly")
                    {
                        Write-Error -Message "Unable to load the SharePoint Online Management Shell.`nDownload Location: https://www.microsoft.com/download/details.aspx?id=35588"
                    }
                    else
                    {
                        Write-Error -Exception $_.Exception
                    }
                    return $false
                }
            }
            else
            {
                return $true
            }
        }
        while(-not $spoModule)
    }
}

function Get-CredentialFromCredentialCache
{
    [cmdletbinding()]
    param([string]$CredentialName)

    #if( Test-Path variable:\global:CredentialCache )
    if( Get-Variable O365TenantAdminCredentialCache -Scope Global -ErrorAction SilentlyContinue )
    {
        if($global:O365TenantAdminCredentialCache.ContainsKey($CredentialName))
        {
            Write-Verbose "Credential Cache Hit: $CredentialName"
            return $global:O365TenantAdminCredentialCache[$CredentialName]
        }
    }
    Write-Verbose "Credential Cache Miss: $CredentialName"
    return $null
}

function Add-CredentialToCredentialCache
{
    [cmdletbinding()]
    param([System.Management.Automation.PSCredential]$Credential)

    if(-not (Get-Variable CredentialCache -Scope Global -ErrorAction SilentlyContinue))
    {
        Write-Verbose "Initializing the Credential Cache"
        $global:O365TenantAdminCredentialCache = @{}
    }

    Write-Verbose "Adding Credential to the Credential Cache"
    $global:O365TenantAdminCredentialCache[$Credential.UserName] = $Credential
}

# load the required assemblies and Windows PowerShell modules

    if(-not ((Load-SharePointOnlineClientComponentAssemblies) -and (Load-SharePointOnlineModule)) ) { return }

# Add the credentials to the client context and SharePoint service connection

    # check for cached credentials to use
    $o365TenantAdminCredential = Get-CredentialFromCredentialCache -CredentialName $tenantAdmin

    if(-not $o365TenantAdminCredential)
    {
        # when credentials are not cached, prompt for the tenant admin credentials
        $o365TenantAdminCredential = Get-Credential -UserName $tenantAdmin -Message "Enter the password for the Office 365 admin"

        if(-not $o365TenantAdminCredential -or -not $o365TenantAdminCredential.UserName -or $o365TenantAdminCredential.Password.Length -eq 0 )
        {
            Write-Error -Message "Could not validate the supplied tenant admin credentials"
            return
        }

        # add the credentials to the cache
        Add-CredentialToCredentialCache -Credential $o365TenantAdminCredential
    }

# establish the client context and set the credentials to connect to the site

    $clientContext = New-Object Microsoft.SharePoint.Client.ClientContext($sharepointAdminCenterUrl)
    $clientContext.Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($o365TenantAdminCredential.UserName, $o365TenantAdminCredential.Password)

# run a query against the Microsoft 365 tenant search service to retrieve all OneDrive URLs

    do
    {
        # build the query object
	    $query = New-Object Microsoft.SharePoint.Client.Search.Query.KeywordQuery($clientContext)
	    $query.TrimDuplicates        = $false
	    $query.RowLimit              = 500
	    $query.QueryText             = "SPSiteUrl:'/personal/' AND contentclass:STS_Site"
	    $query.StartRow              = $resultsProcessed
	    $query.TotalRowsExactMinimum = 500000

        # run the query
	    $searchExecutor = New-Object Microsoft.SharePoint.Client.Search.Query.SearchExecutor($clientContext)
	    $queryResults = $searchExecutor.ExecuteQuery($query)
	    $clientContext.ExecuteQuery()

        # enumerate the search results and store the site URLs
        $queryResults.Value[0].ResultRows | % {
            $oneDriveForBusinessSiteUrls += $_.Path
            $resultsProcessed++
        }
    }
    while($resultsProcessed -lt $queryResults.Value.TotalRows)

$oneDriveForBusinessSiteUrls | Out-File -FilePath $reportName

Skrip untuk menonaktifkan IRM untuk OneDrive

Gunakan contoh skrip berikut jika Anda perlu menonaktifkan IRM untuk OneDrive pengguna.

Skrip ini juga memerlukan SDK Komponen Klien SharePoint dan SharePoint Management Shell. Salin dan tempel konten, simpan file secara lokal (misalnya, "Disable-IRMOnOneDriveForBusiness.ps1"), dan ubah $sharepointAdminCenterUrl nilai dan $tenantAdmin . Tentukan URL OneDrive secara manual atau gunakan skrip di bagian sebelumnya sehingga Anda dapat mengimpornya, lalu menjalankan skrip.

**Penafian**: Contoh skrip ini tidak didukung di bawah program atau layanan dukungan standar Microsoft apa pun. Contoh skrip ini disediakan AS IS tanpa jaminan apa pun.

# Requires Windows PowerShell version 3

<#
  Description:

    Disables IRM for OneDrive and can also be used for SharePoint libraries and lists

 Script Installation Requirements:

   SharePoint Client Components SDK
   https://www.microsoft.com/download/details.aspx?id=42038

   SharePoint Management Shell
   https://www.microsoft.com/download/details.aspx?id=35588

======
#>

$sharepointAdminCenterUrl = "https://contoso-admin.sharepoint.com"

$tenantAdmin = "admin@contoso.com"

$webUrls = @("https://contoso-my.sharepoint.com/personal/user1_contoso_com",
             "https://contoso-my.sharepoint.com/personal/user2_contoso_com",
             "https://contoso-my.sharepoint.com/personal/person3_contoso_com")

<# As an alternative to specifying the URLs as an array, you can import them from a CSV file (no header, single value per row).
   Then, use: $webUrls = Get-Content -Path "File_path_and_name.csv"

#>

$listTitle = "Documents"

function Load-SharePointOnlineClientComponentAssemblies
{
    [cmdletbinding()]
    param()

    process
    {
        # assembly location: C:\Program Files\Common Files\microsoft shared\Web Server Extensions\16\ISAPI
        try
        {
            Write-Verbose "Loading Assembly: Microsoft.Office.Client.Policy, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
            [System.Reflection.Assembly]::Load("Microsoft.Office.Client.Policy, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null

            Write-Verbose "Loading Assembly: Microsoft.Office.Client.TranslationServices, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
            [System.Reflection.Assembly]::Load("Microsoft.Office.Client.TranslationServices, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null

            Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
            [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null

            Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client.DocumentManagement, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
            [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client.DocumentManagement, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null

            Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client.Publishing, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
            [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client.Publishing, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null

            Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client.Runtime, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
            [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client.Runtime, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null

            Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client.Search.Applications, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
            [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client.Search.Applications, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null

            Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client.Search, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
            [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client.Search, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null

            Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client.Taxonomy, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
            [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client.Taxonomy, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null

            Write-Verbose "Loading Assembly: Microsoft.SharePoint.Client.UserProfiles, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
            [System.Reflection.Assembly]::Load("Microsoft.SharePoint.Client.UserProfiles, Version=16.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") | Out-Null

            return $true
        }
        catch
        {
            if($_.Exception.Message -match "Could not load file or assembly")
            {
                Write-Error -Message "Unable to load the SharePoint Server 2013 Client Components.`nDownload Location: https://www.microsoft.com/download/details.aspx?id=42038"
            }
            else
            {
                Write-Error -Exception $_.Exception
            }
            return $false
        }
    }
}

function Load-SharePointOnlineModule
{
    [cmdletbinding()]
    param()

    process
    {
        do
        {
            # Installation location: C:\Program Files\SharePoint Online Management Shell\Microsoft.Online.SharePoint.PowerShell
            $spoModule = Get-Module -Name Microsoft.Online.SharePoint.PowerShell -ErrorAction SilentlyContinue

            if(-not $spoModule)
            {
                try
                {
                    Import-Module Microsoft.Online.SharePoint.PowerShell -DisableNameChecking
                    return $true
                }
                catch
                {
                    if($_.Exception.Message -match "Could not load file or assembly")
                    {
                        Write-Error -Message "Unable to load the SharePoint Online Management Shell.`nDownload Location: https://www.microsoft.com/download/details.aspx?id=35588"
                    }
                    else
                    {
                        Write-Error -Exception $_.Exception
                    }
                    return $false
                }
            }
            else
            {
                return $true
            }
        }
        while(-not $spoModule)
    }
}

function Remove-IrmConfiguration
{
    [cmdletbinding()]
    param(
        [parameter(Mandatory=$true)][Microsoft.SharePoint.Client.List]$List
    )

    process
    {
        Write-Verbose "Disabling IRM Configuration on '$($List.Title)'"

        $List.IrmEnabled = $false
        $List.IrmExpire  = $false
        $List.IrmReject  = $false
        $List.InformationRightsManagementSettings.Reset()
    }
    end
    {
        if($List)
        {
            Write-Verbose "Committing IRM configuration settings on '$($list.Title)'"
            $list.InformationRightsManagementSettings.Update()
            $list.Update()
            $script:clientContext.Load($list)
            $script:clientContext.ExecuteQuery()
        }
    }
}

function Get-CredentialFromCredentialCache
{
    [cmdletbinding()]
    param([string]$CredentialName)

    #if( Test-Path variable:\global:CredentialCache )
    if( Get-Variable O365TenantAdminCredentialCache -Scope Global -ErrorAction SilentlyContinue )
    {
        if($global:O365TenantAdminCredentialCache.ContainsKey($CredentialName))
        {
            Write-Verbose "Credential Cache Hit: $CredentialName"
            return $global:O365TenantAdminCredentialCache[$CredentialName]
        }
    }
    Write-Verbose "Credential Cache Miss: $CredentialName"
    return $null
}

function Add-CredentialToCredentialCache
{
    [cmdletbinding()]
    param([System.Management.Automation.PSCredential]$Credential)

    if(-not (Get-Variable CredentialCache -Scope Global -ErrorAction SilentlyContinue))
    {
        Write-Verbose "Initializing the Credential Cache"
        $global:O365TenantAdminCredentialCache = @{}
    }

    Write-Verbose "Adding Credential to the Credential Cache"
    $global:O365TenantAdminCredentialCache[$Credential.UserName] = $Credential
}

# load the required assemblies and Windows PowerShell modules

    if(-not ((Load-SharePointOnlineClientComponentAssemblies) -and (Load-SharePointOnlineModule)) ) { return }

# Add the credentials to the client context and SharePoint service connection

    # check for cached credentials to use
    $o365TenantAdminCredential = Get-CredentialFromCredentialCache -CredentialName $tenantAdmin

    if(-not $o365TenantAdminCredential)
    {
        # when credentials are not cached, prompt for the tenant admin credentials
        $o365TenantAdminCredential = Get-Credential -UserName $tenantAdmin -Message "Enter the password for the Office 365 admin"

        if(-not $o365TenantAdminCredential -or -not $o365TenantAdminCredential.UserName -or $o365TenantAdminCredential.Password.Length -eq 0 )
        {
            Write-Error -Message "Could not validate the supplied tenant admin credentials"
            return
        }

        # add the credentials to the cache
        Add-CredentialToCredentialCache -Credential $o365TenantAdminCredential
    }

# connect to Office365 first, required for SharePoint cmdlets to run

    Connect-SPOService -Url $sharepointAdminCenterUrl -Credential $o365TenantAdminCredential

# enumerate each of the specified site URLs

    foreach($webUrl in $webUrls)
    {
        $grantedSiteCollectionAdmin = $false

        try
        {
            # establish the client context and set the credentials to connect to the site
            $script:clientContext = New-Object Microsoft.SharePoint.Client.ClientContext($webUrl)
            $script:clientContext.Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($o365TenantAdminCredential.UserName, $o365TenantAdminCredential.Password)

            # initialize the site and web context
            $script:clientContext.Load($script:clientContext.Site)
            $script:clientContext.Load($script:clientContext.Web)
            $script:clientContext.ExecuteQuery()

            # load and ensure the tenant admin user account if present on the target SharePoint site
            $tenantAdminUser = $script:clientContext.Web.EnsureUser($o365TenantAdminCredential.UserName)
            $script:clientContext.Load($tenantAdminUser)
            $script:clientContext.ExecuteQuery()

            # check if the tenant admin is a site admin
            if( -not $tenantAdminUser.IsSiteAdmin )
            {
                try
                {
                    # grant the tenant admin temporary admin rights to the site collection
                    Set-SPOUser -Site $script:clientContext.Site.Url -LoginName $o365TenantAdminCredential.UserName -IsSiteCollectionAdmin $true | Out-Null
                    $grantedSiteCollectionAdmin = $true
                }
                catch
                {
                    Write-Error $_.Exception
                    return
                }
            }

            try
            {
                # load the list orlibrary using CSOM

                $list = $null
                $list = $script:clientContext.Web.Lists.GetByTitle($listTitle)
                $script:clientContext.Load($list)
                $script:clientContext.ExecuteQuery()

               Remove-IrmConfiguration -List $list
            }
            catch
            {
                Write-Error -Message "Error setting IRM configuration on site: $webUrl.`nError Details: $($_.Exception.ToString())"
            }
       }
       finally
       {
            if($grantedSiteCollectionAdmin)
            {
                # remove the temporary admin rights to the site collection
                Set-SPOUser -Site $script:clientContext.Site.Url -LoginName $o365TenantAdminCredential.UserName -IsSiteCollectionAdmin $false | Out-Null
            }
       }
    }

Disconnect-SPOService -ErrorAction SilentlyContinue