How To Create Azure Rights Management Template for Users Across Organizations

Azure Rights Management, enables implicit trust between organizations and users in any organization. This means that protected content can be shared between users within the same organization or across organizations when users have Microsoft Office 365, or Azure Rights Management, or users sign up for RMS for individuals. There is a default Do Not Forward template that can be used across organizations.  The Do Not Forward Template allows recipients to read the message, but cannot Forward, Print or Copy content. For additional settings and templates to use across organication, you must create a new Rights Management Template using PowerShell.

I will detail the steps in this blog to show how to create an Azure Rights Management Template for Users Across an Organization.


Step 1: Connect to Azure Rights Management using Windows PowerShell

Run the following command: $AdminCredentials = Get-Credential

Type your Azure user name and password, and then click OK

Run the following command: Connect-AadrmService -Credential $AdminCredentials


Step 2: Create Azure Rights Management Template

Run the following commands to create a Template for Marketing where only has View and Export rights and the Marketing Department has Co-Author rights:

Specify Name and Local Variable: $names = @{}

Specify Name and Local: $names[1033] = "Company123 - External Company Confidential"

Specify Description Variable: $descriptions = @{}

Specify Description: $descriptions[1033] = "This content is confidential and should only be Viewed by Joe at Company 123"

Specify Rights for Joe at Company 123: $r1 = New-AadrmRightsDefinition –EmailAddress -Rights "VIEW","EXPORT"

Specify Rights for Marketing Department: $r2 = New-AadrmRightsDefinition –EmailAddress -Rights "Co-Author"

Create and Publish Template: Add-AadrmTemplate -Names $names –Descriptions $Descriptions -RightsDefinitions $r1, $r2 -Status Published



Step 3: Connect to Exchange Online using remote PowerShell

Launch Windows PowerShell from a Windows 7, 8 or 8.1 with .NET Framework 4.5 or higher and Windows Framework 3.0 or higher

Run the following command: $UserCredential = Get-Credential

Type your Exchange Online user name and password, and then click OK

Run the following command: $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri -Credential $UserCredential -Authentication Basic -AllowRedirection

 Run the following command: Import-PSSession $Session 

Step 4: Updates Templates for Exchange Online

Using Windows PowerShell in Exchange Online from Step 3

Run the following command: Import-RMSTrustedPublishingDomain -Name "RMS Online - 1" -RefreshTemplates –RMSOnline

To confirm that the templates have imported successfully, wait a few minutes

Run the following command: Get-RMSTemplate

Note: I used the default TPD Name "RMS Online - 1".  To verify your TPD name, you can run the following command Get-RMSTrustedPublishingDomain



MSDN Links:

Azure Rights Management Cmdlets -

Connect-AadrmService -

Add-AadrmTemplate -



Skip to main content