Azure 信息保护统一标签客户端-版本发行历史记录和支持策略Azure Information Protection unified labeling client - Version release history and support policy

适用于: Azure 信息保护,windows 10,Windows 8.1,windows 8,windows server 2019,windows server 2016,windows Server 2012 R2,windows server 2012Applies to: Azure Information Protection, Windows 10, Windows 8.1, Windows 8, Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, Windows Server 2012

如果你具有 Windows 7 或 Office 2010,请参阅 AIP For Windows And office 版本中的扩展支持If you have Windows 7 or Office 2010, see AIP for Windows and Office versions in extended support.

适用于以下内容的说明: Azure 信息保护适用于 Windows 的统一标签客户端Instructions for: Azure Information Protection unified labeling client for Windows

你可以从 Microsoft 下载中心下载 Azure 信息保护统一标签客户端。You can download the Azure Information Protection unified labeling client from the Microsoft Download Center.

在通常几周的短暂延迟后,最新的正式发行版也包含在 Microsoft 更新目录中。After a short delay of typically a couple of weeks, the latest general availability version is also included in the Microsoft Update Catalog. Azure 信息保护版本具有 Microsoft Azure 信息保护的产品名Microsoft Azure Information Protection > Microsoft Azure 信息保护统一标签客户端更新分类。Azure Information Protection versions have a product name of Microsoft Azure Information Protection > Microsoft Azure Information Protection Unified Labeling Client, and a classification of Updates.

如果在目录中包括 Azure 信息保护,则意味着可以使用 WSUS 或 Configuration Manager 或使用 Microsoft 更新的其他软件部署机制来升级客户端。Including Azure Information Protection in the catalog means that you can upgrade the client using WSUS or Configuration Manager, or other software deployment mechanisms that use Microsoft Update.

有关详细信息,请参阅 升级和维护 Azure 信息保护统一标签客户端For more information, see Upgrading and maintaining the Azure Information Protection unified labeling client.

维护信息和日程表Servicing information and timelines

版本的 Azure 信息保护统一标签客户端 (GA) 版本的每个正式发行版在发布后续版本后的六个月内受支持。Each general availability (GA) version of the Azure Information Protection unified labeling client is supported for up to six months after the release of the subsequent GA version. 文档不包括关于不支持的客户端版本的信息。The documentation does not include information about unsupported versions of the client. 修补程序和新功能始终应用于最新 GA 版,且不适用于较旧的 GA 版。Fixes and new functionality are always applied to the latest GA version and will not be applied to older GA versions.

不应在生产网络上为最终用户部署预览版本。Preview versions should not be deployed for end users on production networks. 而是使用最新预览版来查看和试用即将在下一 GA 版本中推出的新功能或修补程序。Instead, use the latest preview version to see and try new functionality or fixes that are coming in the next GA version. 仅支持当前预览版。Preview versions that are not current are not supported.

不再支持的常规可用性版本:General availability versions that are no longer supported:
客户端版本Client version 发布日期Date released 09/03/201909/03/2019 08/06/201908/06/2019 07/15/201907/15/2019
2.0.779.02.0.779.0 05/01/201905/01/2019
2.0.778.02.0.778.0 04/16/201904/16/2019

此页上使用的日期格式为 月/日/年The date format used on this page is month/day/year.

发布信息Release information

使用以下信息可查看 Windows 的支持版本的 Azure 信息保护统一标签客户端的新增功能或更改的内容。Use the following information to see what's new or changed for a supported release of the Azure Information Protection unified labeling client for Windows. 最新版本会最先列出。The most current release is listed first. 此页上使用的日期格式为 月/日/年The date format used on this page is month/day/year.


不会列出小修补程序,因此,如果你遇到与统一标签客户端有关的问题,我们建议你检查是否已通过最新的 GA 版本修复了此问题。Minor fixes are not listed so if you experience a problem with the unified labeling client, we recommend that you check whether it is fixed with the latest GA release. 如果问题仍然存在,请检查当前预览版本 ((如果有)) 。If the problem remains, check the current preview version (if available).

有关技术支持,请参阅支持选项和社区资源信息。For technical support, see the Support options and community resources information. 我们还邀请你加入 Azure 信息保护团队:Yammer 站点We also invite you to engage with the Azure Information Protection team, on their Yammer site.

此客户端将 (经典) 替换 Azure 信息保护客户端。This client is replacing the Azure Information Protection client (classic). 若要将特性和功能与经典客户端进行比较,请参阅 比较适用于 Windows 计算机的标记客户端To compare features and functionality with the classic client, see Compare the the labeling clients for Windows computers.

版本 2.8.85 (公共预览版) Version 2.8.85 (Public preview)

统一标记扫描器和客户端版本2.8.85Unified labeling scanner and client version 2.8.85

发布 09/02/2020Released 09/02/2020

此版本包括以下新功能、修复和增强功能,适用于统一标记扫描器和客户端:This version includes the following new features, fixes, and enhancements, for the unified labeling scanner and client:

统一标记扫描器的新增功能New features for the unified labeling scanner

对检测到的更改进行可选的完全重新扫描Optional full rescans for changes detected

管理员现在可以在对策略或内容扫描作业进行更改后跳过完全重新扫描。Administrators can now skip a full rescan after making changes to policies or content scan jobs. 跳过完全重新扫描仅对自上次扫描以来已修改或创建的文件应用所做的更改。Skipping a full rescan applies your changes only on files that have been modified or created since the last scan.

例如,你可能已进行了更改,这些更改仅影响最终用户(例如在视觉标记中),并且不需要花费时间立即运行完全扫描。For example, you may have made changes that only affect the end user, such as in visual markings, and don't want to take the time required to run a full rescan immediately.

跳过完全、立即重新扫描,稍后返回以 运行完整的重新扫描 并将更改应用到存储库。Skip the full, immediate rescan, and return later to run a full rescan and apply your changes across your repositories.


更改其策略和内容扫描作业的管理员现在必须了解这些更改对内容的影响,并确定是否需要完全重新扫描。Administrators making changes in their policies and content scan jobs must now understand the effects of those changes on the content, and determine whether a full rescan is required.

例如,如果你已将 "强制 = 关闭"策略强制设置更改为 "强制 = 启用", 请确保运行完整的 "重新扫描" 以在内容中应用标签。For example, if you’ve changed Policy enforcement settings from Enforce = Off to Enforce = On, make sure to run a full rescan to apply your labels across your content.

配置 SharePoint 超时Configure SharePoint timeouts

SharePoint 交互的默认超时时间已更新为两分钟,超过此时间后,尝试的 AIP 操作将失败。The default timeout for SharePoint interactions has been updated to two minutes, after which the attempted AIP operation fails.

AIP 管理员现在还可以为所有 web 请求和文件 web 请求单独配置 SharePoint 超时。AIP administrators can also now configure SharePoint timeouts, separately for all web requests and file web requests.

有关详细信息,请参阅 配置 SharePoint 超时For more information, see Configure SharePoint timeouts.

网络发现支持Network Discovery support

统一的标记扫描器现在包含一个新的 网络发现 服务,使用它可以扫描指定的 IP 地址或可能包含敏感内容的网络文件共享的范围。The unified labeling scanner now includes a new network discovery service, which enables you to scan specified IP addresses or ranges for network file shares that may have sensitive content.

网络发现服务会根据发现的权限和访问权限,使用可能存在风险的共享位置列表更新存储库报告。The network discovery service updates Repository reports with a list of share locations that may be at risk, based on the discovered permissions and access rights. 检查更新的 存储库 报告,以确保内容扫描作业包括需要扫描的所有存储库。Check the updated Repository reports to ensure that your content scan jobs include all repositories that need to be scanned.


有关详细信息,请参阅 网络发现 cmdletFor more information, see Network discovery cmdlets.

使用网络发现服务To use the Network discovery service

  1. 升级扫描仪版本,并确保扫描仪群集配置正确。Upgrade your scanner version and make sure that you have your scanner cluster configured correctly. 有关详细信息,请参阅:For more information, see:

  2. 请确保已启用 Azure 信息保护分析。Make sure that you have Azure Information Protection analytics enabled.

    在 Azure 门户中,请参阅 Azure 信息保护 > 管理 > 配置分析 (预览版) 。In the Azure portal, go to Azure Information Protection > Manage > Configure analytics (Preview).

    有关详细信息,请参阅 Azure 信息保护的中心报告 (公共预览版) For more information, see Central reporting for Azure Information Protection (public preview).

  3. 通过运行 MIPNetworkDiscovery PowerShell Cmdlet 启用网络发现。Enable Network Discovery by running the Install-MIPNetworkDiscovery PowerShell cmdlet.


    运行此 cmdlet 时,请确保使用弱用户作为 StandardDomainsUserAccount 参数的值,以确保报告对存储库的任何公共访问。When running this cmdlet, make sure to use a weak user as the value for the StandardDomainsUserAccount parameter to ensure that any public access to repositories is reported.

    此用户必须是 " 域用户 " 组的成员,并且用于模拟对存储库的公共访问权限。This user must be a member of the Domain Users group only, and is used to simulate public access to the repositories.

  4. 在 Azure 门户中,请参阅 Azure 信息保护 > 网络扫描作业 ,并 创建作业来扫描网络的特定区域In the Azure portal, go to Azure Information Protection > Network scan jobs and create jobs to scan specific areas of your network.

  5. 使用 "新建 存储库 " 窗格上生成的报表查找可能存在风险的其他网络文件共享。Use the generated reports on the new Repositories pane to find additional network file shares that may be at risk. 将所有危险的文件共享添加到 内容扫描作业 ,以扫描添加的存储库中的敏感内容。Add any risky file shares to your content scan jobs to scan the added repositories for sensitive content.

网络发现 cmdletNetwork discovery cmdlets

为网络发现添加的 PowerShell cmdlet 包括:PowerShell cmdlets added for Network Discovery include:

CmdletCmdlet 说明Description
MIPNetworkDiscoveryConfigurationGet-MIPNetworkDiscoveryConfiguration 获取网络发现服务是否从默认的、联机配置或从 Azure 门户导出的脱机文件中提取网络扫描数据的当前设置。Gets the current setting for whether the Network Discovery service pulls network scan data from the default, online configuration, or an offline file exported from the Azure portal.
MIPNetworkDiscoveryJobsGet-MIPNetworkDiscoveryJobs 获取当前配置的网络扫描作业的列表。Gets a list of currently configured network scan jobs.
MIPNetworkDiscoveryStatusGet-MIPNetworkDiscoveryStatus 获取租户中配置的所有网络扫描作业的当前状态。Gets the current status of all network scan jobs configured in your tenant.
导入-MIPNetworkDiscoveryConfigurationImport-MIPNetworkDiscoveryConfiguration 从文件导入网络扫描作业的配置。Imports the configuration for a network scan job from a file.
安装-MIPNetworkDiscoveryInstall-MIPNetworkDiscovery 安装网络发现服务Installs the Network Discovery service
MIPNetworkDiscoveryConfigurationSet-MIPNetworkDiscoveryConfiguration 设置网络发现服务是否从默认的、联机配置或从 Azure 门户导出的脱机文件中提取网络扫描数据的配置。Sets the configuration for whether the Network Discovery service pulls network scan data from the default, online configuration, or an offline file exported from the Azure portal.
MIPNetworkDiscoveryStart-MIPNetworkDiscovery 立即运行特定网络扫描作业。Runs a specific network scan job immediately.
卸载-MIPNetworkDiscoveryUninstall-MIPNetworkDiscovery 卸载网络发现服务。Uninstalls the Network Discovery service.

统一标签客户端的新功能New features for the unified labeling client

Outlook 中 AIP 弹出窗口的管理员自定义Administrator customizations for AIP popups in Outlook

AIP 管理员现在可以为最终用户自定义显示在 Outlook 中的弹出窗口,如用于阻止的电子邮件、警告消息和理由提示的弹出窗口。AIP administrators can now customize the popups that appear in Outlook for end-users, such as popups for blocked emails, warning messages, and justification prompts.

有关常见用例方案的详细信息(包括几个示例规则),请参阅 自定义 Outlook 弹出消息For more information, including several sample rules for common use case scenarios, see Customize Outlook popup messages.

针对理由提示的管理员自定义Administrator customizations for justification prompts

AIP 管理员现在可以在最终用户更改文档和电子邮件的分类标签时显示的理由提示中自定义其中一个选项。AIP administrators can now customize one of the options in the justification prompts that are displayed when end-users change classification labels on documents and emails.

有关详细信息,请参阅 自定义已修改标签的理由提示文本For more information, see Customize justification prompt texts for modified labels.

审核日志更新Audit log updates

现在,仅当用户打开标记或受保护的文件时,才会发送来自统一标签客户端的访问事件的审核日志,提供用户访问的更清晰的指示。Audit logs for access events from the unified labeling client are now sent only when users open labeled or protected files, providing a clearer indication of user access.

有关详细信息,请参阅 访问审核日志For more information, see Access audit logs.

基于 DKE 模板的标记更新DKE template-based labeling updates

Azure 信息保护现在支持使用双密钥加密 (DKE 在扫描仪中进行基于) 模板的标记,以及使用文件资源管理器和 PowerShell。Azure Information Protection now supports Double Key Encryption (DKE) template-based labeling in the scanner, as well as using the File Explorer and PowerShell.

有关详细信息,请参阅:For more information, see:

修复和改进Fixes and improvements

Azure 信息保护扫描程序已修复问题Azure Information Protection scanner fixed issues

Azure 信息保护统一标记扫描器的版本2.8.85 中提供了以下修补程序:The following fixes were delivered in version 2.8.85 of the Azure Information Protection unified labeling scanner:

  • 扫描包含长路径的文件的改进Improvements for scanning files with long paths
  • 如果有多个 ContentDatabases,AIP 扫描器现在会扫描完整的 SharePoint 环境。The AIP scanner now scans full SharePoint environments when there are multiple ContentDatabases.
  • AIP 扫描器现在支持在路径中有句点的 SharePoint 文件,但不支持扩展。The AIP scanner now supports SharePoint files with a period in the path, but no extension. 例如, documents/meeting-notes 现在已成功扫描路径为、无扩展名的文件。For example, a file with a path of documents/meeting-notes, with no extension, is now scanned successfully.
  • AIP 扫描器现在支持在 Microsoft 安全性和符合性中心创建的 自定义敏感信息类型 ,并且不属于任何策略。The AIP scanner now supports custom sensitive information types that are created in the Microsoft Security and Compliance center, and do not belong to any policy.

Azure 信息保护客户端已修复问题Azure Information Protection client fixed issues

Azure 信息保护统一标签客户端的版本2.8.85 中提供了以下修补程序:The following fixes were delivered in version 2.8.85 of the Azure Information Protection unified labeling client:

  • 新的解说指示,适用于 Office 应用中的 "敏感度列" 图标菜单中当前选定的任何项。A new, narrated indication for any items currently selected from the Sensitivity columns icon menu in Office apps. 有关详细信息,请参阅 Microsoft 365 文档中有关敏感度标签的页面。For more information, see the page on Sensitivity labels in the Microsoft 365 docs.
  • 用于在AIP 查看器中查看 JPEG 文件的修复Fixes for viewing JPEG files in the AIP Viewer
  • 降级标签现在会自动在审核事件中包含ProtectionOwnerBeforeDowngrading a label now automatically includes the ProtectionOwnerBefore in audit events
  • 更改事件现在包含审核日志中的LastModifiedDateChange events now include the LastModifiedDate in audit logs
  • 添加了在使用代理获取令牌时对代理 pac文件的支持。Added support for Proxy.pac files when using a proxy to acquire a token. 若要启用此修补程序,请设置新的注册表项 UseDefaultCredentialsInProxy = 1To enable this fix, set the new registry key UseDefaultCredentialsInProxy = 1.
  • 刷新策略时进行身份验证的修复Fixes for authenticating when refreshing policies
  • 用于在只读模式下标记 PowerPoint 更新的 自动内容 的修复Fixes for automatic content marking updates for PowerPoint in read-only mode
  • 弹出窗口和错误文本的改进Improvements in popups and error texts
  • 工具提示将更新以显示 电子邮件附件的最高分类,同时考虑电子邮件和附件的分类。Tooltip updates to show the highest classification for email attachments, considering both the classification of the email and the attachment.
  • 当使用LabelPolicy cmdlet 修改敏感度标记策略时报告问题文本Fixes to the Report an Issue text when modifying sensitivity labeling policies using the Set-LabelPolicy cmdlet
  • 修复了 set-aipfilelabel cmdlet 与无效标签 ID 一起使用时显示的错误。Fixes in errors shown when the Set-AipFileLabel cmdlet is used with an invalid label ID.
  • 用于在 Outlook 阅读窗格中解密 SMIME 电子邮件的性能修复。Performance fixes for decrypting SMIME emails in Outlook's reading pane. 若要实现此修补程序,请启用 OutlookSkipSmimeOnReadingPaneProperty 高级属性。To implement this fix, enable the OutlookSkipSmimeOnReadingPaneProperty advanced property.
  • 用于解密包含密码加密文件的 PST 文件 的修补程序。Fixes for decrypting PST files that contain password-encrypted files. 如果 PST 文件包含受密码保护的文件,则无法再对 PST 文件进行解密。Decrypting PST files no longer fails if the PST file contains a password-protected file.
  • 删除不包含在 作用域内策略 中的保护标签将不再从内容中删除任何保护。Removing a protection label that is not included in your scoped policy no longer removes any protection from the content.


统一标记扫描器和客户端版本2.7.101。0Unified labeling scanner and client version

发布 08/23/2020Released 08/23/2020


修复了 PPT、Excel 和 Word 用户的问题,该问题导致文件冻结、崩溃或强制重复与配置了保护、水印和/或内容标记的必需标签相关的保存。Fixed issue for PPT, Excel and Word users which resulted in files freezing, crashing, or being forced to repeat save that was related to mandatory labels configured with protection, watermarking, and/or content marking.


统一标记扫描器和客户端版本2.7.99。0Unified labeling scanner and client version

发布 07/20/2020Released 07/20/2020

修补和改进:Fixes and improvements:

修复了 新标签 审核日志的文件标记操作中的问题。Fixed issues in file labeling actions for New Label audit logs.

有关详细信息,请参阅 版本 信息保护审核日志参考 (公共预览版) For more information, see Version and Azure Information Protection audit log reference (public preview).


统一标记扫描器和客户端版本2.7.96。0Unified labeling scanner and client version

发布 06/29/2020Released 06/29/2020

统一标记扫描器的新功能:New features for the unified labeling scanner:

统一标签客户端的新功能:New features for the unified labeling client:

为删除的文件生成的新审核日志New audit logs generated for removed files

现在,每次扫描程序检测到现在已被删除的文件之前,都会生成审核日志。Audit logs are now generated each time the scanner detects that a file that had previously been scanned is now removed.

有关详细信息,请参阅:For more information, see:


在此版本中,文件标记操作不会生成 新的标签 审核日志。In this version, file labeling actions do not generate New Label audit logs. 如果在 强制 = On 模式下运行扫描程序,我们建议升级到 版本 you run the scanner in Enforce=On mode, we recommend that upgrade to Version

强制执行 TLS 1.2TLS 1.2 enforcement

从此版本的 Azure 信息保护客户端开始,仅支持 TLS 版本1.2 或更高版本。Starting with this version of the Azure Information Protection client, only TLS versions 1.2 or later are supported.

TLS 安装程序不支持 TLS 1.2 的客户必须转到支持 TLS 1.2 的安装程序,才能使用 Azure 信息保护策略、令牌、审核和保护,并接收基于 Azure 信息保护的通信。Customers that have a TLS setup that does not support TLS 1.2 must move to a setup that supports TLS 1.2 to use Azure Information Protection policies, tokens, audit, and protection, and to receive Azure Information Protection-based communication.

有关更多要求详细信息,请参阅 防火墙和网络基础结构要求For more requirement details, see Firewalls and network infrastructure requirements.

修复和改进Fixes and improvements

  • 的扫描程序 SQL 改进:Scanner SQL improvements for:

    • 性能Performance
    • 具有大量信息类型的文件Files with large numbers of information types
  • 的 SharePoint 扫描改进:SharePoint scanning improvements for:

    • 扫描性能Scanning performance
    • 路径中包含特殊字符的文件Files with special characters in the path
    • 文件计数较大的库Libraries with large file count

    若要查看有关通过 SharePoint 使用 Azure 信息保护的快速入门,请参阅 快速入门:查找本地存储的文件中的敏感信息To view a quickstart for using Azure Information Protection with SharePoint, see Quickstart: Find what sensitive information you have in files stored on-premises.

  • 改善了缺少策略的用户通知。Improved user notifications for missing policies. 有关统一标签客户端的标签策略的详细信息,请参阅 Microsoft 365 文档中的 标签策略For more information about label policies for the unified labeling client, see What label policies can do in the Microsoft 365 documentation.

  • 现在,在 Excel 中,自动标签应用于用户在不保存的情况下开始关闭文件的情况,就像用户活动保存文件时。Automatic labels are now applied in Excel for scenarios where a user starts to close a file without saving, just as they are when a user actively saves a file.

  • 当配置 ExternalContentMarkingToRemove 设置时,将按预期删除页眉和页脚,而不是在每个文档上保存。Headers and footers are removed as expected, and not on each document save, when the ExternalContentMarkingToRemove setting is configured.

  • 动态用户变量 现在按预期方式显示在文档的视觉标记中。Dynamic user variables are now displayed in a document's visual markings as expected.

  • 只有 PDF 内容的第一页用于应用 autoclassification 规则的问题现已得到解决,基于 PDF 中所有内容的 autoclassification 现在按预期继续进行。Issue where only the first page of content of a PDF was being used for applying autoclassification rules is now resolved, and autoclassification based on all content in the PDF now proceeds as expected. 有关分类和标签的详细信息,请参阅 分类和标签常见问题解答For more information about classification and labeling, see the classification and labeling FAQ.

  • 当配置了多个 Exchange 帐户并且启用了 Azure 信息保护 Outlook 客户端时,会按预期方式从辅助帐户发送邮件。When multiple Exchange accounts are configured and the Azure Information Protection Outlook client is enabled, mails are sent from the secondary account as expected. 若要详细了解如何配置 Outlook 的统一标签客户端,请参阅 Azure 信息保护统一标签客户端的其他先决条件For more information about configuring the unified labeling client with Outlook, see Additional prerequisites for the Azure Information Protection unified labeling client.

  • 如果将具有较高机密性标签的文档拖放到电子邮件中,则该电子邮件现在会自动按预期方式接收更高的机密性标签。When a document with a higher confidentiality label is dragged and dropped into an email, the email now automatically receives the higher confidentiality label as expected. 有关对客户端功能进行标记的详细信息,请参阅 标签客户端比较表For more information about labeling client features, see the labeling client comparison table.

  • 如果电子邮件地址同时包含撇号 ( ") 和句点 (,则现在会按预期将自定义权限应用于电子邮件。 ) 有关使用 Outlook 配置统一标签客户端的详细信息,请参阅 Azure 信息保护统一标签客户端的其他先决条件Custom permissions are now applied to emails as expected, when email addresses include both an apostrophe (') and period (.) For more information about configuring the unified labeling client with Outlook, see Additional prerequisites for the Azure Information Protection unified labeling client.

  • 默认情况下,当文件由统一的标记扫描器、PowerShell 或文件资源管理器扩展标记时,文件的 NTFS 所有者将丢失。By default, a file's NTFS owner is lost when the file is labeled by the unified labeling scanner, PowerShell, or the File Explorer extension. 现在,你可以通过将新的 UseCopyAndPreserveNTFSOwner advanced 设置设置为 true,将系统配置为保留文件的 NTFS 所有者。Now you can configure the system to keep the file's NTFS owner by setting the new UseCopyAndPreserveNTFSOwner advanced setting to true.

    UseCopyAndPreserveNTFSOwner高级设置要求在扫描仪和扫描的存储库之间具有低延迟、可靠的网络连接。The UseCopyAndPreserveNTFSOwner advanced setting requires a low latency, reliable network connection between the scanner and the scanned repository.


发布 03/09/2020Released 03/09/2020

支持,12/29/2020Supported through 12/29/2020

新功能:New features:


  • 如果用户尝试不成功地打开受保护的 TIFF 文件,并且 tiff 文件是由 RightFax 创建的,则 TIFF 文件现在会打开并保持稳定。In instances where users attempted unsuccessfully to open protected TIFF files, and TIFF files created by RightFax, the TIFF files now open and remain stable as expected.
  • 已解决受保护的 txt 和 PDF 文件的以前损坏。Previous corruptions of protected txt and PDF files are resolved.
  • 更正了 Log Analytics 中的 自动手动 标记之间的不一致标签。Inconsistent labeling between Automatic and Manual in Log Analytics was corrected.
  • 新电子邮件和用户上一次打开的电子邮件之间确定的意外继承问题现已解决。Unexpected inheritance issues identified between new emails and a user's last opened email is now resolved.
  • .msg 文件作为 pfile 的保护现在按预期方式工作。Protection of .msg files as .msg.pfiles now works as expected.
  • 现在按预期方式应用从 Office 用户定义的设置中添加的共同所有者权限。Co-owner permissions added from Office user-defined settings is now applied as expected.
  • 当输入权限降级理由时,如果已选择其他选项,则无法再输入文本。When entering permissions downgrade justification, text can no longer be entered when other options are already selected.


发布日期:10/23/2019Released: 10/23/2019

支持,09/09/2020Supported through 09/09/2020

新功能:New features:

  • 预览版本的 扫描仪,用于检查和标记文档本地数据存储。Preview version of the scanner, to inspect and label documents on-premises data stores. 对于此版本的扫描仪:With this version of the scanner:

    • 将扫描仪配置为使用同一扫描程序配置文件时,多个扫描程序可以共享相同的 SQL Server 数据库。Multiple scanners can share the same SQL Server database when you configure the scanners to use the same scanner profile. 此配置可以更轻松地管理多个扫描仪,并缩短扫描时间。This configuration makes it easier to manage multiple scanners, and results in faster scanning times. 当你使用此配置时,请始终等待扫描仪完成安装,然后再使用同一配置文件安装另一个扫描程序。When you use this configuration, always wait for a scanner to finish installing before installing another scanner with the same profile.

    • 安装扫描程序时必须指定配置文件,并将扫描程序数据库命名为**AIPScannerUL_ <profile_name> **。You must specify a profile when you install the scanner and the scanner database is named AIPScannerUL_<profile_name>. 配置文件参数对于 install-aipscanner 是必需的。The Profile parameter is also mandatory for Set-AIPScanner.

    • 即使已标记文档,也可以在所有文档上设置一个默认标签。You can set a default label on all documents, even if documents are already labeled. 在 "扫描程序配置文件" 或 "存储库设置" 中,将 "重新标记文件" 选项设置为 "打开",并选择 "新建强制默认标签In the scanner profile or repository settings, set the Relabel files option to On with the new Enforce default label checkbox selected.

    • 您可以删除所有文档中的现有标签,此操作包括删除保护(如果以前已被标签应用)。You can remove existing labels from all documents and this act includes removing protection if it was previously applied by a label. 将保留独立于标签的保护。Protection applied independently from a label is preserved. 此扫描程序配置是在扫描程序配置文件或存储库设置中通过以下设置实现的:This scanner configuration is achieved in the scanner profile or repository settings with the following settings:

      • 基于内容标记文件Label files based on content: Off
      • 默认标签Default label: None
      • 重新标记文件打开并选中 "强制默认标签" 复选框Relabel files: On with the Enforce default label checkbox selected
    • 与经典客户端的扫描程序一样,默认情况下,扫描程序可保护 Office 文件和 PDF 文件。As with the scanner from the classic client, by default, the scanner protects Office files and PDF files. 使用 PowerShell 高级设置时,可保护其他文件类型。You can protect other files types when you use a PowerShell advanced setting.

    • 扫描程序周期的开始和完成时间的事件 Id 不写入 Windows 事件日志。Event IDs for the scanner cycles starting and finishing are not written to the Windows event log. 请改用 Azure 门户获取此信息。Instead, use the Azure portal for this information.

    • 已知问题:不能将新的和重命名的标签选作扫描仪配置文件或存储库设置的默认标签。Known issue: New and renamed labels aren't available to select as a default label for the scanner profile or repository settings. 解决方法:Workarounds:

      • 对于新标签:在 Azure 门户中,将要使用的 标签添加 到全局策略或作用域内策略。For new labels: In the Azure portal, add the label you want to use to the global policy or a scoped policy.
      • 对于重命名标签:关闭再重新打开 Azure 门户。For renamed labels: Close and reopen the Azure portal.

    可以 (经典) 从 Azure 信息保护客户端升级扫描仪。You can upgrade scanners from the Azure Information Protection client (classic). 在升级后,这会创建一个新的数据库,扫描程序在第一次运行时重新扫描所有文件。After the upgrade, which creates a new database, the scanner rescans all files the first time it runs. 有关说明,请参阅管理员指南中 的升级 Azure 信息保护扫描程序For instructions, see Upgrading the Azure Information Protection scanner from the admin guide.

    有关详细信息,请参阅博客文章公告: 统一标签 AIP 扫描程序预览版增加了扩展功能!For more information, see the blog post announcement: Unified labeling AIP scanner preview brings scaling out and more!

  • 如果要以非交互方式对文件进行标记,以及在 Azure AD 中注册应用的新过程,PowerShell cmdlet set-aipauthentication 具有 (AppIdAppSecretTenantIdDelegatedUserOnBehalfOf) 的新参数。The PowerShell cmdlet Set-AIPAuthentication has new parameters (AppId, AppSecret, TenantId, DelegatedUser, and OnBehalfOf) for when you want to label files non-interactively, and also a new procedure to register an app in Azure AD. 示例方案包括用于标记文档的扫描程序和自动 PowerShell 脚本。Example scenarios include the scanner and automated PowerShell scripts to label documents. 有关说明,请参阅如何从管理员指南以 非交互方式标记文件For instructions, see How to label files non-interactively from the admin guide.

    请注意, DelegatedUser 是自上次预览版本的统一标签客户端以来的新参数,并且已注册应用的 API 权限已更改。Note that DelegatedUser is a new parameter since the last preview version of the unified labeling client, and that the API permissions for the registered app have consequently changed.

  • 新 PowerShell 标签策略高级设置,用于 更改要保护的文件类型New PowerShell label policy advanced setting to change which file types to protect.

  • 新 PowerShell 标签策略高级设置,用于将 标签迁移规则扩展到 SharePoint 属性New PowerShell label policy advanced setting to extend your label migration rules to SharePoint properties.

  • 将匹配的自定义敏感信息类型发送到 Azure 信息保护分析Matched custom sensitive information types are sent to Azure Information Protection analytics.

  • 如果已 配置了颜色,则应用的标签将显示该标签的配置颜色。The applied label displays the configured color for the label, if a color has been configured.

  • 向标签中添加或更改保护设置时,客户端会在下一次保存文档时使用这些最新的保护设置重新应用标签。When you add or change protection settings to a label, the client reapplies the label with these latest protection settings when the document is next saved. 同样,当下一次在 "强制" 模式下扫描文档时,扫描程序会将标签重新应用为这些最新的保护设置。Similarly, the scanner reapplies the label with these latest protection settings when the document is next scanned in enforce mode.

  • 通过从一个客户端导出文件并手动将它们复制到断开连接的计算机上,对断开连接的计算机的支持Support for disconnected computers by exporting files from one client and manually copying them to the disconnected computer. 请注意,此配置支持通过文件资源管理器、PowerShell 和扫描器进行标记。Note that this configuration is supported for labeling with File Explorer, PowerShell, and the scanner. 对于 Office 应用程序,不支持此配置。This configuration is not supported for labeling with Office apps.

  • 新 cmdlet AIPLogs,用于从%localappdata%\Microsoft\MSIP\Logs 收集所有日志文件并将其保存到具有 .zip 格式的单个压缩文件中。New cmdlet, Export-AIPLogs, to gather all log files from %localappdata%\Microsoft\MSIP\Logs and saves them to a single, compressed file that has a .zip format. 如果请求发送日志文件来帮助调查报告的问题,则可以将此 .zip 文件发送到 Microsoft 支持部门。You can send this .zip file to Microsoft Support if you're requested to send log files to help investigate a reported issue.


  • 您可以使用文件资源管理器成功地更改受保护的文件,并在删除该文件的密码之后右键单击。You can successfully make changes to a protected file using File Explorer and right-click after a password for the file has been removed.

  • 您可以在查看器中成功打开本机保护的文件,而无需使用 "另存为"、"导出 (导出) 使用权限You can successfully open natively protected files in the viewer without requiring the Save As, Export (EXPORT) usage right.

  • 标签和策略设置按预期刷新,而不必运行 set-aipauthentication,或手动删除%LocalAppData%\Microsoft\MSIP\mip 文件夹。Labels and policy settings refresh as expected without having to run Clear-AIPAuthentication, or manually delete the %LocalAppData%\Microsoft\MSIP\mip folder.

其他更改Additional changes

  • 重置设置现在会删除%LocalAppData%\Microsoft\MSIP\mip \ <ProcessName.exe> 文件夹,而不是%LocalAppData%\Microsoft\MSIP\mip \ <ProcessName> \mip 文件夹。Reset Settings now deletes the %LocalAppData%\Microsoft\MSIP\mip\<ProcessName.exe> folders instead of the %LocalAppData%\Microsoft\MSIP\mip\<ProcessName> \mip folder.

  • Get-aipfilestatus 现在包含受保护文档的内容 ID。Get-AIPFileStatus now includes the content ID for a protected document.

后续步骤Next steps

不确定是否要安装适合的客户端?Not sure if unified labeling is the right client to install? 请参阅 选择要用于 Windows 计算机的标记客户端See Choose which labeling client to use for Windows computers.

有关安装和使用统一标签客户端的详细信息:For more information about installing and using the unified labeling client: