Azure 信息保护的符合性和支持信息Compliance and supporting information for Azure Information Protection

Azure 信息保护支持其他服务,也依赖于其他服务。Azure Information Protection supports other services and also relies on other services. 如果你寻找的信息与 Azure 信息保护相关,但与如何使用 Azure 信息保护服务无关,请查看以下资源:If you’re looking for information that is related to Azure Information Protection but not about how to use the Azure Information Protection service, check the following resources:

对不同国家/地区的适用性Suitability for different countries

由于不同国家/地区间法律和法规的差异,不同用例和方案的区别,以及各业务部门要求的不同,请咨询法律顾问,了解Azure 信息保护是否适用于自己所在的国家/地区。Given the variability between laws and regulations in different countries, different use cases and scenarios, and the varying requirements between different business sectors, you will need to consult your legal adviser to help you answer whether Azure Information Protection is suitable for your country.

以下是有助于法律顾问做出决定的相关信息:However, some relevant information that can help your legal adviser make a determination:

  • Azure 信息保护使用 AES 256 和 AES 128 加密文档。Azure Information Protection uses AES 256 and AES 128 to encrypt documents. 详细信息More information

  • 使用特定于客户的根密钥(使用 RSA 2048 位)保护所有用于 Azure 信息保护的加密密钥。All encryption keys used by Azure Information Protection are protected with a customer-specific root key that uses RSA 2048 bits. RSA 1024 位也支持向后兼容。RSA 1024 bits is also supported for backwards compatibility. 详细信息More information

  • 特定于客户的根密钥由 Microsoft 管理或由 nCipher HSM 中的客户通过使用 "自带密钥" (BYOK)进行设置。Customer-specific root keys are either managed by Microsoft or provisioned by the customer in a nCipher HSM by using "bring your own key" (BYOK). Azure 信息保护还支持本地密钥的有限功能 - 使用“保留自己的密钥”(HYOK) 用于指示其不能使用基于云的密钥保护的要求影响的内容。Azure Information Protection also supports limited functionality with an on-premises key by using "hold your own key" (HYOK) for content that is affected by requirements that indicate that it should not be protected with a cloud-based key.

  • Azure 信息保护服务托管在全球各地的区域数据中心内。The Azure Information Protection service is hosted in regional data centers across the globe. Azure 信息保护密钥和策略始终保留在最初的部署区域中。Azure Information Protection keys and policies always remain within the region in which is originally deployed.

  • Azure 信息保护不会将文档内容从客户端传输到 Azure 信息保护服务。Azure Information Protection does not transmit document contents from clients to the Azure Information Protection service. 内容加密和解密操作在客户端设备内就地执行。Content encryption and decryption operations are performed in-place in the client device. 或者,对基于服务的渲染而言,这些操作将在要渲染内容的服务中执行。Or, for service-based rendering, these operations are performed within the service that’s rendering the content. 详细信息More information

安全、合规性和审核Security, compliance, and auditing

请参阅 Azure RMS 解决了哪些问题?一文中的安全、合规性和法规要求,了解有关特定 Azure 权限管理服务证书的信息。See the Security, compliance, and regulatory requirements section in the What problems does Azure RMS solve? article, for information about specific certifications for the Azure Rights Management service. 此外:In addition:

若要详细了解保护技术如何工作的技术信息,请参阅 Azure RMS 的工作原理For in-depth technical information about how the protection technology works, see How does Azure RMS work?

服务级别协议Service level agreements

文档Documentation