Office 365 - Automating the Configuration of Information Rights Management (IRM) using CSOM

Yet another post about Office 365 and PowerShell - I'm sure I'll run out of topics soon!

One of my colleagues reached out to me as he needed help automating the configuration of IRM across multiple libraries that were spread amongst a number of Site Collections. To make use of IRM in SharePoint Online it needs to be enabled first within the tenant, details on how to do this can be found here.

Once it has been enabled, each Document Library will have this additional setting available within Permissions and Management.

This provides the ability to create a policy for the Document Library, further details on the various policy settings can be found here.

The script below binds to a specific Site Collection and Document Library, enables IRM and then Configures a Policy. Simply update the highlighted values and execute, the actual policy itself requires one policy setting configured (in addition to Title) in order for it to be applied - which kind of makes sense, who would want a policy with no settings?

For example you could simply have this one line within the Configure the Policy Settings section of the script:

$List.InformationRightsManagementSettings.AllowPrint = $false

The Script

#Add references to SharePoint client assemblies and authenticate to Office 365 site
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.Runtime.dll"
$Username = Read-Host -Prompt "Please enter your username"
$Password = Read-Host -Prompt "Please enter your password" -AsSecureString
$Site = "Site URL"
$Context = New-Object Microsoft.SharePoint.Client.ClientContext($Site)
$Creds = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Username,$Password)
$Context.Credentials = $Creds

#Retrieve lists
$Lists = $Context.Web.Lists
$Context.Load($Lists)
$Context.ExecuteQuery()

#Bind to list "documents"
$List = $Lists.GetByTitle("Documents")
$Context.Load($List)
$Context.ExecuteQuery()

#Enable IRM
$List.IrmEnabled = $true

#Give the Policy a Name and Description
$List.InformationRightsManagementSettings.PolicyDescription = #Policy Description
$List.InformationRightsManagementSettings.PolicyTitle = #Policy Name

#Configure the Policy Settings
$List.InformationRightsManagementSettings.AllowPrint = #$true or $false
$List.InformationRightsManagementSettings.AllowScript = #$true or $false
$List.InformationRightsManagementSettings.AllowWriteCopy = #$true or $false
$List.InformationRightsManagementSettings.DisableDocumentBrowserView = #$true or $false
$List.InformationRightsManagementSettings.DocumentLibraryProtectionExpireDate = #Date
$List.InformationRightsManagementSettings.DocumentAccessExpireDays = #Number of days
$List.InformationRightsManagementSettings.EnableDocumentAccessExpire = #$true or $false
$List.InformationRightsManagementSettings.EnableDocumentBrowserPublishingView = #$true or $false
$List.InformationRightsManagementSettings.EnableGroupProtection = #$true or $false
$List.InformationRightsManagementSettings.EnableLicenseCacheExpire #$true or $false
$List.InformationRightsManagementSettings.LicenseCacheExpireDays = #Number of days
$List.InformationRightsManagementSettings.GroupName = #Name of group
$List.Update()
$Context.ExecuteQuery()

#Output Current Settings
$List.InformationRightsManagementSettings

In the specific example I was helping my colleague with, we wrapped this into a ForEach loop that took a list of OneDrive for Business sites as input and set a specific policy on the "Document" Document Library within each.

Brendan Griffin - @brendankarl