Good day!
I use a trial version of O365 Ent E3 license with trial Azure RMS, I'd like to test RMS services.
I have an issue with RMS scope filtering.
1. I have created "Test AD RMS Users SEC" security mail-enabled group and set up Azure RMS template "MyTestCompany - Top Confident" scope and user's rights to this group only.
2.I set up restrictions with command
Set-AadrmOnboardingControlPolicy
-SecurityGroupObjectId 153c3f6e-e890-4bf3-b382-38923ae3babb -UseRmsUserLicense
$true -Scope All
where "153c3f6e-e890-4bf3-b382-38923ae3babb" is an object ID of "Test AD RMS Users SEC" group.
After this I updated RMS templates in Exchange Online with command:
Import-RMSTrustedPublishingDomain -Name "RMS Online - 1" -RefreshTemplates -RMSOnline
I have users: test2@mytestcompany.onmicrosoft.com andtest3@mytestcompany.onmicrosoft.com.
Both these users are NOT members of "Test AD RMS Users SEC" group.
Test2 user has NO Azure RMS license (I disabled it for him), Test3 has default O365 Ent E3 license.
But when I log on with these users through OWA I may see and apply RMS template "MyTestCompany - Top Confident" (which should not be available for these users).
May you help me - what's wrong with my settings ?
Thanks',
Best regards.