Forum Discussion
How does the super user functionality in Azure Rights Management?
We have recently performed labeling tests with Microsoft Purview on emails and Office documents. However, a question arises about what happens when a user encrypts a document or email and it becomes ...
Yes, you’re right - the super user feature in Purview allows designated accounts to decrypt any content protected by AIP/Purview labels, even if they aren’t the author or recipient.
I would suggest following approach:
- Enable the feature in your Azure/Rights Management settings.
- Assign trusted users as super users.
- Open encrypted emails or documents - super users can access the content automatically.
- Audit and monitor activity to ensure proper usage.
Best practice: Only assign to trusted accounts and disable the feature if not needed.
Microsoft references:
https://learn.microsoft.com/en-us/purview/encryption-super-users
https://learn.microsoft.com/en-us/powershell/module/aipservice/enable-aipservicesuperuserfeature?view=azureipps