It's a recommended way to do a planned rollout of the RMS functionality in an organization. For this reason, Microsoft has implemented the on boarding controls feature.
You can check the default configuration with the following command: Get-AadrmOnboardingControlPolicy
on an elevated PowerShell after you have established a connection to the Azure RMS service with the Connect-AadrmService
command.
You should see a result like the following if you didn't touch it before:
To enable the onboarding controls, you can use the following command:
Set-AadrmOnboardingControlPolicy
Note
Practical note
You can run this command before or after you activate Azure RMS. But you must have at least version 2.1.0.0 of the Azure RMS Windows PowerShell module installed.
To check the version of your installed PowerShell module, you can run(Get-Module aadrm -ListAvailable).Version
:
Let's start with the example that you only want to allow a specific group to be able to protect content...