Share via

Script to locate IRM enabled Library within SharePoint sites

jpcapone 1,536 Reputation points
2024-11-20T17:50:38.0666667+00:00

I have found that IRM is enabled at the tenant level for SharePoint sites. Is there a script that can be used to determine which sites/libraries/documents have IRM enabled? The other script posted here calls for loading SharePoint CSOM Assemblies. Not sure how to do that.

SharePoint
SharePoint
A group of Microsoft Products and technologies used for sharing and managing content, knowledge, and applications.
10,902 questions
Not Monitored
Not Monitored
Tag not monitored by Microsoft.
39,962 questions
Accepted answer
  1. Yanli Jiang - MSFT 27,241 Reputation points Microsoft Vendor
    2024-11-22T02:26:50.91+00:00

    Hi @jpcapone ,

    I Got you.

    My test environment also has MFA enabled. You can try my steps:

    1. Run PowerShell 7.x as an administrator.
    2. Register an App for PnP PowerShell and get the Client Id:
    Register-PnPEntraIDAppForInteractiveLogin -ApplicationName "PnP PowerShell" -SharePointDelegatePermissions "AllSites.FullControl" -Tenant domain.onmicrosoft.com -Interactive

    For more details, please see:

    https://www.sharepointdiary.com/2021/02/how-to-install-pnp-powershell-module-for-sharepoint-online.html#step-3-register-a-new-azure-ad-application-and-grant-access-to-the-tenant

    Non-official, just for reference.

    1. Use the Client Id to connect to SharePoint Online:
    # Parameter
$TenantAdminUrl = "https://domain-admin.sharepoint.com"
$ClientID = "clientidstring"

# Connect to Admin Center
Connect-PnPOnline -Url $TenantAdminUrl -Interactive -ClientId $ClientID

#Get All Site collections - Exclude: Seach Center, Redirect site, Mysite Host, App Catalog, Content Type Hub, eDiscovery and Bot Sites
$SiteCollections = Get-PnPTenantSite | Where -Property Template -NotIn ("SRCHCEN#0", "REDIRECTSITE#0", "SPSMSITEHOST#0", "APPCATALOG#0", "POINTPUBLISHINGHUB#0", "EDISC#0", "STS#-1")
    
#Loop through each site collection
ForEach($Site in $SiteCollections)
{
	# Connect to SharePoint
	Connect-PnPOnline -Url $Site.URL -Interactive -ClientId $ClientID   

	# Get all document libraries and lists
	$lists = Get-PnPList

	# Check IRM settings
	foreach ($list in $lists) {
    		if ($list.IrmEnabled) {
        	Write-Host "IRM is enabled in $($Site.Url) for list: $($list.Title)"
		}
	}    
}

    Hope this helps.

    If the answer is helpful, please click "Accept as Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments

3 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Deleted

    This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.

    Comments have been turned off. Learn more

  2. Vasil Michev 108.6K Reputation points MVP
    2024-11-21T07:49:01.34+00:00

    You can leverage the PnP module, which is built on top of CSOM. For example, the Get-PnPListInformationRightsManagement cmdlet will tell you the IRM status of a given list/library: https://pnp.github.io/powershell/cmdlets/Get-PnPListInformationRightsManagement.html

  3. Yanli Jiang - MSFT 27,241 Reputation points Microsoft Vendor
    2024-11-21T09:27:50.51+00:00

    Hi @jpcapone ,

    Welcome to Q&A forum!

    According to my test, you can use the following PowerShell script to get the lists and libraries of IRM-enabled tenants:

    # Load SharePoint CSOM Assemblies 
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll" 
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.Runtime.dll"

# Parameter
$TenantAdminUrl = "https://domain-admin.sharepoint.com"

# Connect to Admin Center
Connect-PnPOnline -Url $TenantAdminUrl -Interactive 

#Get All Site collections - Exclude: Seach Center, Redirect site, Mysite Host, App Catalog, Content Type Hub, eDiscovery and Bot Sites
$SiteCollections = Get-PnPTenantSite | Where -Property Template -NotIn ("SRCHCEN#0", "REDIRECTSITE#0", "SPSMSITEHOST#0", "APPCATALOG#0", "POINTPUBLISHINGHUB#0", "EDISC#0", "STS#-1")
    
#Loop through each site collection
ForEach($Site in $SiteCollections)
{
	# Connect to SharePoint
	Connect-PnPOnline -Url $Site.URL -Interactive
    
	# Get all document libraries and lists
	$lists = Get-PnPList

	# Check IRM settings
	foreach ($list in $lists) {
    		if ($list.IrmEnabled) {
        	Write-Host "IRM is enabled in $($Site.Url) for list: $($list.Title)"
			}
	}
    
}

    And the result:

    112101

    Good day!

    If the answer is helpful, please click "Accept as Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.