Set-AadrmOnboardingControlPolicy Not working as expected RRS feed

  • Question

  • We are E3 with exchange hybrid but all mailbox on exchange online, Active Directory on prem in Sync with Azure with AD-Connect /ADFS for SSO.

    Office client is office 365 /2016. Azure RMS enabled at tenant. Only default templates, no custom template deployed. We found users started encrypting word documents and in outlook started using "Do not Forward" option. We are not ready for this service yet. So as per


    We deployed

    Set-AadrmOnboardingControlPolicy -UseRmsUserLicense $True -SecurityGroupObjectId 'XXXXXXXxXXXXXXXXxxXXXXXXX' -Scope All.

    We see no difference on the client side, Protect document option in Word and do not forward in outlook still available for users who are not member of the security group used in above command. Microsoft support engineer had confirmed that by deploying this on boarding control, users outside group will not have Do not forward and document protection feature available. Any idea why it is not working, how can we troubleshoot? when it works, will it disable "do not forward" feature in OWA  also? I understand that sharePOint has separate setting to disable and outside the scope of this on boarding control policy. But why it is not working??




    Wednesday, August 30, 2017 9:21 PM

All replies

  • Is this still a problem?  I'm wondering if it has anything to do with the version of MSIPC.dll (the RMS client) on the computer.  If it's still a problem, try installing the latest (GA) version of the Azure Information Protection client, which includes version 1.0.3219.0619 of the RMS client.

    For OWA, you'll need to configure this with PowerShell.  For example, use the Set-OWAMailboxPolicy cmdlet and set the IRMEnabled parameter to $false.

    Thursday, October 19, 2017 8:55 PM