Microsoft Deprecates the AADRM (Rights Management) PowerShell Module

Use the AIPService Module Instead

On July 31, Microsoft announced the deprecation of the AADRM PowerShell module and its replacement by the AipService module. AADRM stands for “Azure Active Directory Rights Management” while AIP is the Azure Information Protection service. The two modules connect to the same back-end service to manage the configuration of the protection service, including the rights management templates to protect content inside and outside Office 365, including Office 365 sensitivity labels configured to protect documents and email with encryption. Protection templates can also be applied by Exchange Online mail flow rules to protect selected messages as they pass through the transport pipeline.

File-Level Cmdlets Unaffected

The set of cmdlets in the AzureInformationProtection module used to apply (or remove) protection to files (outside Office 365) are unaffected. These cmdlets are available when you install the Azure Information Protection client on a workstation. Either version of the client (classic or unified labeling) installs the cmdlets. In passing, a recent Microsoft blog post explains the current state of the transition to the unified labeling client.

One example of using these cmdlets is to decrypt protected documents found in an GDPR Data Subject Request search (DSR). A DSR is a special form of Office 365 content search that returns all the information about an individual held within Office 365 repositories.

Script Updates Needed

The deprecation takes effect on July 2020. Before then, you should review any scripts with calls to the AADRM cmdlets and replace them with the equivalents in the AIP module. Microsoft supports aliases for the AADRM cmdlets in the new module, but it’s best to replace the cmdlet names as you don’t know for how long Microsoft will continue support for the aliases. Fortunately, editing to update scripts s is simple as it’s a matter of replacing the module prefix with the new name. For example:

Old module: Get-AadrmSuperUser
New module: Get-AipServiceSuperUser

Naturally, you should test scripts thoroughly after updating the cmdlets to make sure that they still work as expected.

A listing of the cmdlets in the AipService module is available online.

For more information about Azure Information Protection, including using PowerShell to manage the service and files, read Chapter 24 of the Office 365 for IT Pros eBook.


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.