有关 Azure 信息保护中的分类和标签的常见问题Frequently asked questions about classification and labeling in Azure Information Protection

适用于: Azure 信息保护Office 365Applies to: Azure Information Protection, Office 365

备注

为了提供统一、简化的客户体验,Azure 门户中的 Azure 信息保护客户端(经典) 和标签管理 将于 2021 年 3 月 31 日 弃用 。To provide a unified and streamlined customer experience, Azure Information Protection client (classic) and Label Management in the Azure Portal are being deprecated as of March 31, 2021. 在此时间框架内,所有 Azure 信息保护客户都可以使用 Microsoft 信息保护统一标记平台转换到我们的统一标记解决方案。This time-frame allows all current Azure Information Protection customers to transition to our unified labeling solution using the Microsoft Information Protection Unified Labeling platform. 有关详细信息,请参阅官方弃用通知Learn more in the official deprecation notice.

遇到有关 Azure 信息保护的专门与分类和标签有关的问题?Have a question about Azure Information Protection that is specifically about classification and labeling? 请查看此处是否有答案。See if it's answered here.

我应该安装哪个客户端来测试新功能?Which client do I install for testing new functionality?

目前有两个适用于 Windows 的 Azure 信息保护客户端:Currently, there are two Azure Information Protection clients for Windows:

  • Azure 信息保护统一标签客户端,它从以下管理中心之一下载标签和策略设置: Office 365 Security & 相容性中心、Microsoft 365 安全中心、Microsoft 365 合规中心。The Azure Information Protection unified labeling client that downloads labels and policy settings from one of the following admin centers: Office 365 Security & Compliance Center, Microsoft 365 security center, Microsoft 365 compliance center. 此客户端现已正式发布,并且可能有一个预览版本,你可以在将来的版本中测试其他功能。This client is now in general availability, and might have a preview version for you to test additional functionality for a future release.

  • **Azure 信息保护客户端 (经典) **从 Azure 门户下载标签和策略设置。The Azure Information Protection client (classic) that downloads labels and policy settings from the Azure portal. 此客户端建立在以前的客户端通用版本上。This client builds on previous general availability versions of the client.

如果客户的当前功能集和功能满足你的业务要求,我们建议你与统一的标签客户端进行测试。We recommend you test with the unified labeling client if its current feature set and functionality meet your business requirements. 否则,或者如果已在尚未 迁移到统一标签存储的 Azure 门户中配置了标签,请使用经典客户端。If not, or if you have configured labels in the Azure portal that you haven't yet migrated to the unified labeling store, use the classic client. 有关详细信息,包括特性和功能的比较表,请参阅选择使用哪个 Azure 信息保护客户端For more information, including a feature and functionality comparison table, see Choose which Azure Information Protection client to use.

仅在 Windows 上支持 Azure 信息保护客户端。The Azure Information Protection client is supported on Windows only. 若要对 iOS、Android、macOS 和 web 上的文档和电子邮件进行分类和保护,请使用 支持内置标签的 Office 应用To classify and protect documents and emails on iOS, Android, macOS, and the web, use Office apps that support built-in labeling.

在哪里可以找到有关使用 Office 应用的敏感度标签的信息?Where can I find information about using sensitivity labels for Office apps?

请参阅以下文档资源:See the following documentation resources:

有关支持敏感度标签的其他方案的信息,请参阅 敏感度标签的常见方案For information about other scenarios that support sensitivity labels, see Common scenarios for sensitivity labels.

文件是否可以有多个分类?Can a file have more than one classification?

用户一次仅可为每个文档或电子邮件选择一个标签,这通常只会产生一个分类。Users can select just one label at a time for each document or email, which often results in just one classification. 但如果用户选择子标签,这实际上会同时应用两个标签;主标签和次要标签。However, if users select a sublabel, this actually applies two labels at the same time; a primary label and a secondary label. 通过使用子标签,文件可以有两个分类,表示附加控制级别的父\子关系。By using sublabels, a file can have two classifications that denote a parent\child relationship for an additional level of control.

例如,标签“机密”**** 可能包含子标签,如“法律”**** 和“财务”****。For example, the label Confidential might contain sublabels such as Legal and Finance. 可对这些子标签应用不同的分类视觉标记和不同的权限管理模板。You can apply different classification visual markings and different Rights Management templates to these sublabels. 用户不能自行选择“机密”**** 标签;只能选择其中一个子标签,如“法律”****。A user cannot select the Confidential label by itself; only one of its sublabels, such as Legal. 因此,会看到设置的标签是“机密\法律”****。As a result, the label that they see set is Confidential \ Legal. 该文件的元数据包括“Confidential”**** 的一个自定义文本属性和“Legal”**** 的一个自定义文本属性,以及另一个同时包含这两个值(“Confidential Legal”****)的自定义文本属性。The metadata for that file includes one custom text property for Confidential, one custom text property for Legal, and another that contains both values (Confidential Legal).

使用子标签时,请不要在主标签处配置视觉标记、保护和条件。When you use sublabels, don't configure visual markings, protection, and conditions at the primary label. 使用子级别时,请仅在子标签上配置这些设置。When you use sublevels, configure these setting on the sublabel only. 如果在主标签及其子标签上配置这些设置,那么子标签上的设置具有更高优先级。If you configure these settings on the primary label and its sublabel, the settings at the sublabel take precedence.

如何防止他人删除或更改标签?How do I prevent somebody from removing or changing a label?

尽管有一个 策略设置 要求用户指出为什么要降低分类标签、删除标签或删除保护的原因,但此设置不会阻止这些操作。Although there's a policy setting that requires users to state why they are lowering a classification label, removing a label, or removing protection, this setting does not prevent these actions. 要防止用户删除或更改标签,内容必须已受到保护,并且保护权限不向用户授予导出或完全控制使用权限To prevent users from removing or changing a label, the content must already be protected and the protection permissions do not grant the user the Export or Full Control usage right.

标记一封电子邮件时,是否有任何附件会自动获得相同的标记?When an email is labeled, do any attachments automatically get the same labeling?

不是。No. 标记有附件的电子邮件时,这些附件不会继承相同的标记。When you label an email message that has attachments, those attachments do not inherit the same label. 附件仍不带标签,或者保留单独应用的标签。The attachments remain either without a label or retain a separately applied label. 不过,如果电子邮件的标签应用了保护配置,此保护配置也会应用于 Office 附件。However, if the label for the email applies protection, that protection is applied to Office attachments.

DLP 解决方案和其他应用如何与 Azure 信息保护相集成?How can DLP solutions and other applications integrate with Azure Information Protection?

因为 Azure 信息保护将永久性元数据用于分类(包括明文标签),所以此信息可供 DLP 解决方案和其他应用程序读取。Because Azure Information Protection uses persistent metadata for classification, which includes a clear-text label, this information can be read by DLP solutions and other applications.

有关此元数据的详细信息,请参阅电子邮件和文档中存储的标签信息For more information about this metadata, see Label information stored in emails and documents.

有关将此元数据与 Exchange Online 邮件流规则配合使用的示例,请参阅配置 Azure 信息保护标签的 Exchange Online 邮件流规则For examples of using this metadata with Exchange Online mail flow rules, see Configuring Exchange Online mail flow rules for Azure Information Protection labels.

我能否创建自动包含分类的文档模板?Can I create a document template that automatically includes the classification?

是的。Yes. 可以将标签配置为,应用包含标签名称的页眉或页脚You can configure a label to apply a header or footer that includes the label name. 但如果不满足你的要求,则仅 (经典) 的 Azure 信息保护客户端,你可以创建具有所需格式的文档模板,并将分类添加为字段代码。But if that doesn't meet your requirements, for the Azure Information Protection client (classic) only, you can create a document template that has the formatting you want and add the classification as a field code.

例如,文档的页眉中可能有一个显示分类的表。As an example, you might have a table in your document's header that displays the classification. 或者,对引用文档分类的简介使用具体的字词。Or, you use specific wording for an introduction that references the document's classification.

若要在文档中添加此域代码,请执行以下操作:To add this field code in your document:

  1. 标记并保存文档。Label the document and save it. 此操作新建可立即用于域代码的元数据字段。This action creates new metadata fields that you can now use for your field code.

  2. 在文档中,将光标置于要添加标签分类的位置,再在“插入”**** 选项卡中依次选择“文本”**** > “文档部件”**** > “字段”****。In the document, position the cursor where you want to add the label's classification and then, from the Insert tab, select Text > Quick Parts > Field.

  3. 在“字段”**** 对话框中,选择“类别”**** 下拉列表中的“文档信息”****。In the Field dialog box, from the Categories dropdown, select Document Information. 然后,选择“字段名称”**** 下拉列表中的“DocProperty”****。Then, from the Fields names dropdown, select DocProperty.

  4. 在“属性”**** 下拉列表中,依次选择“敏感度”**** 和“确定”****。From the Property dropdown, select Sensitivity, and select OK.

此时,当前标签的分类显示在文档中,并且这个值会在你每次打开文档或使用模板时自动刷新。The current label's classification is displayed in the document and this value will be refreshed automatically whenever you open the document or use the template. 因此,如果标签发生更改,那么对此域代码显示的分类也会在文档中自动更新。So if the label changes, the classification that is displayed for this field code is automatically updated in the document.

使用 Azure 信息保护的电子邮件分类与 Exchange 邮件分类有何不同?How is classification for emails using Azure Information Protection different from Exchange message classification?

交换消息分类是一项较旧的功能,可对电子邮件进行分类,并且独立于 Azure 信息保护标签或应用分类的敏感度标签。Exchange message classification is an older feature that can classify emails and it is implemented independently from Azure Information Protection labels or sensitivity labels that apply classification.

但是,你可以将此较旧的功能与标签集成,以便当用户使用 Outlook web 上的 Outlook 以及使用某些移动邮件应用程序对电子邮件进行分类时,会自动添加标签分类和相应的标签标记。However, you can integrate this older feature with labels, so that when users classify an email by using Outlook on the web and by using some mobile mail applications, the label classification and corresponding label markings are automatically added.

可以使用同一技术将标签用于 Outlook 网页版和这些移动邮件应用程序。You can use this same technique to use your labels with Outlook on the web and these mobile mail applications.

请注意,如果在使用 Exchange Online 的 web 上使用 Outlook,则无需执行此操作,因为这种组合在从 Office 365 Security & 相容性中心、Microsoft 365 安全中心或 Microsoft 合规中心发布敏感度标签时支持内置标签。Note that there's no need to do this if you're using Outlook on the web with Exchange Online, because this combination supports built-in labeling when you publish sensitivity labels from the Office 365 Security & Compliance Center, Microsoft 365 security center, or Microsoft compliance center.

如果无法在 web 上使用 Outlook 内置标签,请参阅此解决方法的配置步骤: 与旧 Exchange 消息分类的集成If you cannot use built-in labeling with Outlook on the web, see the configuration steps for this workaround: Integration with the legacy Exchange message classification