Azure 信息保护审核日志引用 (公共预览版) Azure Information Protection audit log reference (public preview)

适用于: Azure 信息保护Office 365Applies to: Azure Information Protection, Office 365

Microsoft Azure 信息保护在以下活动事件中生成审核日志:Microsoft Azure Information Protection generates audit logs at the following activity events:

访问审核日志Access audit logs

为以下活动生成访问审核日志:Access audit logs are generated for the following activities:

报告者Reported by 平台Platform 应用程序Application 操作/说明Action / Description
Azure 信息保护:仅经典客户端Azure Information Protection: Classic client only WindowsWindows OfficeOffice 在每个会话中对标记或受保护的文件进行第一次生成。Generated for the first time in each session that a labeled or protected file is saved.
日志包含任何信息类型匹配项。The log includes any information type matches.
Azure 信息保护:仅经典客户端Azure Information Protection: Classic client only WindowsWindows OfficeOffice 每次创建标记文件或受保护的文件时生成。Generated each time a labeled or protected file is created.
Azure 信息保护:Azure Information Protection:
-经典客户端- Classic client
-统一标签客户端- Unified labeling client
Windows、SharePoint、OneDriveWindows, SharePoint, OneDrive OfficeOffice 每次打开标记或受保护的文件时生成。Generated each time a labeled or protected file is opened.

注意: 对于受保护的文件,仅当打开文件并且成功对内容进行解密并向用户公开内容时,才会生成访问审核日志。Note: For protected files, Access audit logs are generated only when the file is opened and the content is successfully decrypted and exposed to the user.
对于 Outlook 中的受保护电子邮件,当用户尝试打开加密的电子邮件时,也会生成访问审核日志,即使由于缺少权限而导致解密被阻止。For protected emails in Outlook, Access audit logs are also generated each time the user attempts to open an encrypted email, even if the decryption is blocked due to a lack of permissions.
Microsoft 信息保护 (MIP) SDKMicrosoft Information Protection (MIP) SDK 任意Any 第三方应用程序Third-party applications 每次通过支持该文件的第三方应用程序访问标记或受保护的文件时生成。Generated each time a labeled or protected file is accessed by a third-party application that supports it.
RMS 服务RMS service WindowsWindows OfficeOffice 每次访问标记或受保护的文档时生成。Generated each time a labeled or protected document is accessed.

拒绝访问审核日志Access denied audit logs

对于以下活动,会生成 "拒绝访问" 审核日志:Access denied audit logs are generated for the following activities:

报告者Reported by 平台Platform 应用程序Application 操作/说明Action / Description
RMS 服务RMS service WindowsWindows OfficeOffice 在用户每次尝试访问他们没有权限的受保护文档时生成。Generated each time a user attempts to access a protected document for which they have no permissions.

更改保护审核日志Change protection audit logs

为以下活动生成更改保护审核日志:Change protection audit logs are generated for the following activities:

报告者Reported by 平台Platform 应用程序Application 操作/说明Action / Description
Azure 信息保护:Azure Information Protection:
-经典客户端- Classic client
-统一标签客户端- Unified labeling client
Windows、SharePoint、OneDriveWindows, SharePoint, OneDrive OfficeOffice 每次手动更改未标记文档的保护时生成。Generated each time the protection on an unlabeled document is changed manually.
Microsoft 信息保护 (MIP) SDKMicrosoft Information Protection (MIP) SDK 任意Any 第三方应用程序Third-party applications 每次手动更改未标记文档的保护时生成。Generated each time the protection on an unlabeled document is changed manually.
仅当第三方应用程序支持时才生成。Generated only if supported by the third-party application.

发现审核日志Discover audit logs

为以下活动生成审核日志Discover audit logs are generated for the following activities:

报告者Reported by 平台Platform 应用程序Application 操作/说明Action / Description
Azure 信息保护:仅经典扫描器Azure Information Protection: Classic scanner only WindowsWindows OfficeOffice 每次 AIP 扫描程序扫描文件时生成。Generated each time a file is scanned by the AIP scanner.
日志包含以下详细信息:The log includes the following details:
-匹配的信息类型- Matched information types
-标签- Labels
Microsoft 信息保护 (MIP) SDKMicrosoft Information Protection (MIP) SDK 任意Any 第三方应用程序Third-party applications 每次由支持该文件的第三方应用程序扫描文件时生成。Generated each time a file is scanned by a third-party application that supports it.
日志包含以下详细信息:The log includes the following details:
-匹配的信息类型- Matched information types
-标签- Labels

降级标签审核日志Downgrade label audit logs

为以下活动生成降级标签审核日志:Downgrade label audit logs are generated for the following activities:

报告者Reported by 平台Platform 应用程序Application 操作/说明Action / Description
Azure 信息保护:Azure Information Protection:
-经典扫描程序和客户端- Classic scanner and client
-统一标记扫描器和客户端- Unified labeling scanner and client
Windows、SharePoint、一个驱动器Windows, SharePoint, One Drive OfficeOffice 每次用不太敏感的标签更新文档标签时生成。Generated each time a document label is updated with a less sensitive label.
Microsoft Defender ATPMicrosoft Defender ATP WindowsWindows OSOS 每次用不太敏感的标签更新文档标签时生成。Generated each time a document label is updated with a less sensitive label.
Microsoft 信息保护 (MIP) SDKMicrosoft Information Protection (MIP) SDK 任意Any 第三方应用程序Third-party applications 每次用不太敏感的标签更新文档标签时生成。Generated each time a document label is updated with a less sensitive label.
仅当第三方应用程序支持时才生成。Generated only if supported by the third-party application.

文件已删除审核日志File removed audit logs

备注

仅在 Azure 信息保护扫描程序版本 2.7.96.0 和更高版本中支持文件删除审核日志。File removed audit logs are supported only in Azure Information Protection scanner version 2.7.96.0 and later.

为以下活动生成文件已删除审核日志:File removed audit logs are generated for the following activities:

报告者Reported by 平台Platform 应用程序Application 操作/说明Action / Description
Azure 信息保护扫描程序,统一标签客户端Azure Information Protection scanner, Unified labeling client WindowsWindows Office 和支持的文件类型Office and supported file types 每次 AIP 扫描程序检测到已删除先前扫描的文件时生成。Generated each time the AIP scanner detects that a previously scanned file has been removed.

新标签审核日志New label audit logs

为以下活动生成新的标签审核日志:New label audit logs are generated for the following activities:

报告者Reported by 平台Platform 应用程序Application 操作/说明Action / Description
Azure 信息保护:Azure Information Protection:
-经典扫描程序和客户端- Classic scanner and client
-统一标记扫描器和客户端- Unified labeling scanner and client
Windows、SharePoint、一个驱动器Windows, SharePoint, One Drive OfficeOffice 每次应用新标签时生成。Generated each time new label is applied.
Microsoft Defender ATPMicrosoft Defender ATP WindowsWindows OSOS 每次应用新文档标签时生成。Generated each time a new document label is applied.
Microsoft 信息保护 (MIP) SDKMicrosoft Information Protection (MIP) SDK 任意Any 第三方应用程序Third-party applications 每次应用新文档标签时生成。Generated each time a new document label is applied.
仅当第三方应用程序支持时才生成。Generated only when supported by the third-party application.

新保护审核日志New protection audit logs

为以下活动生成新的保护审核日志:New protection audit logs are generated for the following activities:

报告者Reported by 平台Platform 应用程序Application 操作/说明Action / Description
Azure 信息保护:Azure Information Protection:
-经典客户端- Classic client
-统一标签客户端- Unified labeling client
Windows、SharePoint、一个驱动器Windows, SharePoint, One Drive OfficeOffice 每次手动添加保护时,如果没有标签,则会生成。Generated each time protection is newly added manually, without a label.
Microsoft 信息保护 (MIP) SDKMicrosoft Information Protection (MIP) SDK 任意Any 第三方应用程序Third-party applications 每次手动添加保护时,如果没有标签,则会生成。Generated each time protection is newly added manually, without a label.
仅当第三方应用程序支持时才生成。Generated only when supported by the third-party application.

删除标签审核日志Remove label audit logs

为以下活动生成 "删除标签" 审核日志:Remove label audit logs are generated for the following activities:

报告者Reported by 平台Platform 应用程序Application 操作/说明Action / Description
Azure 信息保护:Azure Information Protection:
-经典扫描程序和客户端- Classic scanner and client
-统一标记扫描器和客户端- Unified labeling scanner and client
Windows、SharePoint、一个驱动器Windows, SharePoint, One Drive OfficeOffice 每次删除标签时生成。Generated each time a label is removed.
Microsoft Defender ATPMicrosoft Defender ATP WindowsWindows OSOS 每次删除标签时生成。Generated each time a label is removed.
Microsoft 信息保护 (MIP) SDKMicrosoft Information Protection (MIP) SDK 任意Any 第三方应用程序Third-party applications 每次删除标签时生成。Generated each time a label is removed.
仅当第三方应用程序支持时才生成。Generated only when supported by the third-party application.

删除保护审核日志Remove protection audit logs

为以下活动生成删除保护审核日志:Remove protection audit logs are generated for the following activities:

报告者Reported by 平台Platform 应用程序Application 操作/说明Action / Description
Azure 信息保护:Azure Information Protection:
-经典客户端- Classic client
-统一标签客户端- Unified labeling client
Windows、SharePoint、一个驱动器Windows, SharePoint, One Drive OfficeOffice 每次手动删除保护时,如果没有标签,则生成。Generated each time protection is manually removed, without a label.
Microsoft 信息保护 (MIP) SDKMicrosoft Information Protection (MIP) SDK 任意Any 第三方应用程序Third-party applications 每次手动删除保护时,如果没有标签,则生成。Generated each time protection is manually removed, without a label.
仅当第三方应用程序支持时才生成。Generated only when supported by the third-party application.

升级标签审核日志Upgrade label audit logs

为以下活动生成升级标签审核日志:Upgrade label audit logs are generated for the following activities:

报告者Reported by 平台Platform 应用程序Application 操作/说明Action / Description
Azure 信息保护:Azure Information Protection:
-经典扫描程序和客户端- Classic scanner and client
-统一标记扫描器和客户端- Unified labeling scanner and client
Windows、SharePoint、一个驱动器Windows, SharePoint, One Drive OfficeOffice 每次用更敏感的标签更新文档标签时生成。Generated each time a document label is updated with a more sensitive label.
Microsoft Defender ATPMicrosoft Defender ATP WindowsWindows OSOS 每次用更敏感的标签更新文档标签时生成。Generated each time a document label is updated with a more sensitive label.
Microsoft 信息保护 (MIP) SDKMicrosoft Information Protection (MIP) SDK 任意Any 第三方应用程序Third-party applications 每次用更敏感的标签更新文档标签时生成。Generated each time a document label is updated with a more sensitive label.
仅当第三方应用程序支持时才生成。Generated only when supported by the third-party application.