< Back
Set-AadrmSuperUserGroup
Post
NAME Set-AadrmSuperUserGroup
SYNOPSIS
Sets the super user group for Rights Management.
SYNTAX
Set-AadrmSuperUserGroup -GroupEmailAddress <String> [<CommonParameters>]
DESCRIPTION
The Set-AadrmSuperUserGroup cmdlet specifies a group to use as the super user group for your Azure Rights
Management service. Members of this group are then super users, which means they become a Rights Management owner
for all content that is protected by your organization. These super users can decrypt this protected content and
remove protection from it, even if an expiration date has been set and expired. Typically, this level of access is
required for legal eDiscovery and by auditing teams.
You can specify any group that has an email address, but be aware that for performance reasons, group membership
is cached. For information about group requirements, see Preparing users and groups for Azure Information
Protection (https://docs.microsoft.com/information- ... gn/prepare).
If a super user group already exists, running this cmdlet overwrites it. This cmdlet does not affect users that
are individually assigned as super users with the Add-AadrmSuperUser cmdlet.
An organization can have only one super user group in addition to multiple users who are assigned the privilege
individually, but you can nest groups.
You must use PowerShell to configure super users; you cannot do this configuration by using a management portal.
For more information about super users, see Configuring super users for Azure Rights Management and discovery
services or data recovery (https://docs.microsoft.com/information- ... uper-users).
PARAMETERS
-GroupEmailAddress <String>
Specifies the group email address for the super user group. GroupEmailAddress can specify a group that
contains individual users or other nested groups. It must be a valid group email address for an existing group
in the organization.
Required? true
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (https:/go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
System.String
OUTPUTS
NOTES
------------- Example 1: Set the super user group -------------
PS C:\\>Set-AadrmSuperUserGroup -GroupEmailAddress "SuperUserGroup@contoso.com"
This command sets the super user group for the organization to SuperUserGroup@contoso.com.
RELATED LINKS
Online Version: http://go.microsoft.com/fwlink/?LinkId=722838
Add-AadrmSuperUser
Clear-AadrmSuperUserGroup
Get-AadrmSuperUserGroup
SYNOPSIS
Sets the super user group for Rights Management.
SYNTAX
Set-AadrmSuperUserGroup -GroupEmailAddress <String> [<CommonParameters>]
DESCRIPTION
The Set-AadrmSuperUserGroup cmdlet specifies a group to use as the super user group for your Azure Rights
Management service. Members of this group are then super users, which means they become a Rights Management owner
for all content that is protected by your organization. These super users can decrypt this protected content and
remove protection from it, even if an expiration date has been set and expired. Typically, this level of access is
required for legal eDiscovery and by auditing teams.
You can specify any group that has an email address, but be aware that for performance reasons, group membership
is cached. For information about group requirements, see Preparing users and groups for Azure Information
Protection (https://docs.microsoft.com/information- ... gn/prepare).
If a super user group already exists, running this cmdlet overwrites it. This cmdlet does not affect users that
are individually assigned as super users with the Add-AadrmSuperUser cmdlet.
An organization can have only one super user group in addition to multiple users who are assigned the privilege
individually, but you can nest groups.
You must use PowerShell to configure super users; you cannot do this configuration by using a management portal.
For more information about super users, see Configuring super users for Azure Rights Management and discovery
services or data recovery (https://docs.microsoft.com/information- ... uper-users).
PARAMETERS
-GroupEmailAddress <String>
Specifies the group email address for the super user group. GroupEmailAddress can specify a group that
contains individual users or other nested groups. It must be a valid group email address for an existing group
in the organization.
Required? true
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (https:/go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
System.String
OUTPUTS
NOTES
------------- Example 1: Set the super user group -------------
PS C:\\>Set-AadrmSuperUserGroup -GroupEmailAddress "SuperUserGroup@contoso.com"
This command sets the super user group for the organization to SuperUserGroup@contoso.com.
RELATED LINKS
Online Version: http://go.microsoft.com/fwlink/?LinkId=722838
Add-AadrmSuperUser
Clear-AadrmSuperUserGroup
Get-AadrmSuperUserGroup