跟踪共享数据使用情况并对数据滥用做出响应Track usage of shared data and respond to data abuse

对共享数据的可见性和控制对于跟踪数据使用情况或滥用至关重要。Having visibility and control over shared data is critical to track data use or abuse. 当前,数据共享范围很广,组织需要在其域外共享数据以满足业务需求。Nowadays data sharing is broader and organizations will need to share data outside of their domain to address business needs.

在这种背景下,用户不仅需要共享文档,而且还要监视谁正在访问文档并在必要时能够撤销访问,这将成为一项常规操作。In this context, it is a common scenario for users to not only share the documents but also to monitor who is accessing the documents and to revoke access when necessary. IT 管理员希望在与一组授权用户共享数据时拥有与当前类似的体验 - 他们希望控制数据并对数据使用或滥用采取适当的措施。IT administrators want to have a similar experience that they have nowadays when sharing data with a group of authorized users - they want to keep in control and take proper actions regarding data use or abuse. 继续阅读以了解有关企业移动性 + 安全性如何帮助处理这种情况的详细信息。Continue reading to learn more about how Enterprise Mobility + Security helps address this scenario.

企业移动性 + 安全性可提供哪些帮助?How can Enterprise Mobility + Security help you?

企业移动性 + 安全性 (EMS) 是唯一一个不仅保护设备自身上的公司数据,另外还通过标识、设备、应用和数据四重保护措施来提供保护的综合性云解决方案。Enterprise Mobility + Security (EMS) is the only comprehensive cloud solution that protects corporate data on the device itself and beyond with four layers of protection across identities, devices, apps, and data. EMS 帮助用户解决移动优先、云优先世界中的一个关键挑战 - 如何在保持控制和能够对问题快速响应采取行动的同时共享数据。EMS helps you solve one of the key challenges in the mobile-first, cloud-first world – how to share data while staying in control and taking actions to quickly respond to an issue. 使用 EMS,可以让员工在组织内外安全地进行协作。With EMS, you will enable your employees to collaborate securely within and outside of your organization. EMS 允许文档所有者和管理员跟踪对共享的敏感文件进行的操作活动。EMS allows document owners and admins to track activities on sensitive files that they have shared with others. 他们可以查看操作活动,例如收件人打开文件或未授权的用户被拒绝访问文件。They can view activities, such as recipients opening the file or unauthorized users being denied access to the files. 用户还可以查看访问文件的地理位置。Users can also view the geographical locations from which the files were accessed. 只需单击一下,用户便可以撤销对共享文件的访问。With a single click, the users can also revoke access to a shared file.

通过集成 Azure 权限管理,你可以跟踪用户使用受保护文档的方式。By integrating Azure Rights Management you can track how people are using your protected documents. 如有必要(即需要停止对这些文件的共享),你还可以撤消对这些文件的访问权限。If necessary, you can also revoke access to these documents when you want to stop sharing them. 此功能使用 RMS 组、共享受保护选项和跟踪使用情况,适用于 Office 应用程序(Word、Excel、Outlook 和 PowerPoint)。This capability is available for Office applications (Word, Excel, Outlook and PowerPoint), using the RMS group, Share Protected option, and Track Usage. 在 Windows 系统中,还可以使用文件资源管理器,对所有其他受支持的设备,可以使用 web 浏览器跟踪使用情况。For Windows systems, you can also use File Explorer and for all other supported devices, you can track usage using the web browser. 跟踪和撤销是文档生命周期监视和响应阶段的一部分,如下图所示:Tracking and revocation is part of the monitor & respond phase of the document lifecycle as shown in the following diagram:

图形显示了 Azure 权限管理中的文档生命周期。

观看此短视频,快速了解 Azure 信息保护如何简化对文档使用情况的跟踪。Watch this short video for a quick introduction on how Azure Information Protection makes it simpler to track document usage.

实现本解决方案的方式How to implement this solution

如果已经使用在内部和外部共享敏感数据这种方案来配置 Azure 权限管理和客户端应用程序,那么并不需要配置跟踪共享数据的使用情况这项功能。Tracking usage of shared data is not a capability that you have to configure, if you already used the steps from the scenario Share sensitive data internally and externally to configure Azure Rights Management and the client application. 现在只需选择跟踪文档的方式。Now you just need to choose how you want to track your documents. 可用选项有:The available options are:

  1. 使用 Office 跟踪使用情况Track usage using Office
  2. 使用浏览器跟踪使用情况Track usage using Browser
  3. 撤消对共享文档的访问权限Revoke access to shared document

如何跟踪共享数据使用情况并对数据滥用做出响应How to track usage of shared data and respond to data abuse

在下面的部分中,可以根据特定方案选择如何跟踪共享数据的使用情况。In the sections that follows you have the available options to track usage of shared data according to a specific scenario.

方案 1:使用 Microsoft Office 跟踪使用情况Scenario 1: Track usage using Microsoft Office

如果用户希望获取有关使用 Office 应用程序(Word、Excel 和 PowerPoint)保护的文档使用情况的详细信息,可以通过 RMS 组,选择“共享受保护”选项,然后单击“跟踪使用”,如下图所示:For users that are trying to obtain more information regarding document usage that was protected using Office applications (Word, Excel, and PowerPoint), they can use the RMS group, select Share Protected option, and then click Track Usage, as shown in the following image:

图形显示了用户在 Office 应用程序中设置 “跟踪使用” 选项的方式。

有关此功能的详细信息,请参阅使用 RMS 共享应用程序跟踪和撤销文档Read Track and revoke your documents when you use the RMS sharing application for more information regarding this feature.

方案 2:使用浏览器跟踪使用情况Scenario 2: Track usage using Browser

在某些情况下,你的设备上可能没有安装 Office 应用程序,但仍需要监控文档使用情况。In some circumstances, you may not have an Office application installed on your device, but you still need to monitor document usage. 请通过支持的浏览器转到文档跟踪站点使用凭据登录,选择想要跟踪的文档后,你将看到使用情况统计信息,如下面屏幕中所示:From a supported browser, go to the document tracking site, sign in with your credentials, and when you select the document that you want to track, you should see statistics of usage as shown in the following screen:

图形显示了通过 Web 浏览器得到文档使用统计信息。

在此屏幕中,可以看到文件共享的某段月份里的浏览数和被拒绝访问数。In this screen, you can see the number of views and number of denied access for the number of months that this file was shared. 尽管每个磁贴都有一个显示访问该文件的用户的摘要信息,你还可以在单击磁贴获取更多信息。Although each tile has a summary showing the users that accessed the file, you can obtain more information when you click on the tile. 对于上一屏幕中的示例,选择拒绝访问时将显示以下结果:For the example in the previous screen, the following result is shown when selecting the denied access:

图形显示了来自 web 浏览器的文档拒绝访问统计信息。

方案 3:撤销对共享文档的访问权限Scenario 3: Revoke access to shared document

监视文档时,掌握使用情况是了解用户行为的重要步骤,它的重要价值表现在可根据监视文档时发现的情况采取相应的行动。While monitoring document, usage is an important step to understand a user’s behavior, the biggest value comes when you can take an action based on what you found while monitoring the document. 例如,阅读使用情况报告后发现有效用户在尝试访问此文档时被拒绝访问。For example, after reading the usage report you identified that a valid user received access denied while trying to access this document. 此时,你应该采取纠正措施来解决此问题。At this point you should take a corrective action to fix this issue.

还有一些响应安全事件的场景。There are also scenarios where you are responding to a security incident. 例如,发现广泛共享的某个文档包含有公司机密信息,并且人力资源部要求 IT 撤销对此文档的访问。For example, it was identified that one of the documents that was widely shared has company’s confidential information and HR requested IT to revoke access to this document. 撤消某个文档时,它并不会删除你共享的文档,但获得授权的用户将不再能够打开该文档。When you revoke a document, it doesn't delete the document that you shared, but authorized users will no longer be able to open it. 若要撤销访问权限,只需单击位于跟踪使用情况页面上“撤销访问权限”就会看到类似于下面屏幕的窗体:To revoke access, you just need to click Revoke Access, located in the track usage page and you will see a form similar to the following screen:

图形显示了“撤销访问”窗体,它可以撤销对文档的访问权限。

你可以启用此选项以通知收件人已撤销对此文档的访问权限,还可以包含一条消息解释撤销的原因。You can enable the option to notify the recipients that the access to this documented was revoked and you can include a message with the explanation of why this document was revoked.