快速入门:为用户配置标签以便轻松保护包含敏感信息的电子邮件Quickstart: Configure a label for users to easily protect emails that contain sensitive information

适用范围: Azure 信息保护Applies to: Azure Information Protection

说明: 适用于 Windows 的 Azure 信息保护经典客户端Instructions for: Azure Information Protection classic client for Windows


为了提供统一、简化的客户体验,Azure 门户中的 Azure 信息保护客户端(经典) 和标签管理 将于 2021 年 3 月 31 日 弃用 。To provide a unified and streamlined customer experience, Azure Information Protection client (classic) and Label Management in the Azure Portal are being deprecated as of March 31, 2021. 在此时间框架内,所有 Azure 信息保护客户都可以使用 Microsoft 信息保护统一标记平台转换到我们的统一标记解决方案。This time-frame allows all current Azure Information Protection customers to transition to our unified labeling solution using the Microsoft Information Protection Unified Labeling platform. 有关详细信息,请参阅官方弃用通知Learn more in the official deprecation notice.

本快速入门介绍如何配置现有 Azure 信息保护标签以自动应用“不得转发”保护设置。In this quickstart, you'll configure an existing Azure Information Protection label to automatically apply the Do Not Forward protection setting.

当前的 Azure 信息保护策略已包含两个具有此配置的标签:The current Azure Information Protection policy already contains two labels that have this configuration:

  • 机密\仅收件人Confidential \ Recipients Only

  • 高度机密\仅收件人Highly Confidential \ Recipients Only

但是,如果你的策略较旧,或者在创建组织策略时未激活保护,将不会包含这些标签。However, if your policy is older, or if protection wasn't activated at the time your organization's policy was created, you won't have these labels.

所需时间:在 5 分钟内即可完成此配置。Time required: You can finish this configuration in 5 minutes.


要完成本快速入门,需要具备以下条件:To complete this quickstart, you need:

要求Requirement 说明Description
支持订阅A supporting subscription 你将需要包含 Azure 信息保护计划 1 或计划 2 的订阅。You'll need a subscription that includes Azure Information Protection Plan 1 or Plan 2.

如果没有上述任一订阅,可以为组织创建一个免费帐户。If you don't have one of these subscriptions, you can create a free account for your organization.
AIP 已添加到 Azure 门户AIP added to the Azure portal 已将“Azure 信息保护”窗格添加到 Azure 门户,并确认已激活保护服务。You've added the Azure Information Protection pane to the Azure portal, and confirmed that the protection service is activated.

有关详细信息,请参阅快速入门:在 Azure 门户中开始For more information, see Quickstart: Get started in the Azure portal.
要配置的现有 Azure 信息保护标签An existing Azure Information Protection label to configure 使用其中一个默认标签,或者使用已创建的标签。Use one of the default labels, or a label that you've created. 有关详细信息,请参阅快速入门:为特定用户创建新的 Azure 信息保护标签For more information, see Quickstart: Create a new Azure Information Protection label for specific users.
经典客户端已安装Classic client installed 若要测试新标签,需要在计算机上安装经典客户端。To test the new label, you'll need the classic client installed on your computer.

2021 年 3 月将弃用 Azure 信息保护经典客户端。The Azure Information Protection classic client is being deprecated in March 2021. 若要部署 AIP 经典客户端,请打开支持票证以获取下载访问权限。To deploy the AIP classic client, open a support ticket to get download access.
登录到 Office 应用的 Windows 计算机A Windows computer, signed into Office apps 若要测试新标签,你将需要运行 Windows(最低为 Windows 7 Service Pack 1)的计算机。To test the new label, you'll need a computer running Windows (minimum of Windows 7 with Service Pack 1).

在此计算机上,登录到以下 Office 应用版本之一:On this computer, sign into one of the following Office app versions:
- Office 应用最低版本 1805,Microsoft 365 商业应用版中的内部版本 9330.2078 或 Microsoft 365 商业高级版,前提是已为你分配了 Azure Rights Management 的许可证。- Office apps minimum version 1805, build 9330.2078 from Microsoft 365 Apps for Business or Microsoft 365 Business Premium when you are assigned a license for Azure Rights Management.
- Microsoft 365 企业应用版。- Microsoft 365 Apps for Enterprise.
- Office Professional Plus 2019。- Office Professional Plus 2019.
- Office Professional Plus 2016。- Office Professional Plus 2016.
- Office Professional Plus 2013 Service Pack 1。- Office Professional Plus 2013 with Service Pack 1.
- Office Professional Plus 2010 Service Pack 2。- Office Professional Plus 2010 with Service Pack 2.

有关使用 Azure 信息保护的先决条件的完整列表,请参阅 Azure 信息保护的要求For a full list of prerequisites to use Azure Information Protection, see Requirements for Azure Information Protection.

配置现有标签以应用“不得转发”保护Configure an existing label to apply the Do Not Forward protection

  1. 打开新的浏览器窗口,以全局管理员身份登录到 Azure 门户。然后导航到“Azure 信息保护”。Open a new browser window and sign in to the Azure portal as a global admin. Then navigate to Azure Information Protection.

    例如,在资源、服务和文档的搜索框中:开始键入“信息”并选择“Azure 信息保护”。For example, in the search box for resources, services, and docs: Start typing Information and select Azure Information Protection.

    如果你不是全局管理员,请使用以下链接获取替代角色:登录到 Azure 门户If you are not the global admin, use the following link for alternative roles: Signing in to the Azure portal

  2. 从“分类” > “标签”菜单选项中 :在“Azure 信息保护 - 标签”窗格上,选择要配置为应用保护的标签。From the Classifications > Labels menu option: On the Azure Information Protection - Labels pane, select the label you want to configure to apply the protection.

  3. 在“标签”窗格上,查找“为包含此标签的文档和电子邮件设置权限”。On the Label pane, locate Set permissions for documents and emails containing this label. 如果之前已选择“未配置”或“删除保护”,那么在选中“保护”后,会自动打开“保护”窗格 。Select Protect, and the Protection pane automatically opens if Not configured or Remove Protection was previously selected.

    如果“保护”窗格未自动打开,请选择“保护” :If the Protection pane does not automatically open, select Protection:

    为 Azure 信息保护标签配置保护

  4. 在“保护”窗格上,确保选中“Azure (云密钥)” 。On the Protection pane, make sure that Azure (cloud key) is selected.

  5. 选择“设置用户定义的权限(预览)”。Select Set user-defined permissions (Preview).

  6. 请确保选中以下选项:“在 Outlook 中应用‘不可转发’”。Make sure that the following option is selected: In Outlook apply Do Not Forward.

  7. 如已选中,请清除以下选项:“在 Word、Excel、PowerPoint 和文件资源管理器中提示用户获取自定义权限”。If selected, clear the following option: In Word, Excel, PowerPoint and File Explorer prompt user for custom permissions.

  8. 单击“保护”窗格上的“确定”,再单击“标签”窗格上的“保存”。Click OK on the Protection pane, and then click Save on the Label pane.

标签现已配置为仅在 Outlook 中显示,并将“不得转发”保护应用于电子邮件。Your label is now configured to display in Outlook only, and apply the Do Not Forward protection to emails.

测试新标签Test your new label

配置的标签仅在 Outlook 中显示,适用于在为 Exchange Online 配置 Office 365 邮件加密新功能时发送给组织外部任何收件人的电子邮件。Your configured label displays only in Outlook and is suitable for emails sent to any recipient outside your organization when Exchange Online is configured for the new capabilities in Office 365 Message Encryption.

  1. 在计算机上打开 Outlook 并创建新的电子邮件。On your computer, open Outlook and create a new email message. 如果 Outlook 已打开,请重新启动它以强制执行策略刷新。If Outlook is already open, restart it to force a policy refresh.

  2. 指定收件人、电子邮件的部分文本,然后应用刚刚创建的标签。Specify the recipients, some text for the email message, and then apply the label that you just created.

    电子邮件根据标签名称进行分类,并使用“不得转发”限制进行保护。The email message is classified according to the label name, and protected with the Do Not Forward restriction.

  3. 发送电子邮件。Send the email.

这样一来,收件人将无法转发、打印或复制该电子邮件,也无法保存附件或另存为其他名称。The result is that recipients cannot forward the email, or print it, copy from it, or save attachments, or save the email as a different name. 任何设备上的任何用户都可以读取受保护的电子邮件。The protected email message can be read by any user, on any device.

清理资源Clean up resources

如果不想保留此配置并返回标签以使其不应用保护,请执行以下操作:Do the following if you do not want to keep this configuration and return your label such that it doesn't apply protection:

  1. 从“分类” > “标签”菜单选项中 :在“Azure 信息保护 - 标签”窗格上,选择配置的标签。From the Classifications > Labels menu option: On the Azure Information Protection - Labels pane, select the label you configured.

  2. 在“标签”窗格上,找到“为包含此标签的文档和电子邮件设置权限”,选择“未配置”,然后选择“保存”。On the Label pane, locate Set permissions for documents and emails containing this label, select Not configured, and select Save.

后续步骤Next steps

此快速入门包括最少的选项,使用户可以快速配置标签,从而轻松保护其电子邮件。This quickstart includes the minimum options so that you can quickly configure a label that makes it easy for users to protect their emails. 但是,如果配置限制太多或限制不足,请参阅其他示例配置:However, if the configuration is too restrictive, or not restrictive enough, see the other example configurations:

若要了解配置可应用保护的标签的完整说明,请参阅如何配置标签以进行 Rights Management 保护For full instructions how to configure a label that applies protection, see How to configure a label for Rights Management protection.