用户指南:通过 Azure 信息保护统一标签客户端进行分类和保护User Guide: Classify and protect with the Azure Information Protection unified labeling client

适用于: Azure 信息保护、windows 10、Windows 8.1、Windows 8Applies to: Azure Information Protection, Windows 10, Windows 8.1, Windows 8

如果你具有 Windows 7 或 Office 2010,请参阅 AIP For Windows And office 版本中的扩展支持If you have Windows 7 or Office 2010, see AIP for Windows and Office versions in extended support.

适用于以下内容的说明: Azure 信息保护适用于 Windows 的统一标签客户端Instructions for: Azure Information Protection unified labeling client for Windows

备注

借助这些说明,对文档和电子邮件进行分类和保护。Use these instructions to help you classify and protect your documents and emails. 如果只需对文档和电子邮件进行分类(但不保护),请参阅仅分类说明If you need to only classify and not protect your documents and emails, see the classify-only instructions. 如果不确定应使用哪组说明,请与管理员或支持人员核实。If you are not sure which set of instructions to use, check with your administrator or help desk.

在 Office 桌面应用中(WordExcelPowerPointOutlook)创建和编辑文档和电子邮件时对其进行分类和保护最为简单。The easiest way to classify and protect your documents and emails is when you are creating or editing them from within your Office desktop apps: Word, Excel, PowerPoint, Outlook.

但是,还可以使用文件资源管理器**** 对文件进行分类和保护。However, you can also classify and protect files by using File Explorer. 此方法支持其他文件类型,此方法是一种一次性对多个文件进行分类和保护的便捷方法。This method supports additional file types and is a convenient way to classify and protect multiple files at once. 此方法支持保护 Office 文档、PDF 文件、文本和图像文件,以及各种其他文件。This method supports protecting Office documents, PDF files, text and image files, and a wide range of other files.

如果标签对文档应用保护,则受保护的文档可能不适合保存在 SharePoint 或 OneDrive 中。If your label applies protection to a document, the protected document might not be suitable to be saved on SharePoint or OneDrive. 检查管理员是否已 对 SharePoint 和 OneDrive 中的 Office 文件启用了敏感度标签Check whether your administrator has enabled sensitivity labels for Office files in SharePoint and OneDrive.

与组织外部人员安全共享文件Safely share a file with people outside your organization

受保护文件可安全地与他人共享。Files that are protected are safe to share with others. 例如,你将受保护的文档附加到一封电子邮件。For example, you attach a protected document to an email.

在与组织外部人员共享文件之前,请咨询你的支持人员或管理员如何为外部用户保护文件。Before you share files with people outside your organization, check with your help desk or administrator how to protect files for external users.

例如,如果你的组织定期与另一组织中的人员进行通信,则管理员可能已经配置了设置保护以便这些人员可以阅读和使用受保护文档的标签。For example, if your organization regularly communicates with people in another organization, your administrator might have configured labels that sets protection such that these people can read and use protected documents. 然后,选择这些标签对要共享的文档进行分类和保护。Then, select these labels to classify and protect the documents to share.

或者,如果外部用户为其创建了 企业对企业 (B2B) 帐户 ,则可以使用 文件资源管理器设置文档的自定义权限 ,然后再将其共享。Alternatively, if the external users have business-to-business (B2B) accounts created for them, you can use File Explorer to set custom permissions for a document before you share it. 如果设置你自己的自定义权限,并且文档已受到保护以供内部使用,请先创建一个副本来保留原始权限。If you set your own custom permissions and the document is already protected for internal use, first make a copy of it to retain the original permissions. 然后,使用此副本设置自定义权限。Then use the copy to set the custom permissions.

使用 Office 应用对文档和电子邮件进行分类和保护Using Office apps to classify and protect your documents and emails

从 " 主页 " 选项卡上,选择功能区中的 " 敏感度 " 按钮,然后选择一个已为你配置的标签。From the Home tab, select the Sensitivity button on the ribbon, and then select one of the labels that has been configured for you. 例如:For example:

敏感度按钮示例

或者,如果选择了 "敏感度" 按钮中的 "显示栏",则可以从 Azure 信息保护栏中选择一个标签。Or, if you have selected Show Bar from the Sensitivity button, you can select a label from the Azure Information Protection bar. 例如:For example:

Azure 信息保护栏示例

若要设置标签,例如 "机密 \ 全部雇员",请选择 "机密",然后选择 "所有员工"。To set a label, such as "Confidential \ All Employees", select Confidential and then All Employees. 如果你不确定要将哪种标签应用于当前文档或电子邮件,请使用标签工具提示详细了解每种标签及其应用情况。If you're not sure which label to apply to the current document or email, use the label tooltips to learn more about each label and when to apply it.

如果已将某种标签应用于文档,并且想要进行更改,可以选择其他标签。If a label is already applied to the document and you want to change it, you can select a different label. 如果已显示 Azure 信息保护栏,并且标签未显示在要选择的栏上,请首先单击当前标签值旁边的 " 编辑标签 " 图标。If you have displayed the Azure Information Protection bar, and the labels are not displayed on the bar for you to select, first click the Edit Label icon, next to the current label value.

除了手动选择标签,还可通过以下方式应用标签:In addition to manually selecting labels, labels can also be applied in the following ways:

  • 管理员配置了默认标签,你可保留或更改该标签。Your administrator configured a default label, which you can keep or change.

  • 在检测到敏感信息时,管理员配置的标签将自动设置。Your administrator configured labels to be set automatically when sensitive information is detected.

  • 在检测到敏感信息时,管理员配置了推荐的标签,并且系统会提示你接受建议 (并且该标签将应用) 或拒绝该标签, (建议的标签未) 应用。Your administrator configured recommended labels when sensitive information is detected, and you are prompted to accept the recommendation (and the label is applied), or reject it (the recommended label is not applied).

"敏感度" 按钮的异常Exceptions for the Sensitivity button

在 Office 应用程序中看不到 "敏感度" 按钮?Don't see the Sensitivity button in your Office apps?
  • 你可能没有 安装Azure 信息保护统一标签客户端。You might not have the Azure Information Protection unified labeling client installed.

  • 如果未在功能区上看到 " 敏感度 " 按钮,而是看到带标签的 " 保护 " 按钮,则已安装 azure 信息保护客户端 (经典) ,而不是 azure 信息保护统一标签客户端。If you don't see a Sensitivity button on the ribbon, but do see a Protect button with labels instead, you have the Azure Information Protection client (classic) installed and not the Azure Information Protection unified labeling client. 详细信息More information

没有显示希望看到的标签?Is the label that you expect to see not displayed?

可能的原因:Possible reasons:

  • 如果管理员最近为你配置了新标签,请尝试关闭 Office 应用程序的所有实例,然后重新打开。If your administrator has recently configured a new label for you, try closing all instances of your Office app and reopening it. 此操作将检查对你的标签所做的更改。This action checks for changes to your labels.

  • 如果缺少应用保护的标签,那么可能你使用的 Office 版本不支持应用 Rights Management 保护。If the missing label applies protection, you might have an edition of Office that does not support applying Rights Management protection. 若要验证,请单击 "敏感度 > 帮助和反馈"。To verify, click Sensitivity > Help and Feedback. 在对话框中,检查“客户端状态”**** 部分中是否显示消息“此客户端未获许可使用 Office Professional Plus”****。In the dialog box, check if you have a message in the Client status section that says This client is not licensed for Office Professional Plus.

    如果你有 Office 365 商业版或 Microsoft 365 商业版中的 Office 应用,则无需使用 Office 专业增强版,前提是已为用户分配了 Azure Rights Management(亦称为“适用于 Office 365 的 Azure 信息保护”)许可证。You do not need Office Professional Plus if you have Office apps from Office 365 Business or Microsoft 365 Business when the user is assigned a license for Azure Rights Management (also known as Azure Information Protection for Office 365).

  • 此标签采用的作用域策略可能不包括你的帐户。The label might be in a scoped policy that doesn't include your account. 请与你的技术支持或管理员一起检查。Check with your help desk or administrator.

通过电子邮件实现安全共享Safely sharing by email

通过电子邮件共享 Office 文档时,可将文档附加到所保护的电子邮件中,应用到此电子邮件的相同限制会自动保护此文档。When you share Office documents by email, you can attach the document to an email that you protect, and the document is automatically protected with the same restrictions that apply to the email.

但是,你可能需要先保护文档,然后将其附加到电子邮件。However, you might want to protect the document first, and then attach it to the email. 如果电子邮件中包含敏感信息,也需要保护电子邮件。Protect the email as well if the email message contains sensitive information. 在将文档附加到电子邮件之前保护文档的好处是,您可以对文档应用不同于电子邮件的权限。A benefit of protecting the document before you attach it to an email is that you can apply different permissions to the document than to the email message.

使用文件资源管理器对文件进行分类和保护Using File Explorer to classify and protect files

使用文件资源管理器时,可快速对单个文件、多个文件或文件夹进行分类和保护。When you use File Explorer, you can quickly classify and protect a single file, multiple files, or a folder.

选择文件夹时,将自动为你设置的分类和保护选项选择该文件夹及其所有子文件夹中的所有文件。When you select a folder, all the files in that folder and any subfolders it has are automatically selected for the classification and protection options that you set. 但是,在该文件夹或子文件夹中创建的新文件不会自动配置这些选项。However, new files that you create in that folder or subfolders are not automatically configured with those options.

使用文件资源管理器对文件进行分类和保护时,如果一个或多个标签显示为灰色,则你选择的文件不支持分类。When you use File Explorer to classify and protect your files, if one or more of the labels appear dimmed, the files that you selected do not support classification. 对于这些文件,只有在管理员已将标签配置为应用保护时,你才能选择标签。For these files, you can select a label only if your administrator has configured the label to apply protection. 或者,你可以指定自己的保护设置。Or, you can specify your own protection settings.

分类和保护会自动排除一些文件,因为更改这些文件可能会导致电脑停止运行。Some files are automatically excluded from classification and protection, because changing them might stop your PC from running. 尽管你可以选择这些文件,但系统会将其作为排除的文件夹或文件跳过。Although you can select these files, they are skipped as an excluded folder or file. 示例包括可执行文件和你的 Windows 文件夹。Examples include executable files and your Windows folder.

管理员指南包含受支持的文件类型的完整列表以及自动排除的文件和文件夹: Azure 信息保护统一标签客户端支持的文件类型The admin guide contains a full list of the file types supported and the files and folders that are automatically excluded: File types supported by the Azure Information Protection unified labeling client.

使用文件资源管理器对文件进行分类和保护To classify and protect a file by using File Explorer

  1. 在文件资源管理器中,选择你的文件、多个文件或文件夹。In File Explorer, select your file, multiple files, or a folder. 右键单击,然后选择“分类和保护”****。Right-click, and select Classify and protect. 例如:For example:

    在文件资源管理器中,右键单击“使用 Azure 信息保护进行分类和保护”

  2. 在“分类和保护 - Azure信息保护”**** 对话框中,请像在 Office 应用程序中那样使用标签,这样可以按管理员定义的方式设置分类和保护。In the Classify and protect - Azure Information Protection dialog box, use the labels as you would do in an Office application, which sets the classification and protection as defined by your administrator.

    • 如果无法选择标签(它们显示为灰色):则所选文件不支持分类,但你可以通过自定义权限保护它(步骤 3)。If none of the labels can be selected (they appear dimmed): The selected file does not support classification but you can protect it with custom permissions (step 3). 例如:For example:

      “分类和保护 - Azure 信息保护”对话框中无可用标签

  3. 你可以指定自己的保护设置,而不是使用管理员可能已包含在所选标签中的保护设置。You can specify your own protection settings rather than use the protection settings that your administrator might have included with your selected label. 若要执行此操作,请选择“使用自定义权限进行保护”****。To do this, select Protect with custom permissions.

    指定的任何自定义权限将替换而不是补充管理员可能已为所选标签定义的保护设置。Any custom permissions that you specify replace rather than supplement protection settings that your administrator might have defined for your chosen label.

  4. 如果已选择自定义权限选项,此时指定以下项:If you selected the custom permissions option, now specify the following:

    • 选择权限:选择你希望用户在保护所选文件时具有的访问级别。Select permissions: Select the level of access that you want people to have when you protect the selected file or files.

    • 选择用户、组或组织:指定哪些人应拥有你为一个或多个文件选择的权限。Select users, groups, or organizations: Specify the people who should have the permissions you selected for your file or files. 键入他们的完整电子邮件地址、组电子邮件地址或相应组织中所有用户的组织域名。Type their full email address, a group email address, or a domain name from the organization for all users in that organization.

      或者,可以使用“通讯簿”图标从 Outlook 通讯簿选择用户或组。Alternatively, you can use the address book icon to select users or groups from the Outlook address book.

    • 过期访问:仅为时间敏感的文件选择此选项,以使指定的人员无法在设置日期后打开选定的文件。Expire access: Select this option only for time-sensitive files so that the people you specified can't open your selected file or files after a date that you set. 仍可以打开原始文件,但在设置日期的午夜(当前时区)过后,指定的人员将无法打开该文件。You will still be able to open the original file but after midnight (your current time zone), on the day that you set, the people that you specified will not be able to open the file.

    请注意,如果此设置此前通过 Office 2010 应用的自定义权限配置,则指定到期日期不会显示在此对话框中,但仍然会设置到期日期。Note that if this setting was previously configured by using custom permissions from an Office 2010 app, the specified expiry date does not display in this dialog box but the expiry date is still set. 此显示问题仅适用于在 Office 2010 中配置了到期日期的情况。This is a display issue only for when the expiry date was configured in Office 2010.

  5. 单击“应用”****,然后等到“工作完成”**** 消息出现即可查看结果。Click Apply and wait for the Work finished message to see the results. 然后单击 “关闭”Then click Close.

根据你的选择,现已对所选择的一个或多个文件进行分类和保护。The selected file or files are now classified and protected, according to your selections. 在某些情况下(添加的保护更改了文件扩展名时),文件资源管理器中的原始文件将替换为具有 Azure 信息保护锁状图标的新文件。In some cases (when adding protection changes the file name extension), the original file in File Explorer is replaced with a new file that has the Azure Information Protection lock icon. 例如:For example:

Azure 信息保护中具有锁状图标的受保护文件

如果改变了有关分类和保护的想法,或稍后需要更改设置,仅需通过重复此过程进行新的设置。If you change your mind about the classification and protection, or later need to modify your settings, simply repeat this process with your new settings.

指定的分类和保护会保留在文件中,即使你通过电子邮件发送文件或将其保存到其他位置也是如此。The classification and protection that you specified stays with the file, even if you email the file or save it to another location.

其他说明Other instructions

有关 Azure 信息保护统一标签客户端的用户指南中的详细操作说明:More how-to instructions from the user guide for Azure Information Protection unified labeling client:

为管理员提供的其他信息Additional information for administrators

请参阅 了解敏感度标签See Learn about sensitivity labels.