安装和部署 Azure 信息保护统一标记扫描器的先决条件Prerequisites for installing and deploying the Azure Information Protection unified labeling scanner

适用于: Azure 信息保护、windows server 2019、windows server 2016、windows Server 2012 R2Applies to: Azure Information Protection, Windows Server 2019, Windows Server 2016, Windows Server 2012 R2

备注

如果使用的是经典扫描程序,请参阅 安装和部署 Azure 信息保护经典扫描器的先决条件If you're working with the classic scanner, see Prerequisites for installing and deploying the Azure Information Protection classic scanner.

在安装 Azure 信息保护扫描程序之前,请确保你的系统符合以下要求:Before you install the Azure Information Protection scanner, make sure that your system complies with the following requirements:

如果你无法满足表中的所有要求,因为你的组织策略禁止这些要求,请参阅 备选配置 部分。If you can't meet all the requirements in the table because they are prohibited by your organization policies, see the alternative configurations section.

在生产中部署扫描仪或测试多个扫描仪的性能时,请参阅 SQL Server 的存储要求和容量规划When deploying the scanner in production or testing the performance for multiple scanners, see Storage requirements and capacity planning for SQL Server.

准备好开始安装和部署扫描程序时,请继续 部署 Azure 信息保护扫描程序以自动对文件进行分类和保护When you're ready to start installing and deploying your scanner, continue with Deploying the Azure Information Protection scanner to automatically classify and protect files.

Windows Server 要求Windows Server requirements

你必须有一台运行扫描程序的 Windows Server 计算机,该计算机具有以下系统规范:You must have a Windows Server computer to run the scanner, which has the following system specifications:

规格Specification 详细信息Details
处理器Processor 4核处理器4 core processors
RAMRAM 8 GB8 GB
磁盘空间Disk space 10 GB 可用空间 (临时文件的平均) 。10-GB free space (average) for temporary files.

扫描程序需要足够的磁盘空间,才能为其扫描的每个文件(每个核心四个文件)创建临时文件。The scanner requires sufficient disk space to create temporary files for each file that it scans, four files per core.

借助建议的 10GB 磁盘空间,4 核处理器可以扫描 16 个文件,每个文件的大小为 625MB。The recommended disk space of 10 GB allows for 4 core processors scanning 16 files that each have a file size of 625 MB.
操作系统Operating system -Windows Server 2019- Windows Server 2019
- Windows Server 2016- Windows Server 2016
- Windows Server 2012 R2- Windows Server 2012 R2

注意: 对于非生产环境中的测试或评估目的,还可以使用 Azure 信息保护客户端支持的任何 Windows 操作系统。Note: For testing or evaluation purposes in a non-production environment, you can also use any Windows operating system that is supported by the Azure Information Protection client.
网络连接Network connectivity 扫描仪计算机可以是物理计算机或虚拟计算机,与要扫描的数据存储进行快速可靠的网络连接。Your scanner computer can be a physical or virtual computer with a fast and reliable network connection to the data stores to be scanned.

如果由于组织策略而无法建立 internet 连接,请参阅 用备用配置部署扫描程序If internet connectivity is not possible because of your organization policies, see Deploying the scanner with alternative configurations.

否则,请确保此计算机具有 internet 连接,允许通过 HTTPS (端口 443) 的以下 Url:Otherwise, make sure that this computer has internet connectivity that allows the following URLs over HTTPS (port 443):

- *。 aadrm.com- *.aadrm.com
- *。 azurerms.com- *.azurerms.com
- *。 informationprotection.azure.com- *.informationprotection.azure.com
-informationprotection.hosting.portal.azure.net- informationprotection.hosting.portal.azure.net
- *。 aria.microsoft.com- *.aria.microsoft.com
- *。 protection.outlook.com- *.protection.outlook.com

服务帐户要求Service account requirements

您必须具有服务帐户才能在 Windows Server 计算机上运行 scanner 服务,并可 Azure AD 和下载 Azure 信息保护策略。You must have a service account to run the scanner service on the Windows Server computer, as well as authenticate to Azure AD and download the Azure Information Protection Policy.

你的服务帐户必须是 Active Directory 帐户,并同步到 Azure AD。Your service account must be an Active Directory account and synchronized to Azure AD.

如果由于组织策略而无法同步此帐户,请参阅 用备用配置部署扫描程序If you cannot synchronize this account because of your organization policies, see Deploying the scanner with alternative configurations.

此服务帐户有以下要求:This service account has the following requirements:

要求Requirement 详细信息Details
本地登录 用户权限分配Log on locally user right assignment 需要安装和配置扫描程序,但不需要运行扫描。Required to install and configure the scanner, but not required to run scans.

确认扫描程序可以发现、分类和保护文件后,可以从服务帐户中删除此权限。Once you've confirmed that the scanner can discover, classify, and protect files, you can remove this right from the service account.

如果由于组织策略的原因而无法在短时间内授予此权限,请参阅 使用替代配置部署扫描程序If granting this right even for a short period of time is not possible because of your organization policies, see Deploying the scanner with alternative configurations.
作为服务登录**** 的用户权限分配。Log on as a service user right assignment. 扫描程序安装过程中会自动将此权限授予服务帐户,此权限是安装、配置和操作扫描程序所必需的。This right is automatically granted to the service account during the scanner installation and this right is required for the installation, configuration, and operation of the scanner.
数据存储库的权限Permissions to the data repositories - 文件共享或本地文件: 授予 " 读取"、" 写入" 和 " 修改 " 权限以扫描文件,然后按配置应用 "分类和保护"。- File shares or local files: Grant Read, Write, and Modify permissions for scanning the files and then applying classification and protection as configured.

- SharePoint: 授予 " 完全控制 " 权限以扫描文件,然后按配置应用 "分类和保护"。- SharePoint: Grant Full Control permissions for scanning the files and then applying classification and protection as configured.

- 发现模式: 若要仅在发现模式下运行扫描程序, 读取 权限就足够了。- Discovery mode: To run the scanner in discovery mode only, Read permission is sufficient.
对于重新保护或删除保护的标签For labels that reprotect or remove protection 若要确保扫描程序始终可以访问受保护的文件,请将此帐户设置为 Azure 信息保护的 超级用户 ,并确保已启用超级用户功能。To ensure that the scanner always has access to protected files, make this account a super user for Azure Information Protection, and ensure that the super user feature is enabled.

此外,如果已为分阶段部署实现了 载入控件 ,请确保已配置的载入控件中包含该服务帐户。Additionally, if you've implemented onboarding controls for a phased deployment, make sure that the service account is included in the onboarding controls you've configured.

SQL server 要求SQL server requirements

若要存储扫描程序配置数据,请使用具有以下要求的 SQL server:To store the scanner configuration data, use an SQL server with the following requirements:

  • 本地或远程实例。A local or remote instance.

    建议在不同的计算机上托管 SQL Server 和扫描程序服务,除非使用的是小型部署。We recommend hosting the SQL Server and scanner service on different machines, unless you're working with a small deployment.

    SQL Server 2012 是以下版本的最低版本:SQL Server 2012 is the minimum version for the following editions:

    • SQL Server EnterpriseSQL Server Enterprise
    • SQL Server StandardSQL Server Standard
    • 仅建议 SQL Server Express (用于测试环境) SQL Server Express (recommended for test environments only)
  • 具有安装扫描程序的 Sysadmin 角色的帐户。An account with Sysadmin role to install the scanner.

    Sysadmin 角色允许安装过程自动创建扫描程序配置数据库并向运行该扫描程序的服务帐户授予所需的 db_owner 角色。The Sysadmin role enables the installation process to automatically create the scanner configuration database and grant the required db_owner role to the service account that runs the scanner.

    如果无法授予 Sysadmin 角色或组织策略需要手动创建和配置数据库,请参阅 用备用配置部署扫描程序If you cannot be granted the Sysadmin role or your organization policies require databases to be created and configured manually, see Deploying the scanner with alternative configurations.

  • 容量。Capacity. 有关容量指导,请参阅 SQL Server 的存储要求和容量规划For capacity guidance, see Storage requirements and capacity planning for SQL Server.

  • 不区分大小写排序规则Case insensitive collation

备注

当你为扫描程序指定自定义群集 (配置文件) 名称时,或使用扫描仪的预览版本时,支持同一 SQL server 上的多个配置数据库。Multiple configuration databases on the same SQL server are supported when you specify a custom cluster (profile) name for the scanner, or when you use the preview version of the scanner.

SQL Server 的存储要求和容量规划Storage requirements and capacity planning for SQL Server

扫描程序配置数据库所需的磁盘空间量以及运行 SQL Server 的计算机的规范可能因每个环境而异,因此,我们鼓励你进行自己的测试。The amount of disk space required for the scanner's configuration database and the specification of the computer running SQL Server can vary for each environment, so we encourage you to do your own testing. 使用以下指导作为起点。Use the following guidance as a starting point.

有关详细信息,请参阅 优化扫描程序的性能For more information, see Optimizing the performance of the scanner.

对于每个部署,扫描程序配置数据库的磁盘大小将有所不同。The disk size for the scanner configuration database will vary for each deployment. 使用以下公式作为指导:Use the following equation as guidance:

100 KB + <file count> *(1000 + 4* <average file name length>)

例如,若要扫描1000000个文件名长度为250个字节的文件,请分配 2 GB 磁盘空间。For example, to scan 1 million files that have an average file name length of 250 bytes, allocate 2-GB disk space.

对于多个扫描仪:For multiple scanners:

  • 最多10个扫描仪, 使用:Up to 10 scanners, use:

    • 4核处理器4 core processors
    • 建议 8 GB RAM8-GB RAM recommended
  • 超过10 个扫描仪 (最大 40) ,请使用:More than 10 scanners (maximum 40), use:

    • 8个核心进程8 core processes
    • 建议使用 16 GB RAM16-GB RAM recommended

Azure 信息保护客户端要求Azure Information Protection client requirements

你必须在 Windows Server 计算机上安装 Azure 信息保护客户端的 当前通用版本You must have either the current general availability version of the Azure Information Protection client installed on the Windows Server computer.

有关详细信息,请参阅 统一标签客户端管理员指南For more information, see the Unified labeling client admin guide.

重要

必须安装扫描程序的完整客户端。You must install the full client for the scanner. 请勿安装只带有 PowerShell 模块的客户端。Do not install the client with just the PowerShell module.

标签配置要求Label configuration requirements

您必须将标签配置为自动应用分类和保护(可选)。You must have labels configured that automatically apply classification, and optionally, protection.

如果未配置这些标签,请参阅 使用替代配置部署扫描程序If you don't have these labels configured, see Deploying the scanner with alternative configurations.

有关详细信息,请参阅:For more information, see:

SharePoint 要求SharePoint requirements

若要扫描 SharePoint 文档库和文件夹,请确保您的 SharePoint 服务器符合以下要求:To scan SharePoint document libraries and folders, ensure that your SharePoint server complies with the following requirements:

  • 支持的版本。Supported versions. 支持的版本包括: SharePoint 2019、SharePoint 2016、SharePoint 2013 和 SharePoint 2010。Supported versions include: SharePoint 2019, SharePoint 2016, SharePoint 2013, and SharePoint 2010. 扫描程序不支持其他版本的 SharePoint。Other versions of SharePoint are not supported for the scanner.

  • 控制.Versioning. 使用 版本控制时,扫描程序会检查并标记上次发布的版本。When you use versioning, the scanner inspects and labels the last published version. 如果扫描程序标签文件和 内容审批 是必需的,则必须向用户批准标记为 "文件" 的文件。If the scanner labels a file and content approval is required, that labeled file must be approved to be available for users.

  • 大型 SharePoint 场。Large SharePoint farms. 对于大型 SharePoint 场,请检查是否需要增加列表视图阈值(默认为 5,000),以便扫描程序访问所有文件。For large SharePoint farms, check whether you need to increase the list view threshold (by default, 5,000) for the scanner to access all files. 有关详细信息,请参阅 在 SharePoint 中管理大型列表和库For more information, see Manage large lists and libraries in SharePoint.

Microsoft Office 要求Microsoft Office requirements

若要扫描 Office 文档,文档必须采用以下格式之一:To scan Office documents, your documents must be in one of the following formats:

  • Microsoft Office 97-2003Microsoft Office 97-2003
  • Word、Excel 和 PowerPoint 的 Office Open XML 格式Office Open XML formats for Word, Excel, and PowerPoint

有关详细信息,请参阅 Azure 信息保护统一标签客户端支持的文件类型For more information, see File types supported by the Azure Information Protection unified labeling client.

文件路径要求File path requirements

默认情况下,若要扫描文件,文件路径的最大长度必须为260个字符。By default, to scan files, your file paths must have a maximum of 260 characters.

若要扫描文件路径超过260个字符的文件,请在安装了以下 Windows 版本之一的计算机上安装扫描程序,并根据需要配置计算机:To scan files with file paths of more than 260 characters, install the scanner on a computer with one of the following Windows versions, and configure the computer as needed:

Windows 版本Windows version 说明Description
Windows 2016 或更高版本Windows 2016 or later 将计算机配置为支持长路径Configure the computer to support long paths
Windows 10 或 Windows Server 2016Windows 10 or Windows Server 2016 定义以下组策略设置本地计算机策略 > 计算机配置 > 管理模板 > 所有设置都 > 启用 Win32 长路径Define the following group policy setting: Local Computer Policy > Computer Configuration > Administrative Templates > All Settings > Enable Win32 long paths.

有关这些版本中的长文件路径支持的详细信息,请参阅 Windows 10 开发人员文档中的 最大路径长度限制 部分。For more information long file path support in these versions, see the Maximum Path Length Limitation section from the Windows 10 developer documentation.
Windows 10 1607 或更高版本Windows 10, version 1607 or later 选择启用更新的 MAX_PATH 功能。Opt in for the updated MAX_PATH functionality. 有关详细信息,请参阅 在 Windows 10 版本1607及更高版本中启用长路径For more information, see Enable Long Paths in Windows 10 versions 1607 and later.

使用情况统计信息要求Usage statistics requirements

使用以下方法之一禁用使用情况统计信息:Disable usage statistics using one of the following methods:

  • AllowTelemetry 参数设置为0Setting the AllowTelemetry parameter to 0

  • 请确保在扫描程序安装过程中未选择 " 通过向 Microsoft 发送使用情况统计信息来帮助改进 Azure 信息保护 " 选项。Ensure that the Help improve Azure Information Protection by sending usage statistics to Microsoft option remains unselected during the scanner installation process.

使用备用配置部署扫描程序Deploying the scanner with alternative configurations

上面列出的先决条件是扫描程序部署的默认要求,建议使用,因为它们支持最简单的扫描程序配置。The prerequisites listed above are the default requirements for the scanner deployment, and recommended because they support the simplest scanner configuration.

默认要求适用于初始测试,因此您可以检查扫描程序的功能。The default requirements should be suitable for initial testing, so that you can check the capabilities of the scanner.

但是,在生产环境中,组织的策略可能会禁止这些默认要求。However, in a production environment, your organization's policies may prohibit these default requirements. 扫描程序可以通过其他配置来适应以下限制:The scanner can accommodate the following restrictions with additional configuration:

限制:扫描仪服务器不能连接到 internetRestriction: The scanner server cannot have internet connectivity

尽管统一标签客户端在没有 internet 连接的情况下无法应用保护,但扫描程序仍可以基于导入的策略应用标签。While the unified labeling client cannot apply protection without an internet connection, the scanner can still apply labels based on imported policies.

若要支持断开连接的计算机,请执行以下步骤:To support a disconnected computer, perform the following steps:

  1. 配置策略中的标签,然后使用该 过程支持已断开连接的计算机 ,启用脱机分类和标签。Configure labels in your policy, and then use the procedure to support disconnected computers to enable offline classification and labeling.

  2. 启用内容扫描作业的脱机管理:Enable offline management for content scan jobs:

    1. 使用set-aipscannerconfiguration cmdlet 将扫描仪设置为在脱机模式下工作。Set the scanner to function in offline mode, using the Set-AIPScannerConfiguration cmdlet.

    2. 通过创建扫描仪群集在 Azure 门户中配置扫描仪。Configure the scanner in the Azure portal by creating a scanner cluster. 有关详细信息,请参阅 在 Azure 门户中配置扫描器For more information, see Configure the scanner in the Azure portal.

    3. 使用 "导出" 选项,从 " Azure 信息保护-内容扫描作业" 窗格导出内容作业。Export your content job from the Azure Information Protection - Content scan jobs pane using the Export option.

    4. 使用 set-aipscannerconfiguration cmdlet 导入策略。Import the policy using the Import-AIPScannerConfiguration cmdlet.

    脱机内容扫描作业的结果位于: %localappdata%\Microsoft\MSIP\Scanner\ReportsResults for offline content scan jobs are located at: %localappdata%\Microsoft\MSIP\Scanner\Reports

  3. 启用网络扫描作业的脱机管理:Enable offline management of network scan jobs:

    1. 使用 MIPNetworkDiscoveryConfiguration Cmdlet 将网络发现服务设置为在脱机模式下工作。Set the Network Discovery service to function in offline mode using the Set-MIPNetworkDiscoveryConfiguration cmdlet.

    2. 在 Azure 门户中配置网络扫描作业。Configure the network scan job in the Azure portal. 有关详细信息,请参阅 创建网络扫描作业For more information, see Creating a network scan job.

    3. 使用 "导出" 选项,从 " **Azure 信息保护-网络扫描作业 (预览") **窗格中导出网络扫描作业。Export your network scan job from the Azure Information Protection - Network scan jobs (Preview) pane using the Export option.

    4. 使用 MIPNetworkDiscoveryConfiguration cmdlet 与群集名称相匹配的文件导入网络扫描作业。Import the network scan job using the file that matches our cluster name using the Import-MIPNetworkDiscoveryConfiguration cmdlet.

    脱机网络扫描作业的结果位于: %localappdata%\Microsoft\MSIP\Scanner\ReportsResults for offline network scan jobs are located at: %localappdata%\Microsoft\MSIP\Scanner\Reports

限制:无法获得 Sysadmin 角色,或必须手动创建和配置数据库Restriction: You cannot be granted Sysadmin or databases must be created and configured manually

如果可以 暂时 授予 Sysadmin 角色以安装扫描程序,则可以在扫描程序安装完成后删除此角色。If you can be granted the Sysadmin role temporarily to install the scanner, you can remove this role when the scanner installation is complete.

根据组织的要求,执行下列操作之一:Do one of the following, depending on your organization's requirements:

  • 您可以暂时拥有 Sysadmin 角色。You can have the Sysadmin role temporarily. 如果你暂时拥有 Sysadmin 角色,系统会自动为你创建数据库,并且会自动向扫描程序的服务帐户授予所需的权限。If you temporarily have the Sysadmin role, the database is automatically created for you and the service account for the scanner is automatically granted the required permissions.

    但是,配置扫描程序的用户帐户仍需要扫描程序配置数据库的 db_owner 角色。However, the user account that configures the scanner still requires the db_owner role for the scanner configuration database. 如果在安装程序完成之前只有 Sysadmin 角色,请 手动向用户帐户授予 db_owner 角色If you only have the Sysadmin role until the scanner installation is complete, grant the db_owner role to the user account manually.

  • 你根本不能拥有 Sysadmin 角色You cannot have the Sysadmin role at all. 如果你不能暂时授予 Sysadmin 角色,则必须在安装 scanner 之前要求具有 Sysadmin 权限的用户手动创建数据库。If you cannot be granted the Sysadmin role even temporarily, you must ask a user with Sysadmin rights to manually create a database before you install the scanner.

    对于此配置,必须将 db_owner 角色分配给以下帐户:For this configuration, the db_owner role must be assigned to the following accounts:

    • 扫描程序的服务帐户Service account for the scanner
    • 用于安装程序的用户帐户User account for the scanner installation
    • 用于配置扫描程序的用户帐户User account for scanner configuration

    用于安装和配置扫描程序的用户帐户通常是相同的。Typically, you will use the same user account to install and configure the scanner. 如果使用不同的帐户,则它们都需要扫描程序配置数据库的 db_owner 角色。If you use different accounts, they both require the db_owner role for the scanner configuration database. 根据需要创建此用户和权限。Create this user and rights as needed. 如果你指定自己的群集 (配置文件) 名称,则配置数据库将命名为 AIPScannerUL_<cluster_name>If you specify your own cluster (profile) name, the configuration database is named AIPScannerUL_<cluster_name>.

此外:Additionally:

  • 您必须是将运行扫描程序的服务器上的本地管理员You must be a local administrator on the server that will run the scanner

  • 必须为将运行扫描程序的服务帐户授予对以下注册表项的 "完全控制" 权限:The service account that will run the scanner must be granted Full Control permissions to the following registry keys:

    • HKEY_LOCAL_MACHINE \SOFTWARE\WOW6432Node\Microsoft\MSIPC\ServerHKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\MSIPC\Server
    • HKEY_LOCAL_MACHINE \SOFTWARE\Microsoft\MSIPC\ServerHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSIPC\Server

如果在配置这些权限后出现错误,则在安装扫描程序时,可以忽略该错误,并且可以手动启动 scanner 服务。If, after configuring these permissions, you see an error when you install the scanner, the error can be ignored and you can manually start the scanner service.

手动填充数据库Populate the database manually

使用以下脚本填充数据库:Populate the database using the following script:

if not exists(select * from master.sys.server_principals where sid = SUSER_SID('domain\user')) BEGIN declare @T nvarchar(500) Set @T = 'CREATE LOGIN ' + quotename('domain\user') + ' FROM WINDOWS ' exec(@T) END 

手动创建用户并授予 db_owner 权限Create a user and grant db_owner rights manually

若要创建用户并授予对此数据库的 db_owner 权限,请要求 Sysadmin 执行以下步骤:To create a user and grant db_owner rights on this database, ask the Sysadmin to perform the following steps:

  1. 为扫描程序创建数据库:Create a DB for scanner:

    **CREATE DATABASE AIPScannerUL_[clustername]**
    
    **ALTER DATABASE AIPScannerUL_[clustername] SET TRUSTWORTHY ON**
    
  2. 向运行 install 命令的用户授予权限,并用于运行扫描程序管理命令。Grant rights to the user that runs the install command and is used to run scanner management commands.

    SQL 脚本:SQL script:

    if not exists(select * from master.sys.server_principals where sid = SUSER_SID('domain\user')) BEGIN declare @T nvarchar(500) Set @T = 'CREATE LOGIN ' + quotename('domain\user') + ' FROM WINDOWS ' exec(@T) END
    USE DBName IF NOT EXISTS (select * from sys.database_principals where sid = SUSER_SID('domain\user')) BEGIN declare @X nvarchar(500) Set @X = 'CREATE USER ' + quotename('domain\user') + ' FROM LOGIN ' + quotename('domain\user'); exec sp_addrolemember 'db_owner', 'domain\user' exec(@X) END
    
  3. 向扫描程序服务帐户授予权限。Grant rights to scanner service account.

    SQL 脚本:SQL script:

    if not exists(select * from master.sys.server_principals where sid = SUSER_SID('domain\user')) BEGIN declare @T nvarchar(500) Set @T = 'CREATE LOGIN ' + quotename('domain\user') + ' FROM WINDOWS ' exec(@T) END
    

限制:无法向扫描程序的服务帐户授予“本地登录”**** 权限Restriction: The service account for the scanner cannot be granted the Log on locally right

如果你的组织策略禁止服务帐户在 本地登录 ,但允许 作为批处理作业登录 ,请使用具有 set-aipauthentication 的 OnBehalfOf 参数。If your organization policies prohibit the Log on locally right for service accounts, but allows the Log on as a batch job right, use the OnBehalfOf parameter with Set-AIPAuthentication.

有关详细信息,请参阅 如何以非交互方式为 Azure 信息保护标记文件For more information, see How to label files non-interactively for Azure Information Protection.

限制:扫描仪服务帐户无法同步到 Azure Active Directory 但服务器具有 internet 连接Restriction: The scanner service account cannot be synchronized to Azure Active Directory but the server has internet connectivity

可以使用一个帐户来运行扫描程序服务,并使用另一个帐户对 Azure Active Directory 进行身份验证:You can have one account to run the scanner service and use another account to authenticate to Azure Active Directory:

限制:标签没有自动标记条件Restriction: Your labels do not have auto-labeling conditions

如果标签没有任何自动标记条件,请在配置扫描仪时计划使用以下选项之一:If your labels do not have any auto-labeling conditions, plan to use one of the following options when configuring your scanner:

选项Option 说明Description
发现所有信息类型Discover all info types 内容扫描作业中,将 "要 发现的信息类型 " 选项设置为 " 所有"。In your content scan job, set the Info types to be discovered option to All.

此选项设置内容扫描作业,以扫描所有敏感信息类型的内容。This option sets the content scan job to scan your content for all sensitive information types.
使用建议的标签Use recommended labeling 内容扫描作业中,将 " 建议标记为自动 " 选项设置为 "打开"。In your content scan job, set the Treat recommended labeling as automatic option to On.

此设置将扫描程序配置为自动将所有建议的标签应用于内容。This setting configures the scanner to automatically apply all recommended labels on your content.
定义默认标签Define a default label 定义 策略内容扫描作业存储库中的默认标签。Define a default label in your policy, content scan job, or repository.

在这种情况下,扫描器会对找到的所有文件应用默认标签。In this case the scanner applies the default label on all files found.

后续步骤Next steps

确认系统符合扫描器先决条件后,请继续 部署 Azure 信息保护扫描程序以自动对文件进行分类和保护Once you've confirmed that your system complies with the scanner prerequisites, continue with Deploying the Azure Information Protection scanner to automatically classify and protect files.

有关扫描仪的概述,请参阅 部署 Azure 信息保护扫描程序以自动对文件进行分类和保护For an overview about the scanner, see Deploying the Azure Information Protection scanner to automatically classify and protect files.

详细信息:More information: