The role of Superuser, is a functionality available within the Azure Information Protection service.
This functionality allows you to protect, unprotect, change permissions and track documents in which an encryption template has been applied.
This functionality can be very useful in the following scenarios:
An IT administrator needs to remove the current protection policy that was configured for files and apply to a new protection policy.
Exchange Server needs to index mailboxes for search operations.
You have existing IT services for data loss prevention (DLP) solutions, content encryption gateways (CEG), and anti-malware products that need to inspect files that are already protected.
You need to bulk decrypt files for auditing, legal, or other compliance reasons.
Now we tell you how to do it:
1.- Open powershell as administrator
2.- Run import-module AADRM
3.- Connect to Azure Information Protection services, run connect-Aadrmservice, type user credentials with administrative privileges.
4.- The console returns the connection to the Azure information Protection service
5.- The next step will be to check the superolefeature feature is enabled, for this it is necessary to launch the following command, get-aadrmsuperuserfeature
In the case that it is not enabled, it will be necessary to launch the command enable-aadrmsuperuserfeature.
6.- When the feature is enabled it is necessary to configure the user or group of users to whom the role will be assigned. For this it will be necessary to launch the following command: add-aadrmsuperuser -emailaddress dummy@domain.com
7.- To check of the users within the superuser role it will be necessary to launch the following command get-aadrmsuperuser
8.- Now you can use the functionality of Superuser in Azure Information Protection, one of the most used features is tracking.
To do this open a window in private mode the edge browser and write the following url: https://portal.azurerms.com/#/admin
9.- Now you will have the possibility of tracking the documents or users, the window will show you the session in administrator mode
Thank you very much for reading and I hope it was of your interest.