保护信息Protect information

Microsoft 365 和 Office 365 包含可应用于特定类型的数据以保护信息的功能。Microsoft 365 and Office 365 include capabilities that can be applied to specific types of data to protect information.

功能Capability 详细信息More information
敏感度标签Sensitivity labels
使用灵敏度标签,你可以对敏感内容进行分类和帮助保护。With sensitivity labels you can classify and help protect your sensitive content. 保护选项包括标签、水印和加密。Protection options include labels, watermarks, and encryption. 敏感度标签使用 Azure 信息保护。Sensitivity labels use Azure Information Protection. 如果您使用的是 Azure 信息保护标签,我们建议您在完成迁移后,避免在其他管理中心中心创建新标签。If you are using Azure Information Protection labels, for now we recommend that you avoid creating new labels in other admin centers until after you've completed your migration. 请参阅Azure 信息保护迁移See Azure Information Protection migration.
请注意,保留标签不同于敏感度标签。Note that retention labels are different from sensitivity labels. 保留标签可帮助您根据定义的策略保留或删除内容。Retention labels help you retain or delete content based on policies that you define. 这些帮助组织应遵守行业法规和内部策略。These help organizations comply with industry regulations and internal policies.
数据丢失防护(DLP)Data loss prevention (DLP)
使用 DLP 策略,您可以在 Office 365 中识别、监视和自动保护敏感信息。With DLP policies, you can identify, monitor, and automatically protect sensitive information across Office 365. 数据丢失防护策略可以使用敏感度标签和敏感信息类型来标识敏感信息。Data loss prevention policies can use sensitivity labels and sensitive information types to identify sensitive information.
敏感信息类型属性定义Sensitive information type entity definitions
Microsoft 365 包括许多可供您在 DLP 策略中使用的敏感信息类型,以及具有敏感度和保留标签的自动分类。Microsoft 365 includes many sensitive information types that are ready for you to use in DLP policies and for automatic classification with sensitivity and retention labels. 敏感信息类型也可以与Azure 信息保护扫描程序结合使用,以在本地对文件进行分类和保护。Sensitive information types can also be used with the Azure Information Protection scanner to classify and protect files on premises. 敏感信息类型定义了自动化过程如何识别特定的信息类型,如运行状况服务号码和信用卡号。Sensitive information types define how the automated process recognizes specific information types such as health service numbers and credit card numbers.
Office 365 邮件加密(OME)Office 365 Message Encryption (OME)
使用 Office 365 邮件加密,组织可以在组织内部和外部的人员之间发送和接收加密的电子邮件。With Office 365 Message Encryption, your organization can send and receive encrypted email messages between people inside and outside your organization. Office 365 邮件加密适用于 Outlook.com、Yahoo!、Gmail 和其他电子邮件服务。Office 365 Message Encryption works with Outlook.com, Yahoo!, Gmail, and other email services. 电子邮件加密有助于确保只有预期的收件人可以查看邮件内容。Email message encryption helps ensure that only intended recipients can view message content.
Azure 信息保护Azure Information Protection
Azure 信息保护(有时称为 "AIP")可帮助组织对文档和电子邮件进行分类、添加标签以及保护文档和电子邮件。Azure Information Protection (sometimes referred to as AIP) helps an organization to classify, label, and optionally, protect documents and emails. 管理员可以通过定义规则和条件来自动应用标签。Administrators can automatically apply labels by defining rules and conditions. 用户可以手动将标签应用于文件和邮件。Users can manually apply labels to files and mail. 您还可以向用户提供有关何时应用标签的建议。You can also give users recommendations about when to apply labels.
如果使用的是敏感度标签或 Office 邮件加密,则您已经在使用分类和保护功能。If you're using sensitivity labels or Office Message Encryption, you're already using classification and protection capabilities. 如果尚未将 Azure 信息保护标签迁移到 Office 365,请继续在 Azure 信息保护中管理这些标签。If you haven't yet migrated Azure Information Protection labels to Office 365, continue to manage these in Azure Information Protection.
您可以在本地运行Azure 信息保护扫描程序,以对 Windows Server、网络共享和 SharePoint server 网站和库上的文件进行分类和保护。You can run the Azure Information Protection scanner on premises to classify and protect files on Windows Server, network shares, and SharePoint Server sites and libraries. 这可能是确定要迁移到 Office 365 的数据的第一步。This can be a first step toward identifying data to migrate to Office 365.
使用客户托管加密密钥的 Azure 信息保护Azure Information Protection with customer managed encryption key
有些组织有业务需求或合规性要求来保留对加密密钥的控制。Some organizations have a business need or compliance requirement to retain control of an encryption key. 这并不常见。This is not common. Azure 信息保护允许组织将你自己的密钥(BYOK)带到服务。Azure Information Protection allows organizations to bring your own key (BYOK) to the service. 有关详细信息,请参阅为 Azure 信息保护引入你自己的密钥(BYOK)For more information, see Bring your own key (BYOK) for Azure Information Protection. 另一个更复杂的选项是为有要求在本地保留加密密钥的客户提供的,称为 "保留自己的密钥(HYOK)"。Another more complex option is offered for customers who have a requirement to retain an encryption key on premises, referred to as hold your own key (HYOK). 有关详细信息,请参阅保留您自己的密钥(HYOK)以获取 Azure 信息保护For more information, see Hold your own key (HYOK) for Azure Information Protection.