Refresh OWA Templates using PowerShell RRS feed

  • Question

  • Hi Forum

    I have configured Azure RMS, created a template and published this to a group.

    I logged into O365 Exchange Online and created a new Mail and could see the permissions tab there, but no permissions.

    It is my understanding that I either wait 5 days for this to go through itself or I can force this with PowerShell.

    So I ran through this:

    Step 1: Connect to Exchange Online using remote PowerShell - http://technet.microsoft.com/en-us/library/jj984289(v=exchg.150).aspx

    Launch Windows PowerShell from a Windows 7, 8 or 8.1 with .NET Framework 4.5 or higher and Windows Framework 3.0 or higher

    Run the following command:$UserCredential = Get-Credential

    Type your Exchange Online user name and password, and then click OK

    Run the following command:$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection

     Run the following command: Import-PSSession $Session


    However, when I get to this part, the commands are not recognised. How can I import these commands to get this working?

    Step 2: Updates Templates for Exchange Online - http://technet.microsoft.com/en-us/library/dn642472.aspx

    Using Windows PowerShell in Exchange Online from Step 1

    Run the following command: Import-RMSTrustedPublishingDomain -Name "RMS Online - 1" -RefreshTemplates –RMSOnline

    To confirm that the templates have imported successfully, wait a few minutes

    Run the following command: Get-RMSTemplate


    Note: I used the default TPD Name"RMS Online - 1".  To verify your TPD name, you can run the following command Get-RMSTrustedPublishingDomain

    Thanks in advance


    Wednesday, June 24, 2015 2:37 PM

All replies

  • Maybe I am wrong, this is Office 365. I will have another look over the config.

    Application or service

    How templates are refreshed after changes

    Exchange Online

    Manual configuration required to refresh templates.

    For the configuration steps, see the following section, Exchange Online only: How to configure Exchange to download changed custom templates.

    Office 365

    Automatically refreshed – no additional steps required.

    Office 2013

    RMS sharing application for Windows

    Automatically refreshed – on a schedule, every 7 days.

    To force a refresh sooner than this schedule, see the following section, Office 2013 and RMS sharing application for Windows: How to force a refresh for a changed custom template.

    Office 2010

    Refreshed when users log on.

    To force a refresh, ask or force users to log off and log back on again. Or, see the following section, Office 2010 only: How to force a refresh for a changed custom template.

    Wednesday, June 24, 2015 2:42 PM
  • That looks correct.
    What errors are you actually getting?

    Try adding this after Import-PSSSession $Session:

    Set-IRMConfiguration –RMSOnlineKeySharingLocation "https://sp-rms.na.aadrm.com/TenantManagement/ServicePartner.svc"

    Tuesday, June 30, 2015 6:17 PM
  • Hi Eddie

    I am running a few scenarios for an EMS environment I have setup.

    The initial test is a cloud only user (licensed) with Azure RMS setup with one test template.

    The test template shows up in Office 365 pro plus on the desktop, but it does not show up in the Office 365 portal.

    I get this:

    So 365 seems to recognise I have this configured, but it has not found the template.

    I have left this a week, I have tried creating new templates. But the fact it shows up in the Office 365 pro plus desktop version and not online is worrying.

    Any advice?




    I have tried different browsers.

    • Edited by Naked Nuts Wednesday, July 1, 2015 8:47 AM
    Wednesday, July 1, 2015 8:42 AM
  • The Exchange Online service has it's own RMS component that must be configured via those steps before it will show anything. Here are the typical steps all in one list:

    1. Connect to your Exchange Online account by using Windows PowerShell

    Login with this command:

    $cred = Get-Credential

    2. Begin configuration of Exchange Online:

    ( If you haven't previously run Windows PowerShell remote commands for Exchange
    Online, run the following command: set-executionpolicy remotesigned )

    $Session = New-PSSession -ConfigurationName
    Microsoft.Exchange -ConnectionUri
    https://ps.outlook.com/powershell/ -Credential $cred -Authentication Basic –AllowRedirection

    Import-PSSession $Session

    3. Run the following commands to enable Rights Management within Exchange Online:

    Set-IRMConfiguration –RMSOnlineKeySharingLocation "https://sp-rms.na.aadrm.com/TenantManagement/ServicePartner.svc"

    Import-RMSTrustedPublishingDomain -RMSOnline -name "RMS
    Online - 1"

    Set-IRMConfiguration -InternalLicensingEnabled $true

    For regions outside North America, substitute .NA.
    with .EU. for the European Union, and .AP. for Asia

    e.g.: https://sp-rms.eu.aadrm.com/TenantManagement/ServicePartner.svc

    e.g.: https://sp-rms.ap.aadrm.com/TenantManagement/ServicePartner.svc

    4. Optionally test the configuration by running the following command:

    Test-IRMConfiguration -RMSOnline

    -sender user@company.onmicrosoft.com

    Any time you change templates you must run the following to keep Exchange templates in sync:

    Import-RMSTrustedPublishingDomain -Name "RMS Online -
    1" -RefreshTemplates –RMSOnline

    Wednesday, July 1, 2015 5:00 PM
  • Hi Eddie

    Thanks for the response and sorry for the delay. I now have a second tenant I am running this with and still the same issue.

    I ran through the commands as stated above and got the Overall PASS on the adding of the templates and the refresh. But the changes do not seem to have been reflected when I open the Office 365 OWA.

    I also tried disabling the ClientServerAccess after reading the below, which did not help.

    Run the following commands to disable IRM templates from being available in OWA and Outlook and then enable IRM for your cloud-based email organization to use IRM for Office 365 Message Encryption:

    • To disable IRM templates in OWA and Outlook:

      Set-IRMConfiguration - ClientAccessServerEnabled $false

    Source: https://technet.microsoft.com/en-us/library/dn569291.aspx

    Can you help with this. It seems to be a bit problematic.

    Thanks again


    Wednesday, July 15, 2015 1:58 PM
  • Sorry you're still having problems with this.  I wrote out end-to-end instructions here (expand the Exchange Online: IRM Configuration section), which match Eddie's instructions and worked for me when I ran them on a new tenant (the templates showed up in OWA the following day).  Because you want users to see/use templates, you shouldn't be running the command Set-IRMConfiguration - ClientAccessServerEnabled $false

    If you have run this command, which disables the templates, I think you can just run it again with $true to reverse the setting.

    Let's see what Eddie suggests to troubleshoot this.  If we're missing something, I would love to know what it is.

    Wednesday, July 15, 2015 5:18 PM
  • Thanks Carol.

    Yes I set the -ClientAccessServer back to normal straight after as it didnt seem to help (I ran the Get- before to see the current settings). I will have a look over your documentation and see if I get any luck with this.

    Thanks again


    EDIT - I had already read this technet article previously.

    • Edited by Naked Nuts Thursday, July 16, 2015 8:13 AM
    Thursday, July 16, 2015 8:11 AM
  • Just to confirm.  Is the ClientServerAccess set to True or False right now.
    Setting it to False should give you the behavior you are seeing (which you don't want).
    Saturday, August 1, 2015 12:04 AM
  • Don't post the data that comes from this, but this is PowerShell script I put together to gather the AADRM and Exchange Online configuration to check if there is any obvious problems:

    $Cred = Get-Credential

    $Logfile = "c:\aadrm_data\azure_config.txt"

    Function LogWrite
    Param ([string]$logstring)
    Add-content $Logfile -value $logstring

    if (!(Test-Path -path C:\aadrm_data\))
     New-Item C:\aadrm_data\ -type directory

    connect-msolservice -credential $cred
    connect-AadrmService -credential $cred

    LogWrite "---MsolDomain-----------------------------"
    Get-MsolDomain >$LogFile
    LogWrite  ""
    LogWrite  ""

    LogWrite "---MsolSubscription-----------------------"
    Get-MsolSubscription >>$LogFile
    LogWrite  ""
    LogWrite  ""

    LogWrite "---MsolRole-------------------------------"
    Get-MsolRole >>$LogFile
    LogWrite  ""
    LogWrite  ""

    LogWrite "---MsolCompanyInformation-----------------"
    Get-MsolCompanyInformation >>$LogFile
    LogWrite  ""
    LogWrite  ""

    LogWrite "---AadrmConfiguration---------------------"
    Get-AadrmConfiguration >>$LogFile
    LogWrite  ""
    LogWrite  ""

    LogWrite "---AadrmOnboardingControlPolicy---------------------"
    Get-AadrmOnboardingControlPolicy >>$LogFile
    LogWrite  ""
    LogWrite  ""

    LogWrite "---AadrmTemplates-------------------------"
    Get-AadrmTemplate >>$LogFile
    LogWrite  ""
    LogWrite  ""

    LogWrite "---Super Users-----------------"
    Get-AadrmSuperUserFeature >>$LogFile
    LogWrite  ""
    Get–AadrmSuperUser >>$LogFile
    LogWrite  ""
    LogWrite  ""

    $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $cred -Authentication Basic –AllowRedirection
    Import-PSSession $Session

    LogWrite "---ExchangeRMS Config-----------------------------"
    Get-IRMConfiguration >>$LogFile
    LogWrite  ""
    LogWrite  ""

    LogWrite "---ExchangeRMS Test-----------------------------"
    Test-IRMConfiguration -RMSOnline >>$LogFile
    LogWrite  ""
    LogWrite  ""

    LogWrite "---ExchangeTemplates-----------------------"
    Get-RMSTemplate >>$LogFile
    LogWrite  ""
    LogWrite  ""

    LogWrite "---ExchangeTPD-----------------------------"
    Get-RMSTrustedPublishingDomain >>$LogFile
    LogWrite  ""
    LogWrite  ""

    $a = Get-Date
    $b = Get-Date

    Get-AadrmAdminLog -Path "C:\aadrm_data\AdminLog.log" -FromTime $a -ToTime $b

    Saturday, August 1, 2015 12:07 AM