从模板创建 DLP 策略Create a DLP policy from a template

在 Microsoft Exchange,您可以使用数据丢失防护 (DLP) 策略模板以帮助满足您的组织的邮件策略和合规性需求。这些模板包含可帮助您管理与几个常见的法律和法规要求相关联的消息数据的规则的预建的集。若要查看的由 Microsoft 提供的所有模板的列表,请参阅在 Exchange 中提供的 DLP 策略模板。示例 DLP 模板提供可帮助您管理:In Microsoft Exchange, you can use data loss prevention (DLP) policy templates to help meet the messaging policy and compliance needs of your organization. These templates contain pre-built sets of rules that can help you manage message data that is associated with several common legal and regulatory requirements. To see a list of all the templates supplied by Microsoft, see DLP policy templates supplied in Exchange. Example DLP templates that are supplied can help you manage:

  • 格雷姆-里奇-比利雷法案 (GLBA) 数据Gramm-Leach-Bliley Act (GLBA) data

  • 支付卡行业数据安全标准 (PCI-DSS)Payment Card Industry Data Security Standard (PCI-DSS)

  • 美国个人身份信息(美国 PII)United States Personally Identifiable Information (U.S. PII)

可以自定义任何这些 DLP 模板,也可以使用它们作为-是。DLP 策略模板基础之上包括新的条件或谓词和操作的传输规则。DLP 策略支持的全部传统的传输规则,并建立 DLP 策略后,您可以添加其他规则。有关策略模板的详细信息,请参阅DLP 策略模板。若要了解有关传输规则功能的详细信息,请参阅传输规则(Exchange Server 2016) 或邮件流规则 (传输规则) 在 Exchange Online。一旦启动强制实施策略,您可以了解有关如何通过查看以下主题观察结果:You can customize any of these DLP templates or use them as-is. DLP policy templates are built on top of transport rules that include new conditions or predicates and actions. DLP policies support the full range of traditional transport rules, and you can add the additional rules after a DLP policy has been established. For more information about policy templates, see DLP Policy Templates. To learn more about transport rule capabilities, see Transport Rules (Exchange Server 2016) or Mail flow rules (transport rules) in Exchange Online. Once you have started enforcing a policy, you can learn about how to observe the results by reviewing the following topics:

Exchange 2013: DLP 策略检测管理Exchange 2013: DLP Policy Detection Management

Exchange Online: DLP policy detection reportsExchange Online: DLP policy detection reports

小心

在生产环境中运行 DLP 策略时,应在测试模式下启用这些策略。在此类测试中,建议配置示例用户邮箱并发送调用测试策略的测试邮件以便确认结果。You should enable your DLP policies in test mode before running them in your production environment. During such tests, it is recommended that you configure sample user mailboxes and send test messages that invoke your test policies in order to confirm the results.

在开始之前,您需要知道什么?What do you need to know before you begin?

  • 估计完成时间:30 分钟Estimated time to complete: 30 minutes

  • 确保 Exchange Server 的设置方式Planning and Deployment中所述。Ensure that Exchange Server is set up as described in Planning and Deployment.

  • 在组织中配置管理员和用户帐户并验证基本邮件流。Configure both administrator and user accounts within your organization and validate basic mail flow.

  • 您必须先获得权限,然后才能执行此过程或多个过程。若要查看所需的权限,请参阅 邮件策略和遵从性权限主题中的"数据丢失防护 (DLP)"条目You need to be assigned permissions before you can perform this procedure or procedures. To see what permissions you need, see the "Data loss prevention (DLP)" entry in the Messaging policy and compliance permissions topic

  • 若要了解可能适用于此主题中过程的键盘快捷键,请参阅 Exchange 管理中心内的键盘快捷键For information about keyboard shortcuts that may apply to the procedures in this topic, see Keyboard shortcuts in the Exchange admin center.

提示

遇到问题了吗?请在 Exchange 论坛中寻求帮助。 请访问以下论坛:Exchange ServerExchange OnlineExchange Online ProtectionHaving problems? Ask for help in the Exchange forums. Visit the forums at Exchange Server,Exchange Online, or Exchange Online Protection.

使用 EAC 通过模板配置 DLP 策略Use the EAC to configure a DLP policy from a template

  1. 在 EAC 中,导航到合规性管理 > 数据丢失防护,然后单击添加添加图标In the EAC, navigate to Compliance management > Data loss prevention, and then click AddAdd Icon.

    备注

    如果您单击添加旁边的箭头,则还可以选择此操作添加图标图标,并从下拉菜单选择模板新建 DLP 策略You can also select this action if you click the arrow next to the AddAdd Icon icon and select New DLP policy from template from the drop down menu.

  2. 创建新的 DLP 策略模板页上,填写以下字段:On the Create a new DLP policy from a template page, complete the following fields:

  3. 名称添加其他人将区分该策略的名称。Name Add a name that will distinguish this policy from others.

  4. 说明添加概括此策略的可选说明。Description Add an optional description that summarizes this policy.

  5. 选择一个模板选择相应的模板开始创建新策略。Choose a template Select the appropriate template to begin creating a new policy.

  6. 更多选项选择模式的状态。新策略完全未启用在指定它应之前。策略的默认模式是不通知的情况下测试。More options Select the mode or state. The new policy is not fully enabled until you specify that it should be. The default mode for a policy is test without notifications.

  7. 单击保存以完成策略创建。Click Save to finish creating the policy.

备注

除了特定模板中的规则之外,组织可能还具有应用于邮件环境中监管数据的其他期望或公司策略。Exchange 2013 使您可以方便地更改基本模板,以便添加操作,从而使 Exchange 邮件环境符合自己的要求。In addition to the rules within a specific template, your organization may have additional expectations or company policies that apply to regulated data within your messaging environment. Exchange 2013 makes it easy for you to change the basic template in order to add actions so that your Exchange messaging environment complies with your own requirements.

通过编辑它们内的规则,在 Exchange 2013 环境中保存策略后,您可以修改策略。示例规则更改可能包括使特定人员从策略中排除或发送一条通知和阻止邮件传递,如果找到一条消息,则具有敏感内容。有关编辑策略和规则的详细信息,请参阅管理 DLP 策略You can modify policies by editing the rules within them once the policy has been saved in your Exchange 2013 environment. An example rule change might include making specific people exempt from a policy or sending a notice and blocking message delivery if a message is found to have sensitive content. For more information about editing policies and rules, see Manage DLP Policies.

您需要导航到编辑 DLP 策略页上的特定策略的规则集,并使用该页上的可用的工具来更改您已创建在 Exchange 2013 的 DLP 策略。You have to navigate to the specific policy's rule set on the Edit DLP policy page and use the tools available on that page in order to change a DLP policy you have already created in Exchange 2013.

某些策略允许添加为邮件调用 RMS 的规则。在添加操作以使用这些类型的规则之前,必须在 Exchange 服务器上配置 RMS。Some policies allow the addition of rules that invoke RMS for messages. You must have RMS configured on the Exchange server before adding the actions to make use of these types of rules.

对于任何 DLP 策略,可以更改规则、操作、例外、强制执行时间段或是否强制执行策略中的其他规则,并且可以为每个策略添加自己的自定义条件。For any of the DLP policies, you can change the rules, actions, exceptions, enforcement time period or whether other rules within the policy are enforced and you can add your own custom conditions for each.

详细信息For more information

数据丢失防护Data loss prevention

DLP 策略模板DLP policy templates