管理用于 Azure 信息保护的个人数据Manage personal data for Azure Information Protection

在配置和使用 Azure 信息保护时,Azure 信息保护服务会存储和使用电子邮件地址和 IP 地址。When you configure and use Azure Information Protection, email addresses and IP addresses are stored and used by the Azure Information Protection service. 可以在以下各项中找到此个人数据:This personal data can be found in the following items:

  • Azure 信息保护策略The Azure Information Protection policy

  • 保护服务的模板Templates for the protection service

  • 保护服务的超级用户和委派的管理员Super users and delegated administrators for the protection service

  • 保护服务的管理日志Administration logs for the protection service

  • 保护服务的使用日志Usage logs for the protection service

  • 文档跟踪日志Document tracking logs

  • Azure 信息保护客户端和 RMS 客户端的使用情况日志Usage logs for the Azure Information Protection clients and RMS client

备注

本文介绍从设备或服务中删除个人数据的步骤,并可用于支持 GDPR 所规定的义务。This article provides steps for how to delete personal data from the device or service and can be used to support your obligations under the GDPR. 如果正在查找有关 GDPR 的常规信息,请参阅服务信任门户的 GDPR 部分If you’re looking for general info about GDPR, see the GDPR section of the Service Trust portal.

查看 Azure 信息保护使用的个人数据Viewing personal data that Azure Information Protection uses

使用 Azure 门户,管理员可为作用域内策略和标签配置中的保护设置指定电子邮件地址。Using the Azure portal, an administrator can specify email addresses for scoped policies and for protection settings within a label configuration. 有关详细信息,请参阅如何使用作用域内策略为特定用户配置 Azure 信息保护策略以及如何为 Rights Management 保护配置标签For more information, see How to configure the Azure Information Protection policy for specific users by using scoped policies and How to configure a label for Rights Management protection.

对于配置为从 Azure Rights Management 服务应用保护的标签,还可以通过使用AIPService 模块中的 PowerShell cmdlet 在保护模板中找到电子邮件地址。For labels that are configured to apply protection from the Azure Rights Management service, email address can also be found in protection templates, by using PowerShell cmdlets from the AIPService module. 此 PowerShell 模块还允许管理员按照电子邮件地址将用户指定为超级用户,或 Azure Rights Management 服务的管理员。This PowerShell module also lets an administrator specify users by email address to be a super user, or an administrator for the Azure Rights Management service.

将 Azure 信息保护用于分类和保护文档和电子邮件时,可能会将电子邮件地址和用户的 IP 地址保存在日志文件中。When Azure Information Protection is used to classify and protect documents and emails, email addresses and the users' IP addresses might be saved in log files.

保护模板Protection templates

运行AipServiceTemplate cmdlet 以获取保护模板列表。Run the Get-AipServiceTemplate cmdlet to get a list of protection templates. 可以使用模板 ID 获取特定模板的详细信息。You can use the template ID to get details of a specific template. RightsDefinitions 对象显示个人数据,如果有的话。The RightsDefinitions object displays the personal data, if any.

示例:Example:

PS C:\Users> Get-AipServiceTemplate -TemplateId fcdbbc36-1f48-48ca-887f-265ee1268f51 | select *


TemplateId              : fcdbbc36-1f48-48ca-887f-265ee1268f51
Names                   : {1033 -> Confidential}
Descriptions            : {1033 -> This data includes sensitive business information. Exposing this data to
                          unauthorized users may cause damage to the business. Examples for Confidential information
                          are employee information, individual customer projects or contracts and sales account data.}
Status                  : Archived
RightsDefinitions       : {admin@aip500.onmicrosoft.com -> VIEW, VIEWRIGHTSDATA, EDIT, DOCEDIT, PRINT, EXTRACT,
                          REPLY, REPLYALL, FORWARD, EXPORT, EDITRIGHTSDATA, OBJMODEL, OWNER,
                          AllStaff-7184AB3F-CCD1-46F3-8233-3E09E9CF0E66@aip500.onmicrosoft.com -> VIEW,
                          VIEWRIGHTSDATA, EDIT, DOCEDIT, PRINT, EXTRACT, REPLY, REPLYALL, FORWARD, EXPORT,
                          EDITRIGHTSDATA, OBJMODEL, OWNER, admin2@aip500.onmicrosoft.com -> VIEW, VIEWRIGHTSDATA, EDIT,
                          DOCEDIT, PRINT, EXTRACT, REPLY, REPLYALL, FORWARD, EXPORT, EDITRIGHTSDATA, OBJMODEL, OWNER}
ContentExpirationDate   : 1/1/0001 12:00:00 AM
ContentValidityDuration : 0
ContentExpirationOption : Never
LicenseValidityDuration : 7
ReadOnly                : False
LastModifiedTimeStamp   : 1/26/2018 6:17:00 PM
ScopedIdentities        : {}
EnableInLegacyApps      : False
LabelId                 :

保护服务的超级用户和委派的管理员Super users and delegated administrators for the protection service

运行AipServiceSuperUser cmdlet 和aipservicerolebasedadministrator cmdlet,以查看为哪些用户分配了 Azure 信息保护中的保护服务(azure Rights Management)的超级用户角色或全局管理员角色。Run the Get-AipServiceSuperUser cmdlet and get-aipservicerolebasedadministrator cmdlet to see which users have been assigned the super user role or global administrator role for the protection service (Azure Rights Management) from Azure Information Protection. 对于已分配了这些角色之一的用户,会显示其电子邮件地址。For users who have been assigned either of these roles, their email addresses are displayed.

保护服务的管理日志Administration logs for the protection service

运行AipServiceAdminLog cmdlet,从 Azure 信息保护获取保护服务(azure Rights Management)的管理操作日志。Run the Get-AipServiceAdminLog cmdlet to get a log of admin actions for the protection service (Azure Rights Management) from Azure Information Protection. 此日志包含电子邮件地址和 IP 地址形式的个人数据。This log includes personal data in the form of email addresses and IP addresses. 日志采用纯文本形式,下载它后,可以脱机搜索特定管理员的详细信息。The log is in plaintext and after it is downloaded, the details of a specific administrator can be searched offline.

例如:For example:

PS C:\Users> Get-AipServiceAdminLog -Path '.\Desktop\admin.log' -FromTime 4/1/2018 -ToTime 4/30/2018 -Verbose
The Rights Management administration log was successfully generated and can be found at .\Desktop\admin.log.

保护服务的使用日志Usage logs for the protection service

运行AipServiceUserLog cmdlet,以检索使用 Azure 信息保护中的保护服务的最终用户操作的日志。Run the Get-AipServiceUserLog cmdlet to retrieve a log of end-user actions that use the protection service from Azure Information Protection. 此日志可包含电子邮件地址和 IP 地址形式的个人数据。The log could include personal data in the form of email addresses and IP addresses. 日志采用纯文本形式,下载它后,可以脱机搜索特定管理员的详细信息。The log is in plaintext and after it is downloaded, the details of a specific administrator can be searched offline.

例如:For example:

PS C:\Users> Get-AipServiceUserLog -Path '.\Desktop\' -FromDate 4/1/2018 -ToDate 4/30/2018 -NumberOfThreads 10
Acquiring access to your user log…
Downloading the log for 2018-04-01.
Downloading the log for 2018-04-03.
Downloading the log for 2018-04-06.
Downloading the log for 2018-04-09.
Downloading the log for 2018-04-10.
Downloaded the log for 2018-04-01. The log is available at .\Desktop\rmslog-2018-04-01.log.
Downloaded the log for 2018-04-03. The log is available at .\Desktop\rmslog-2018-04-03.log.
Downloaded the log for 2018-04-06. The log is available at .\Desktop\rmslog-2018-04-06.log.
Downloaded the log for 2018-04-09. The log is available at .\Desktop\rmslog-2018-04-09.log.
Downloaded the log for 2018-04-10. The log is available at .\Desktop\rmslog-2018-04-10.log.
Downloading the log for 2018-04-12.
Downloading the log for 2018-04-13.
Downloading the log for 2018-04-14.
Downloading the log for 2018-04-16.
Downloading the log for 2018-04-18.
Downloaded the log for 2018-04-12. The log is available at .\Desktop\rmslog-2018-04-12.log.
Downloaded the log for 2018-04-13. The log is available at .\Desktop\rmslog-2018-04-13.log.
Downloaded the log for 2018-04-14. The log is available at .\Desktop\rmslog-2018-04-14.log.
Downloaded the log for 2018-04-16. The log is available at .\Desktop\rmslog-2018-04-16.log.
Downloaded the log for 2018-04-18. The log is available at .\Desktop\rmslog-2018-04-18.log.
Downloading the log for 2018-04-24.
Downloaded the log for 2018-04-24. The log is available at .\Desktop\rmslog-2018-04-24.log.

文档跟踪日志Document tracking logs

运行AipServiceDocumentLog cmdlet,以从文档跟踪站点检索有关特定用户的信息。Run the Get-AipServiceDocumentLog cmdlet to retrieve information from the document tracking site about a specific user. 若要获取与文档日志关联的跟踪信息,请使用AipServiceTrackingLog cmdlet。To get tracking information associated with the document logs, use the Get-AipServiceTrackingLog cmdlet.

例如:For example:

PS C:\Users> Get-AipServiceDocumentLog -UserEmail "admin@aip500.onmicrosoft.com"


ContentId             : 6326fcb2-c465-4c24-a7f6-1cace7a9cb6f
Issuer                : admin@aip500.onmicrosoft.com
Owner                 : admin@aip500.onmicrosoft.com
ContentName           :
CreatedTime           : 3/6/2018 10:24:00 PM
Recipients            : {
                        PrimaryEmail: johndoe@contoso.com
                        DisplayName: JOHNDOE@CONTOSO.COM
                        UserType: External,
                        PrimaryEmail: alice@contoso0110.onmicrosoft.com
                        DisplayName: ALICE@CONTOSO0110.ONMICROSOFT.COM
                        UserType: External
                        }
TemplateId            :
PolicyExpires         :
EULDuration           :
SendRegistrationEmail : True
NotificationInfo      : Enabled: False
                        DeniedOnly: False
                        Culture:
                        TimeZoneId:
                        TimeZoneOffset: 0
                        TimeZoneDaylightName:
                        TimeZoneStandardName:

RevocationInfo        : Revoked: False
                        RevokedTime:
                        RevokedBy:


PS C:\Users> Get-AipServiceTrackingLog -UserEmail "admin@aip500.onmicrosoft.com"

ContentId            : 6326fcb2-c465-4c24-a7f6-1cace7a9cb6f
Issuer               : admin@aip500.onmicrosoft.com
RequestTime          : 3/6/2018 10:45:57 PM
RequesterType        : External
RequesterEmail       : johndoe@contoso.com
RequesterDisplayName : johndoe@contoso.com
RequesterLocation    : IP: 167.220.1.54
                       Country: US
                       City: redmond
                       Position: 47.6812453974602,-122.120736471666

Rights               : {VIEW,OBJMODEL}
Successful           : False
IsHiddenInfo         : False

没有按 ObjectID 进行任何搜索。There is no search by ObjectID. 但是,你不受 -UserEmail 参数限制,并且你提供的电子邮件地址不需要成为你租户的一部分。However, you are not restricted by the -UserEmail parameter and the email address you provide doesn't need to be part of your tenant. 如果提供的电子邮件地址存储在文档跟踪日志中的任意位置,则在 cmdlet 输出中返回文档跟踪条目。If the email address provided is stored anywhere in the document tracking logs, the document tracking entry is returned in the cmdlet output.

Azure 信息保护客户端和 RMS 客户端的使用情况日志Usage logs for the Azure Information Protection clients and RMS client

将标签和保护应用于文档和电子邮件时,电子邮件地址和 IP 地址可以存储在用户计算机以下位置的日志文件中:When labels and protection are applied to documents and emails, email addresses and IP addresses can be stored in log files on a user's computer in the following locations:

  • 对于 Azure 信息保护,统一标签客户端和 Azure 信息保护客户端:%localappdata%\Microsoft\MSIP\LogsFor the Azure Information Protection unified labeling client and the Azure Information Protection client: %localappdata%\Microsoft\MSIP\Logs

  • 对于 RMS 客户端:%localappdata%\Microsoft\MSIPC\msip\LogsFor the RMS client: %localappdata%\Microsoft\MSIPC\msip\Logs

此外,azure 信息保护客户端将此个人数据记录到本地 Windows 事件日志应用程序和服务日志 > Azure 信息保护In addition, the Azure Information Protection client logs this personal data to the local Windows event log Applications and Services Logs > Azure Information Protection.

Azure 信息保护客户端运行扫描程序时,会将个人数据保存到运行此扫描程序的 Windows Server 计算机上的 %localappdata%\Microsoft\MSIP\Scanner\Reports。When the Azure Information Protection client runs the scanner, personal data is saved to %localappdata%\Microsoft\MSIP\Scanner\Reports on the Windows Server computer that runs the scanner.

可使用以下配置,为 Azure 信息保护客户端和扫描程序禁用日志记录信息:You can turn off logging information for the Azure Information Protection client and the scanner by using the following configurations:

备注

如果对查看或删除个人数据感兴趣,请查看 Microsoft 在 Microsoft 合规性管理器Microsoft 365 企业版合规性站点的 GDPR 部分中的指南。If you’re interested in viewing or deleting personal data, please review Microsoft's guidance in the Microsoft Compliance Manager and in the GDPR section of the Microsoft 365 Enterprise Compliance site. 如果正在查找有关 GDPR 的常规信息,请参阅服务信任门户的 GDPR 部分If you’re looking for general information about GDPR, see the GDPR section of the Service Trust portal.

保护和控制对个人信息的访问Securing and controlling access to personal information

只有通过 Azure Active Directory 分配有以下管理员角色之一的用户可以访问你在 Azure 门户中查看和指定的个人数据:Personal data that you view and specify in the Azure portal is accessible only to users who have been assigned one of the following administrator roles from Azure Active Directory:

  • Azure 信息保护管理员Azure Information Protection administrator

  • 法规管理员Compliance administrator

  • 合规性数据管理员Compliance data administrator

  • 安全管理员Security administrator

  • 安全读取者Security reader

  • 全局管理员Global administrator

  • 全局读取者Global reader

使用 AIPService 模块(或旧模块,AADRM)查看和指定的个人数据仅可供已向其分配了Azure 信息保护管理员合规性管理员符合性数据管理员或 Azure Active Directory 的全局管理员角色,或者保护服务的全局管理员角色。Personal data that you view and specify by using the AIPService module (or the older module, AADRM) is accessible only to users who have been assigned the Azure Information Protection administrator, Compliance administrator, Compliance data administrator, or Global Administrator roles from Azure Active Directory, or the global administrator role for the protection service.

更新个人数据Updating personal data

可以为 Azure 信息保护策略中的作用域内策略和保护设置更新电子邮件地址。You can update email addresses for scoped policies and protection settings in the Azure Information Protection policy. 有关详细信息,请参阅如何使用作用域内策略为特定用户配置 Azure 信息保护策略以及如何为 Rights Management 保护配置标签For more information, see How to configure the Azure Information Protection policy for specific users by using scoped policies and How to configure a label for Rights Management protection.

对于保护设置,你可以使用AIPService 模块中的 PowerShell cmdlet 来更新相同的信息。For the protection settings, you can update the same information by using PowerShell cmdlets from the AIPService module.

无法更新超级用户和委派管理员的电子邮件地址。You cannot update email addresses for the super users and delegated administrators. 请删除指定的用户帐户,添加包含更新电子邮件地址的用户帐户。Instead, remove the specified user account, and add the user account with the updated email address.

保护模板Protection templates

运行AipServiceTemplateProperty cmdlet 以更新保护模板。Run the Set-AipServiceTemplateProperty cmdlet to update the protection template. 由于个人数据在 RightsDefinitions 属性中,因此还需要使用AipServiceRightsDefinition cmdlet 创建具有更新信息的权限定义对象,并将权限定义对象与 cmdlet 一起使用 Set-AipServiceTemplatePropertyBecause the personal data is within the RightsDefinitions property, you will also need to use the New-AipServiceRightsDefinition cmdlet to create a rights definitions object with the updated information, and use the rights definitions object with the Set-AipServiceTemplateProperty cmdlet.

保护服务的超级用户和委派的管理员Super users and delegated administrators for the protection service

需要更新超级用户的电子邮件地址时:When you need update an email address for a super user:

  1. 使用AipServiceSuperUser删除用户和旧电子邮件地址。Use Remove-AipServiceSuperUser to remove the user and old email address.

  2. 使用AipServiceSuperUser添加用户和新的电子邮件地址。Use Add-AipServiceSuperUser to add the user and new email address.

需要更新委派管理员的电子邮件地址时:When you need update an email address for a delegated administrator:

  1. 使用AipServiceRoleBasedAdministrator删除用户和旧电子邮件地址。Use Remove-AipServiceRoleBasedAdministrator to remove the user and old email address.

  2. 使用AipServiceRoleBasedAdministrator添加用户和新的电子邮件地址。Use Add-AipServiceRoleBasedAdministrator to add the user and new email address.

删除个人数据Deleting personal data

可以删除 Azure 信息保护策略中作用域内策略和保护设置的电子邮件地址。You can delete email addresses for scoped policies and protection settings in the Azure Information Protection policy. 有关详细信息,请参阅如何使用作用域内策略为特定用户配置 Azure 信息保护策略以及如何为 Rights Management 保护配置标签For more information, see How to configure the Azure Information Protection policy for specific users by using scoped policies and How to configure a label for Rights Management protection.

对于保护设置,你可以使用AIPService 模块中的 PowerShell cmdlet 删除相同的信息。For the protection settings, you can delete the same information by using PowerShell cmdlets from the AIPService module.

若要删除超级用户和委派的管理员的电子邮件地址,请使用AipServiceSuperUser Cmdlet 和AipServiceRoleBasedAdministrator删除这些用户。To delete email addresses for super users and delegated administrators, remove these users by using the Remove-AipServiceSuperUser cmdlet and Remove-AipServiceRoleBasedAdministrator.

若要删除保护服务的文档跟踪日志、管理日志或使用情况日志中的个人数据,请使用以下部分引发 Microsoft 支持部门的请求。To delete personal data in document tracking logs, administration logs, or usage logs for the protection service, use the following section to raise a request with Microsoft Support.

若要删除客户端日志文件中的个人数据和存储在计算机上的扫描程序日志,请使用任何标准的 Windows 工具来删除这些文件或文件中的个人数据。To delete personal data in the client log files and scanner logs that are stored on computers, use any standard Windows tools to delete the files or personal data within the files.

通过 Microsoft 支持部门删除个人数据To delete personal data with Microsoft Support

使用以下三个步骤来请求 Microsoft 删除文档跟踪日志、管理日志或保护服务的使用日志中的个人数据。Use the following three steps to request that Microsoft deletes personal data in document tracking logs, administration logs, or usage logs for the protection service.

步骤1:启动删除请求Microsoft 支持部门联系,通过请求从租户中删除数据来打开 Azure 信息保护支持案例。Step 1: Initiate delete request Contact Microsoft Support to open an Azure Information Protection support case with a request for deleting data from your tenant. 必须证明你是 Azure 信息保护租户的管理员,并且了解需要几天时间才能确认此过程。You must prove that you are an administrator for your Azure Information Protection tenant and understand that this process takes several days to confirm. 提交请求时,你将需要提供其他信息,具体取决于需要被删除的数据。While submitting your request, you will need to provide additional information, depending on the data that needs to be deleted.

  • 若要删除管理日志,请提供结束日期****。To delete the administration log, provide the end date. 将删除直到该结束日期的所有管理日志。All admin logs until that end date will be deleted.
  • 若要删除使用情况日志,请提供结束日期****。To delete the usage logs, provide the end date. 将删除直到该结束日期的所有使用情况日志。All usage logs until that end date will be deleted.
  • 若要删除文档跟踪日志,请提供 UserEmail****。To delete the document tracking logs, provide the UserEmail. 将删除所有与 UserEmail 相关的文档跟踪信息。All document tracking information relating to the UserEmail will be deleted.

删除此数据是一种永久性操作。Deleting this data is a permanent action. 处理完删除请求后,就无法恢复数据。There is no means to recover the data after a delete request has been processed. 建议管理员在提交删除请求之前导出所需数据。It is recommended that administrators export the required data before submitting a delete request.

步骤 2:等待验证**** Microsoft 将验证删除一个或多个日志的请求是否合法。Step 2: Wait for verification Microsoft will verify that your request to delete one or more logs is legitimate. 此过程最多可能需要五个工作日。This process can take up to five working days.

步骤 3:获得删除确认**** Microsoft 客户支持服务部门 (CSS) 将向你发送数据已删除的确认电子邮件。Step 3: Get confirmation of the deletion Microsoft Customer Support Services (CSS) will send you a confirmation email that the data has been deleted.

导出个人数据Exporting personal data

当你使用 AIPService 或 AADRM PowerShell cmdlet 时,可以将个人数据作为 PowerShell 对象提供给搜索和导出。When you use the AIPService or AADRM PowerShell cmdlets, the personal data is made available for search and export as a PowerShell object. PowerShell 对象可转换为 JSON,并使用 ConvertTo-Json cmdlet 进行保存。The PowerShell object can be converted into JSON and saved by using the ConvertTo-Json cmdlet.

对于基于个人数据的分析或市场营销,Azure 信息保护遵循 Microsoft 的隐私条款Azure Information Protection follows Microsoft's privacy terms for profiling or marketing based on personal data.

审核和报告Auditing and reporting

只有被分配了管理员权限的用户才能使用 AIPSERVICE 或 ADDRM 模块来搜索和导出个人数据。Only users who have been assigned administrator permissions can use the AIPService or ADDRM module for search and export of personal data. 这些操作记录于可下载的管理日志中。These operations are recorded in the administration log that can be downloaded.

对于删除操作,支持请求充当 Microsoft 执行的操作的审核和报告跟踪。For delete actions, the support request acts as the auditing and reporting trail for the actions performed by Microsoft. 删除后,删除的数据将不能用于搜索和导出,管理员可以使用 AIPService 模块中的 Get cmdlet 来验证此数据。After deletion, the deleted data will not be available for search and export, and the administrator can verify this using the Get cmdlets from the AIPService module.