安装和部署 Azure 信息保护经典扫描器的先决条件Prerequisites for installing and deploying the Azure Information Protection classic scanner

适用于: Azure 信息保护、windows server 2019、windows server 2016、windows Server 2012 R2Applies to: Azure Information Protection, Windows Server 2019, Windows Server 2016, Windows Server 2012 R2

备注

为了提供统一、简化的客户体验,Azure 门户中的 Azure 信息保护客户端(经典) 和标签管理 将于 2021 年 3 月 31 日 弃用 。To provide a unified and streamlined customer experience, Azure Information Protection client (classic) and Label Management in the Azure Portal are being deprecated as of March 31, 2021. 在此时间框架内,所有 Azure 信息保护客户都可以使用 Microsoft 信息保护统一标记平台转换到我们的统一标记解决方案。This time-frame allows all current Azure Information Protection customers to transition to our unified labeling solution using the Microsoft Information Protection Unified Labeling platform. 有关详细信息,请参阅官方弃用通知Learn more in the official deprecation notice.

如果使用的是统一标签扫描程序,请参阅 安装和部署 Azure 信息保护统一标签扫描器的先决条件If you're working with the unified labeling scanner, see Prerequisites for installing and deploying the Azure Information Protection unified labeling scanner.

在安装 Azure 信息保护扫描程序之前,请确保你的系统符合以下要求:Before you install the Azure Information Protection scanner, make sure that your system complies with the following requirements:

如果你无法满足表中的所有要求,因为你的组织策略禁止这些要求,请参阅 备选配置 部分。If you can't meet all the requirements in the table because they are prohibited by your organization policies, see the alternative configurations section.

在生产中部署扫描仪或测试多个扫描仪的性能时,请参阅 SQL Server 的存储要求和容量规划When deploying the scanner in production or testing the performance for multiple scanners, see Storage requirements and capacity planning for SQL Server.

准备好开始安装和部署扫描程序时,请继续 部署 Azure 信息保护扫描程序以自动对文件进行分类和保护When you're ready to start installing and deploying your scanner, continue with Deploying the Azure Information Protection scanner to automatically classify and protect files.

Windows Server 要求Windows Server requirements

你必须有一台运行扫描程序的 Windows Server 计算机,该计算机具有以下系统规范:You must have a Windows Server computer to run the scanner, which has the following system specifications:

规格Specification 详细信息Details
处理器Processor 4核处理器4 core processors
RAMRAM 8 GB8 GB
磁盘空间Disk space 10 GB 可用空间 (临时文件的平均) 。10 GB free space (average) for temporary files.

扫描程序需要足够的磁盘空间,才能为其扫描的每个文件(每个核心四个文件)创建临时文件。The scanner requires sufficient disk space to create temporary files for each file that it scans, four files per core.

借助建议的 10GB 磁盘空间,4 核处理器可以扫描 16 个文件,每个文件的大小为 625MB。The recommended disk space of 10 GB allows for 4 core processors scanning 16 files that each have a file size of 625 MB.
操作系统Operating system -Windows Server 2019- Windows Server 2019
- Windows Server 2016- Windows Server 2016
- Windows Server 2012 R2- Windows Server 2012 R2

注意: 对于非生产环境中的测试或评估目的,还可以使用 Azure 信息保护客户端支持的任何 Windows 操作系统。Note: For testing or evaluation purposes in a non-production environment, you can also use any Windows operating system that is supported by the Azure Information Protection client.
网络连接Network connectivity 扫描仪计算机可以是物理计算机或虚拟计算机,与要扫描的数据存储进行快速可靠的网络连接。Your scanner computer can be a physical or virtual computer with a fast and reliable network connection to the data stores to be scanned.

如果由于组织策略而无法建立 internet 连接,请参阅 用备用配置部署扫描程序If internet connectivity is not possible because of your organization policies, see Deploying the scanner with alternative configurations.

否则,请确保此计算机具有 internet 连接,允许通过 HTTPS (端口 443) 的以下 Url:Otherwise, make sure that this computer has internet connectivity that allows the following URLs over HTTPS (port 443):

- *。 aadrm.com- *.aadrm.com
- *。 azurerms.com- *.azurerms.com
- *。 informationprotection.azure.com- *.informationprotection.azure.com
-informationprotection.hosting.portal.azure.net- informationprotection.hosting.portal.azure.net
- *。 aria.microsoft.com- *.aria.microsoft.com

服务帐户要求Service account requirements

您必须具有服务帐户才能在 Windows Server 计算机上运行 scanner 服务,并可 Azure AD 和下载 Azure 信息保护策略。You must have a service account to run the scanner service on the Windows Server computer, as well as authenticate to Azure AD and download the Azure Information Protection Policy.

你的服务帐户必须是 Active Directory 帐户,并同步到 Azure AD。Your service account must be an Active Directory account and synchronized to Azure AD.

如果由于组织策略而无法同步此帐户,请参阅 用备用配置部署扫描程序If you cannot synchronize this account because of your organization policies, see Deploying the scanner with alternative configurations.

此服务帐户有以下要求:This service account has the following requirements:

要求Requirement 详细信息Details
本地登录 用户权限分配Log on locally user right assignment 需要安装和配置扫描程序,但不需要运行扫描。Required to install and configure the scanner, but not required to run scans.

确认扫描程序可以发现、分类和保护文件后,可以从服务帐户中删除此权限。Once you've confirmed that the scanner can discover, classify, and protect files, you can remove this right from the service account.

如果由于组织策略的原因而无法在短时间内授予此权限,请参阅 使用替代配置部署扫描程序If granting this right even for a short period of time is not possible because of your organization policies, see Deploying the scanner with alternative configurations.
作为服务登录**** 的用户权限分配。Log on as a service user right assignment. 扫描程序安装过程中会自动将此权限授予服务帐户,此权限是安装、配置和操作扫描程序所必需的。This right is automatically granted to the service account during the scanner installation and this right is required for the installation, configuration, and operation of the scanner.
数据存储库的权限Permissions to the data repositories - 文件共享或本地文件: 授予 " 读取"、" 写入" 和 " 修改 " 权限以扫描文件,然后按配置应用 "分类和保护"。- File shares or local files: Grant Read, Write, and Modify permissions for scanning the files and then applying classification and protection as configured.

- SharePoint: 授予 " 完全控制 " 权限以扫描文件,然后按配置应用 "分类和保护"。- SharePoint: Grant Full Control permissions for scanning the files and then applying classification and protection as configured.

- 发现模式: 若要仅在发现模式下运行扫描程序, 读取 权限就足够了。- Discovery mode: To run the scanner in discovery mode only, Read permission is sufficient.
对于重新保护或删除保护的标签For labels that reprotect or remove protection 若要确保扫描程序始终可以访问受保护的文件,请将此帐户设置为 Azure 信息保护的 超级用户 ,并确保已启用超级用户功能。To ensure that the scanner always has access to protected files, make this account a super user for Azure Information Protection, and ensure that the super user feature is enabled.

此外,如果已为分阶段部署实现了 载入控件 ,请确保已配置的载入控件中包含该服务帐户。Additionally, if you've implemented onboarding controls for a phased deployment, make sure that the service account is included in the onboarding controls you've configured.

SQL server 要求SQL server requirements

若要存储扫描程序配置数据,请使用具有以下要求的 SQL server:To store the scanner configuration data, use an SQL server with the following requirements:

  • 本地或远程实例。A local or remote instance.

    建议在不同的计算机上托管 SQL Server 和扫描程序服务,除非使用的是小型部署。We recommend hosting the SQL Server and scanner service on different machines, unless you're working with a small deployment.

    SQL Server 2012 是以下版本的最低版本:SQL Server 2012 is the minimum version for the following editions:

    • SQL Server EnterpriseSQL Server Enterprise
    • SQL Server StandardSQL Server Standard
    • 仅建议 SQL Server Express (用于测试环境) SQL Server Express (recommended for test environments only)
  • 具有安装扫描程序的 Sysadmin 角色的帐户。An account with Sysadmin role to install the scanner.

    这使安装过程能够自动创建扫描程序配置数据库并向运行该扫描程序的服务帐户授予所需的 db_owner 角色。This enables the installation process to automatically create the scanner configuration database and grant the required db_owner role to the service account that runs the scanner.

    如果无法授予 Sysadmin 角色或组织策略需要手动创建和配置数据库,请参阅 用备用配置部署扫描程序If you cannot be granted the Sysadmin role or your organization policies require databases to be created and configured manually, see Deploying the scanner with alternative configurations.

  • 容量。Capacity. 有关容量指导,请参阅 SQL Server 的存储要求和容量规划For capacity guidance, see Storage requirements and capacity planning for SQL Server.

  • 不区分大小写排序规则Case insensitive collation

备注

为扫描程序指定自定义群集 (配置文件) 名称时,支持同一 SQL server 上的多个配置数据库。Multiple configuration databases on the same SQL server are supported when you specify a custom cluster (profile) name for the scanner.

SQL Server 的存储要求和容量规划Storage requirements and capacity planning for SQL Server

扫描程序配置数据库所需的磁盘空间量以及运行 SQL Server 的计算机的规范可能因每个环境而异,因此,我们鼓励你进行自己的测试。The amount of disk space required for the scanner's configuration database and the specification of the computer running SQL Server can vary for each environment, so we encourage you to do your own testing. 使用以下指导作为起点。Use the following guidance as a starting point.

有关详细信息,请参阅 优化扫描程序的性能For more information, see Optimizing the performance of the scanner.

对于每个部署,配置数据库的磁盘大小将有所不同。The disk size for the configuration database will vary for each deployment. 建议为要扫描的每个1000000文件分配 500 MB。We recommend that you allocate 500 MB for every 1,000,000 files that you want to scan.

对于每个扫描仪,使用:For each scanner, use:

  • 4核处理器4 core processors
  • 8 GB RAM (最少 4 GB) 8 GB RAM (4 GB minimum)

Azure 信息保护客户端要求Azure Information Protection client requirements

你必须在 Windows Server 计算机上安装 Azure 信息保护客户端。You must have the Azure Information Protection client installed on the Windows Server computer.

有关详细信息,请参阅 经典客户端管理员指南For more information, see the Classic client admin guide.

重要

必须安装扫描程序的完整客户端。You must install the full client for the scanner. 请勿安装只带有 PowerShell 模块的客户端。Do not install the client with just the PowerShell module.

标签配置要求Label configuration requirements

您必须将标签配置为自动应用分类和保护(可选)。You must have labels configured that automatically apply classification, and optionally, protection.

如果未配置这些标签,请参阅 使用替代配置部署扫描程序If you don't have these labels configured, see Deploying the scanner with alternative configurations.

有关详细信息,请参阅:For more information, see:

提示

使用 教程 中的说明,使用一个在已准备好的 Word 文档中查找信用卡号的标签来测试扫描仪。Use the instructions from the tutorial to test the scanner with a label that looks for credit card numbers in a prepared Word document. 但是,你将需要更改标签配置,以使选项 " 选择如何应用此标签 " 设置为 " 自动",而不是 " 建议 " 或 "将 建议标记视为自动 (在扫描仪版本 2.7. x. x. x. x 和更高版本中可用) 。However, you will need to change the label configuration so that the option Select how this label is applied is set to Automatic, rather than Recommended or treat recommended labeling as automatic (available in scanner version 2.7.x.x and above).

然后从文档中删除标签(如果已应用),并将文件复制到扫描程序的数据存储库。Then remove the label from the document (if it is applied) and copy the file to a data repository for the scanner.

SharePoint 要求SharePoint requirements

若要扫描 SharePoint 文档库和文件夹,请确保您的 SharePoint 服务器符合以下要求:To scan SharePoint document libraries and folders, ensure that your SharePoint server complies with the following requirements:

  • 支持的版本。Supported versions. 支持的版本包括: SharePoint 2019、SharePoint 2016、SharePoint 2013 和 SharePoint 2010。Supported versions include: SharePoint 2019, SharePoint 2016, SharePoint 2013, and SharePoint 2010. 扫描程序不支持其他版本的 SharePoint。Other versions of SharePoint are not supported for the scanner.

  • 控制.Versioning. 使用 版本控制时,扫描程序会检查并标记上次发布的版本。When you use versioning, the scanner inspects and labels the last published version. 如果扫描程序标签文件和 内容审批 是必需的,则必须向用户批准标记为 "文件" 的文件。If the scanner labels a file and content approval is required, that labeled file must be approved to be available for users.

  • 大型 SharePoint 场。Large SharePoint farms. 对于大型 SharePoint 场,请检查是否需要增加列表视图阈值(默认为 5,000),以便扫描程序访问所有文件。For large SharePoint farms, check whether you need to increase the list view threshold (by default, 5,000) for the scanner to access all files. 有关详细信息,请参阅 在 SharePoint 中管理大型列表和库For more information, see Manage large lists and libraries in SharePoint.

Microsoft Office 要求Microsoft Office requirements

若要扫描 Office 文档,文档必须采用以下格式之一:To scan Office documents, your documents must be in one of the following formats:

  • Microsoft Office 97-2003Microsoft Office 97-2003
  • Word、Excel 和 PowerPoint 的 Office Open XML 格式Office Open XML formats for Word, Excel, and PowerPoint

有关详细信息,请参阅 Azure 信息保护客户端支持的文件类型For more information, see File types supported by the Azure Information Protection client.

文件路径要求File path requirements

若要扫描文件,文件路径的最大长度必须为260个字符,除非在 Windows 2016 上安装了扫描程序,并且该计算机配置为支持长路径To scan files, your file paths must have a maximum of 260 characters, unless the scanner is installed on Windows 2016 and the computer is configured to support long paths

Windows 10 和 windows Server 2016 支持使用以下组策略设置的路径长度大于260个字符:本地计算机策略 > 计算机配置 > 管理模板 > 所有设置 > 启用 Win32 长路径Windows 10 and Windows Server 2016 support path lengths greater than 260 characters with the following group policy setting: Local Computer Policy > Computer Configuration > Administrative Templates > All Settings > Enable Win32 long paths

有关支持长文件路径的详细信息,请参阅 Windows 10 开发人员文档中的最大路径长度限制一节。For more information about supporting long file paths, see the Maximum Path Length Limitation section from the Windows 10 developer documentation.

使用情况统计信息要求Usage statistics requirements

使用以下方法之一禁用使用情况统计信息:Disable usage statistics using one of the following methods:

  • AllowTelemetry 参数设置为0Setting the AllowTelemetry parameter to 0

  • 请确保在扫描程序安装过程中未选择 " 通过向 Microsoft 发送使用情况统计信息来帮助改进 Azure 信息保护 " 选项。Ensure that the Help improve Azure Information Protection by sending usage statistics to Microsoft option remains unselected during the scanner installation process.

使用备用配置部署扫描程序Deploying the scanner with alternative configurations

上面列出的先决条件是扫描程序部署的默认要求,建议使用,因为它们支持最简单的扫描程序配置。The prerequisites listed above are the default requirements for the scanner deployment, and recommended because they support the simplest scanner configuration.

默认要求适用于初始测试,因此您可以检查扫描程序的功能。The default requirements should be suitable for initial testing, so that you can check the capabilities of the scanner.

但是,在生产环境中,组织的策略可能会禁止这些默认要求。However, in a production environment, your organization's policies may prohibit these default requirements. 扫描程序可以通过其他配置来适应以下限制:The scanner can accommodate the following restrictions with additional configuration:

限制:扫描仪服务器不能连接到 internetRestriction: The scanner server cannot have internet connectivity

若要支持断开连接的计算机,请执行以下步骤:To support a disconnected computer, perform the following steps:

  1. 配置仅应用分类的标签,或使用 HYOK 保护的应用保护。Configure your labels that apply classification only, or apply protection that uses HYOK protection.

    如果没有 internet 连接,扫描仪将无法使用组织的基于云的密钥来应用保护、删除保护或检查受保护的文件。Without an internet connection, the scanner cannot apply protection, remove protection, or inspect protected files by using your organization's cloud-based key. 相反,扫描器仅限于使用仅应用分类的标签,或使用 HYOK 保护的应用保护。Instead, the scanner is limited to using labels that apply classification only, or apply protection that uses HYOK protection.

    有关详细信息,请参阅 对断开连接的计算机的支持For more information, see Support for disconnected computers.

  2. 通过创建扫描仪群集,在 Azure 门户中配置扫描仪。Configure the scanner in the Azure portal, by creating a scanner cluster. 如果需要此步骤的帮助,请参阅在 Azure 门户中配置扫描程序If you need help with this step, see Configure the scanner in the Azure portal.

  3. 使用 "导出" 选项,从 " Azure 信息保护-内容扫描作业" 窗格导出内容作业。Export your content job from the Azure Information Protection - Content scan jobs pane using the Export option.

  4. 在 PowerShell 会话中,运行 set-aipscannerconfiguration 并指定包含导出的设置的文件。In a PowerShell session, run Import-AIPScannerConfiguration and specify the file that contains the exported settings.

限制:无法获得 Sysadmin 角色,或必须手动创建和配置数据库Restriction: You cannot be granted Sysadmin or databases must be created and configured manually

如果可以 暂时 授予 Sysadmin 角色以安装扫描程序,则可以在扫描程序安装完成后删除此角色。If you can be granted the Sysadmin role temporarily to install the scanner, you can remove this role when the scanner installation is complete.

根据组织的要求,执行下列操作之一:Do one of the following, depending on your organization's requirements:

  • 您可以暂时拥有 Sysadmin 角色。You can have the Sysadmin role temporarily. 如果你暂时拥有 Sysadmin 角色,系统会自动为你创建数据库,并且会自动向扫描程序的服务帐户授予所需的权限。If you temporarily have the Sysadmin role, the database is automatically created for you and the service account for the scanner is automatically granted the required permissions.

    但是,配置扫描程序的用户帐户仍需要扫描程序配置数据库的 db_owner 角色。However, the user account that configures the scanner still requires the db_owner role for the scanner configuration database. 如果在安装程序完成之前只有 Sysadmin 角色,请 手动向用户帐户授予 db_owner 角色If you only have the Sysadmin role until the scanner installation is complete, grant the db_owner role to the user account manually.

  • 你根本不能拥有 Sysadmin 角色You cannot have the Sysadmin role at all. 如果你不能暂时授予 Sysadmin 角色,则必须在安装 scanner 之前要求具有 Sysadmin 权限的用户手动创建数据库。If you cannot be granted the Sysadmin role even temporarily, you must ask a user with Sysadmin rights to manually create a database before you install the scanner.

    对于此配置,必须将 db_owner 角色分配给以下帐户:For this configuration, the db_owner role must be assigned to the following accounts:

    • 扫描程序的服务帐户Service account for the scanner

    • 用于安装程序的用户帐户User account for the scanner installation

    • 用于配置扫描程序的用户帐户User account for scanner configuration

    用于安装和配置扫描程序的用户帐户通常是相同的。Typically, you will use the same user account to install and configure the scanner. 如果使用不同的帐户,则它们都需要扫描程序配置数据库的 db_owner 角色。If you use different accounts, they both require the db_owner role for the scanner configuration database. 根据需要创建此用户和权限。Create this user and rights as needed.

    如果没有为扫描仪指定自己的群集 (配置文件) 名称,则配置数据库将命名为 " **AIPScanner_ <computer_name> **"。If you do not specify your own cluster (profile) name for the scanner, the configuration database is named AIPScanner_<computer_name>.
    继续 创建用户并授予对数据库的 db_owner 权限Continue with creating a user and granting db_owner rights on the database.

此外:Additionally:

  • 您必须是将运行扫描程序的服务器上的本地管理员You must be a local administrator on the server that will run the scanner

  • 必须为将运行扫描程序的服务帐户授予对以下注册表项的 "完全控制" 权限:The service account that will run the scanner must be granted Full Control permissions to the following registry keys:

    • HKEY_LOCAL_MACHINE \SOFTWARE\WOW6432Node\Microsoft\MSIPC\ServerHKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\MSIPC\Server
    • HKEY_LOCAL_MACHINE \SOFTWARE\Microsoft\MSIPC\ServerHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSIPC\Server

如果在配置这些权限后出现错误,则在安装扫描程序时,可以忽略该错误,并且可以手动启动 scanner 服务。If, after configuring these permissions, you see an error when you install the scanner, the error can be ignored and you can manually start the scanner service.

手动填充数据库Populate the database manually

使用以下脚本填充数据库:Populate the database using the following script:

if not exists(select * from master.sys.server_principals where sid = SUSER_SID('domain\user')) BEGIN declare @T nvarchar(500) Set @T = 'CREATE LOGIN ' + quotename('domain\user') + ' FROM WINDOWS ' exec(@T) END 

手动创建用户并授予 db_owner 权限Create a user and grant db_owner rights manually

若要创建用户并授予对此数据库的 db_owner 权限,请要求 Sysadmin 执行以下操作:To create a user and grant db_owner rights on this database, ask the Sysadmin to do the following:

  1. 为扫描程序创建数据库:Create a DB for scanner:

    **CREATE DATABASE AIPScannerUL_[clustername]**
    
    **ALTER DATABASE AIPScannerUL_[clustername] SET TRUSTWORTHY ON**
    
  2. 向运行 install 命令的用户授予权限,并用于运行扫描程序管理命令。Grant rights to the user that runs the install command and is used to run scanner management commands.

    SQL 脚本:SQL script:

    if not exists(select * from master.sys.server_principals where sid = SUSER_SID('domain\user')) BEGIN declare @T nvarchar(500) Set @T = 'CREATE LOGIN ' + quotename('domain\user') + ' FROM WINDOWS ' exec(@T) END
    USE DBName IF NOT EXISTS (select * from sys.database_principals where sid = SUSER_SID('domain\user')) BEGIN declare @X nvarchar(500) Set @X = 'CREATE USER ' + quotename('domain\user') + ' FROM LOGIN ' + quotename('domain\user'); exec sp_addrolemember 'db_owner', 'domain\user' exec(@X) END
    
  3. 向扫描程序服务帐户授予权限。Grant rights to scanner service account.

    SQL 脚本:SQL script:

    if not exists(select * from master.sys.server_principals where sid = SUSER_SID('domain\user')) BEGIN declare @T nvarchar(500) Set @T = 'CREATE LOGIN ' + quotename('domain\user') + ' FROM WINDOWS ' exec(@T) END
    

限制:无法向扫描程序的服务帐户授予“本地登录”**** 权限Restriction: The service account for the scanner cannot be granted the Log on locally right

如果你的组织策略禁止服务帐户在 本地登录 ,但允许 作为批处理作业登录 权限,请参阅 指定并使用 set-aipauthentication 的 Token 参数If your organization policies prohibit the Log on locally right for service accounts, but allows the Log on as a batch job right, see Specify and use the Token parameter for Set-AIPAuthentication.

限制:扫描仪服务帐户无法同步到 Azure Active Directory 但服务器具有 internet 连接Restriction: The scanner service account cannot be synchronized to Azure Active Directory but the server has internet connectivity

可以使用一个帐户来运行扫描程序服务,并使用另一个帐户对 Azure Active Directory 进行身份验证:You can have one account to run the scanner service and use another account to authenticate to Azure Active Directory:

限制:标签没有自动标记条件Restriction: Your labels do not have auto-labeling conditions

如果标签没有任何自动标记条件,请在配置扫描仪时计划使用以下选项之一:If your labels do not have any auto-labeling conditions, plan to use one of the following options when configuring your scanner:

选项Option 描述Description
发现所有信息类型Discover all info types 内容扫描作业中,将 "要 发现的信息类型 " 选项设置为 " 所有"。In your content scan job, set the Info types to be discovered option to All.

此选项设置内容扫描作业,以扫描所有敏感信息类型的内容。This option sets the content scan job to scan your content for all sensitive information types.
定义默认标签Define a default label 定义 策略内容扫描作业存储库中的默认标签。Define a default label in your policy, content scan job, or repository.

在这种情况下,扫描器会对找到的所有文件应用默认标签。In this case the scanner applies the default label on all files found.

后续步骤Next steps

确认系统符合扫描器先决条件后,请继续 部署 Azure 信息保护扫描程序以自动对文件进行分类和保护Once you've confirmed that your system complies with the scanner prerequisites, continue with Deploying the Azure Information Protection scanner to automatically classify and protect files.

有关扫描仪的概述,请参阅 部署 Azure 信息保护扫描程序以自动对文件进行分类和保护For an overview about the scanner, see Deploying the Azure Information Protection scanner to automatically classify and protect files.

详细信息:More information:

想了解 Microsoft 的 Core Services 工程和运行团队是如何实现此扫描程序的?Interested in how the Core Services Engineering and Operations team in Microsoft implemented this scanner? 请阅读以下技术案例研究:使用 Azure 信息保护扫描程序自动执行数据保护Read the technical case study: Automating data protection with Azure Information Protection scanner.

您可能想知道: Windows SERVER FCI 和 Azure 信息保护扫描程序之间的区别是什么?You might be wondering: What's the difference between Windows Server FCI and the Azure Information Protection scanner?

还可在台式计算机中,利用 PowerShell 以交互方式对文件进行分类和保护。You can also use PowerShell to interactively classify and protect files from your desktop computer. 有关此方案以及使用 PowerShell 的其他方案的详细信息,请参阅 将 PowerShell 与 Azure 信息保护经典客户端配合使用For more information about this and other scenarios that use PowerShell, see Using PowerShell with the Azure Information Protection classic client