快速入门:为特定用户创建新的 Azure 信息保护标签Quickstart: Create a new Azure Information Protection label for specific users

适用范围: Azure 信息保护Applies to: Azure Information Protection

说明: 适用于 Windows 的 Azure 信息保护经典客户端Instructions for: Azure Information Protection classic client for Windows


为了提供统一、简化的客户体验,Azure 门户中的 Azure 信息保护客户端(经典) 和标签管理 将于 2021 年 3 月 31 日 弃用 。To provide a unified and streamlined customer experience, Azure Information Protection client (classic) and Label Management in the Azure Portal are being deprecated as of March 31, 2021. 在此时间框架内,所有 Azure 信息保护客户都可以使用 Microsoft 信息保护统一标记平台转换到我们的统一标记解决方案。This time-frame allows all current Azure Information Protection customers to transition to our unified labeling solution using the Microsoft Information Protection Unified Labeling platform. 有关详细信息,请参阅官方弃用通知Learn more in the official deprecation notice.

本快速入门介绍如何创建新的 Azure 信息保护标签:只有特定用户才能查看该标签并应用它来分类并保护文档和电子邮件。In this quickstart, you'll create a new Azure Information Protection label that only specific users can see and apply to classify and protect their documents and emails.

此配置使用范围策略。This configuration uses a scoped policy.

所需时间:在 10 分钟内即可完成此配置。Time required: You can finish this configuration in less than 10 minutes.


要完成本快速入门,需要具备以下条件:To complete this quickstart, you need:

要求Requirement 说明Description
支持订阅A supporting subscription 你将需要包含 Azure 信息保护计划 1 或计划 2 的订阅。You'll need a subscription that includes Azure Information Protection Plan 1 or Plan 2.

如果没有上述任一订阅,可以为组织创建一个免费帐户。If you don't have one of these subscriptions, you can create a free account for your organization.
AIP 已添加到 Azure 门户AIP added to the Azure portal 已将“Azure 信息保护”窗格添加到 Azure 门户,并确认已激活保护服务。You've added the Azure Information Protection pane to the Azure portal, and confirmed that the protection service is activated.

有关详细信息,请参阅快速入门:在 Azure 门户中开始For more information, see Quickstart: Get started in the Azure portal.
Azure AD 中已启用电子邮件的组An emailed-enabled group in Azure AD 你将需要 Azure AD 中已启用电子邮件的组,其中包含将查看和应用新标签的用户。You'll need an emailed-enabled group in Azure AD that contains the users who will see and apply the new label.

如果你没有适当的组,请创建一个名为“销售团队”的组并至少添加一个用户。If you don't have a suitable group, create one named Sales Team and add at least one user.
经典客户端已安装Classic client installed 若要测试新标签,需要在计算机上安装经典客户端。To test the new label, you'll need the classic client installed on your computer.

2021 年 3 月将弃用 Azure 信息保护经典客户端。The Azure Information Protection classic client is being deprecated in March 2021. 若要部署 AIP 经典客户端,请打开支持票证以获取下载访问权限。To deploy the AIP classic client, open a support ticket to get download access.

有关使用 Azure 信息保护的先决条件的完整列表,请参阅 Azure 信息保护的要求For a full list of prerequisites to use Azure Information Protection, see Requirements for Azure Information Protection.

创建新标签Create a new label

首先,创建新标签。First, create your new label.

  1. 如果尚未执行此操作,请打开新的浏览器窗口,并登录到 Azure 门户If you haven't already done so, open a new browser window and sign in to the Azure portal. 然后导航到“Azure 信息保护”窗格。Then navigate to the Azure Information Protection pane.

    例如,在资源、服务和文档的搜索框中,开始键入“信息”并选择“Azure 信息保护”。For example, in the search box for resources, services, and docs, start typing Information and select Azure Information Protection.

    如果你不是全局管理员,请使用以下链接获取替代角色:登录到 Azure 门户If you are not the global admin, use the following link for alternative roles: Signing in to the Azure portal

  2. 在“分类”下,选择“标签”,然后单击“+ 添加新标签”。Under Classifications, select Labels, and then click + Add a new label.

  3. 在“标签”窗格上,至少指定以下两个字段:On the Label pane, specify at least the following fields:

    字段Field 描述Description
    标签显示名称Label display name 用户将看到的新标签名称,用于标识内容的分类。A name for the new label that users will see, and that identifies the classification for the content.
    例如:销售 - 受限For example: Sales - Restricted
    描述Description 工具提示,用于帮助用户确定何时选择此新标签。A tooltip to help users identify when to select this new label.
    例如:仅限销售团队的业务数据。For example: Business data that is restricted to the Sales Team.
  4. 请确保“已启用”设置为“开”(默认设置),然后选择“保存”保存Make sure that Enabled is set to On (the default), and select Save Save.

    选择右上角的 X,以关闭“新建标签”窗格。Select the X at the top-right to close the New label pane.

将标签添加到新范围策略Add the label to a new scoped policy

现在,将新创建的标签添加到新范围策略。Now, add your newly created label to a new scoped policy.

  1. 在左侧的“分类”下,选择“策略”,然后单击“添加新策略”。At the left again, under Classifications, select Policies, and then click Add a new policy.

  2. 在“策略名称”字段中,输入有意义的值,用于描述将看到你的新标签的用户。In the Policy name field, enter a meaningful value that describes the users who will see your new label.

    例如,“销售”。For example, Sales.

  3. 选择“选择获取此策略的用户或组”行以打开“AAD 用户和组”窗格。Select the Select which users or groups get this policy row to open the AAD Users and Groups pane.

  4. 在“AAD 用户和组”窗格上,搜索并选择在先决条件中标识的组,如“销售团队”。On the AAD users and Groups pane, search for and select the group that you identified in the prerequisites, such as Sales Team.

    单击“选择”以关闭窗格。Click Select to close the pane.

  5. 返回到“策略”窗格,在“标签显示名称”下,单击“添加或删除标签”。Back on the Policy pane, under Label display name, click Add or remove labels.

  6. 在“策略:添加或删除标签”窗格上,选择已创建的标签,例如,“销售 - 受限”,然后选择“确定”。On the Policy: Add or remove labels pane, select the label that you created, for example, Sales - Restricted, and then select OK.

  7. 返回到“策略”窗格,选择“保存”保存Back on the Policy pane, select Save Save.

你的新标签现在仅向你指定的组的成员发布。Your new label is now published just to the members of the group that you specified.

测试新标签Test your new label

要测试此标签,至少需要两台计算机,因为 Azure 信息保护客户端不支持同一台计算机上的多个用户:To test this label, you need a minimum of two computers because the Azure Information Protection client does not support multiple users on the same computer:

  • 在第一台计算机上,以“销售团队”组的成员身份登录。On your first computer, sign in as a member of the Sales Team group. 打开 Word,确认可以看到新标签。Open Word and confirm that you can see the new label. 如果 Word 已打开,请重新启动它以强制执行策略刷新。If Word is already open, restart it to force a policy refresh.

  • 在第二台计算机上,以非“销售团队”组的成员身份登录。On your second computer, sign in as a user who isn't a member of the Sales Team group. 打开 Word,确认看不到新标签。Open Word and confirm that you can't see the new label. 与前面一样,如果 Word 已打开,则重新启动它。As before, if Word is already open, restart it.

清理资源Clean up resources

如果不希望保留此标签和范围策略,请执行以下操作:Do the following if you do not want to keep this label and scoped policy:

  1. 从“分类” > “策略”区域中 :在“Azure 信息保护 - 策略”窗格上,选择已创建的作用域内策略的上下文菜单(“...”)。From the Classifications > Policies area: On the Azure Information Protection - Policies pane, select the context menu (...) for the scoped policy you've created. 例如,“销售”。For example, Sales.

  2. 选择“删除策略”,如果系统提示你进行确认,请选择“确定”。Select Delete policy and if you're asked to confirm, select OK.

  3. 从“分类” > “标签”区域中:在“Azure 信息保护 - 标签”窗格上,选择已创建的标签的上下文菜单(“...”)。From the Classifications > Label area: On the Azure Information Protection - Label pane, select the context menu (...) for the label you've created. 例如,“销售 - 受限”。For example, Sales - Restricted.

  4. 选择“删除此标签”,如果系统提示你进行确认,请选择“确定”。Select Delete this label and if you're asked to confirm, select OK.

后续步骤Next steps

本快速入门包含最少的选项,以便你可以使用经典客户端为特定用户快速创建新标签。This quickstart includes the minimum options so that you can quickly create a new label for specific users, using the classic client. 有关完整说明,请参阅以下文章:For full instructions, see the following articles:

另外,如果你希望使用标签来保护内容,限制仅“销售团队”的成员可以打开该内容,需要配置标签以应用保护。In addition, if you want the label to protect the content such that only members of the Sales Team could open it, you will need to configure the label to apply protection. 有关说明,请参阅如何配置标签以进行 Rights Management 保护For instructions, see How to configure a label for Rights Management protection.