Exchange Online 的安全性和合规性Security and compliance for Exchange Online

电子邮件已成为各种规模组织中信息工作者的可靠且普遍的通信媒体。邮件存储和邮箱已成为宝贵数据的存储库。组织制定的邮件策略要求充分利用其邮件系统,为用户提供有关如何对策略进行操作以及何处需要策略的指导原则,并提供有关可能不允许的通信类型的详细信息,这十分重要。Email has become a reliable and ubiquitous communication medium for information workers in organizations of all sizes. Messaging stores and mailboxes have become repositories of valuable data. It's important for organizations to formulate messaging policies that dictate the fair use of their messaging systems, provide user guidelines for how to act on the policies, and where required, provide details about the types of communication that may not be allowed.

组织还必须创建策略以管理电子邮件生命周期、在基于业务、法律和法规要求的时间长度内保留邮件、保留电子邮件记录以用于诉讼和调查目的以及准备好搜索并提供所需电子邮件记录来进行就地电子数据展示请求。Organizations must also create policies to manage email lifecycle, retain messages for the length of time based on business, legal, and regulatory requirements, preserve email records for litigation and investigation purposes, and be prepared to search and provide the required email records to fulfill eDiscovery requests.

还必须防止泄露敏感信息,如知识产权、商业秘密、业务计划和组织收集或处理的个人身份信息 (PII)。Leakage of sensitive information such as intellectual property, trade secrets, business plans, and personally identifiable information (PII) collected or handled by your organization must also be protected.

Exchange Online 中的安全性和合规性Security and compliance in Exchange Online

下表提供 Exchange Online 中的策略和合规性功能的概述,并包括可帮助了解和管理这些功能的主题的链接。The following table provides an overview of the security and compliance features in Exchange Online and includes links to topics that will help you learn about and manage these features.

功能Feature 描述Description
Online 在 Exchange 存档邮箱Archive Mailboxes in Exchange Online
存档邮箱(又名就地存档)通过提供额外的电子邮件存储帮助 Office 365 组织中的人员控制邮件数据。使用 Outlook 或 Outlook Web App,用户可以查看其存档邮箱中的邮件,并能在其主邮箱和存档邮箱之间移动或复制邮件。Archive mailboxes (called In-Place Archiving) let people in your Office 365 organization take control of messaging data by providing additional email storage. People can use Outlook or Outlook Web App to view messages in their archive mailbox and move or copy messages between their primary and archive mailboxes.
就地保留和诉讼保留In-Place Hold and Litigation Hold
就地保留和诉讼保留允许您保留或存档邮箱内容,以用于合规性和电子数据展示。In-Place Hold and Litigation Hold allow you to preserve or archive mailbox content for compliance and eDiscovery.
In-Place eDiscoveryIn-Place eDiscovery
就地电子数据展示允许组织内的授权合规性官员搜索整个 Exchange 组织的邮箱数据、预览搜索结果、将结果复制到发现邮箱或将其导出到 .pst 文件。In-Place eDiscovery allows authorized compliance officers in your organization to search mailbox data across your Exchange organization, preview search results, copy them to a Discovery mailbox or export them to a .pst file.
Exchange Online 中的非活动邮箱Inactive mailboxes in Exchange Online
您可以使用非活动邮箱无限期保留已删除邮箱的内容。您可以将邮箱置于就地保留或诉讼保留,然后删除相应的 Office 365 用户帐户,使邮箱进入非活动状态。除了保留邮箱内容以外,管理员或合规性官员可以使用就地电子数据展示搜索非活动邮箱的内容。You can preserve the contents of deleted mailboxes indefinitely by using inactive mailboxes. You can make an inactive mailbox by placing an In-Place Hold or a Litigation Hold on the mailbox, and then deleting the corresponding Office 365 user account. In addition to preserving mailbox contents, administrators or compliance officers can use In-Place eDiscovery to search the contents of an inactive mailbox.
数据丢失防护(DLP)Data loss prevention (DLP)
数据丢失防护 (DLP) 可帮助您识别和监控敏感信息,如专用标识号、信用卡卡号或您组织使用的标准表单。您可以创建 DLP 策略来通知用户他们发送的是敏感信息或阻止传输敏感信息。Data loss prevention (DLP) helps you identify and monitor sensitive information, such as private identification numbers, credit card numbers, or standard forms used in your organization. You can set up DLP policies to notify users that they are sending sensitive information or block the transmission of sensitive information.
Exchange 审核报告Exchange auditing reports
您可以使用 Exchange Online 中的审核功能跟踪 Microsoft 和组织管理员对 Exchange Online 配置所做的更改,以审核除邮箱所有者以外的用户对邮箱的访问。在 Exchange Online 中,会记录已审核的操作,并以在线报告的形式供查看,或者导出到文件中。You can use the auditing functionality in Exchange Online to track changes made to your Exchange Online configuration by Microsoft and by your organization's administrators, and to audit mailbox access by persons other than the mailbox owner. In Exchange Online, audited actions are recorded and available to view in an online report or export to a file.
邮件记录管理(MRM)Messaging records management (MRM)
邮件记录管理 (MRM) 可帮助您的组织管理电子邮件生命周期,以满足业务和法规要求,并降低与电子邮件相关的法律风险。在 Exchange Online 中,可以使用就地保留或诉讼保留来保留电子邮件保留标记和保留策略和存档删除电子邮件。Messaging records management (MRM) helps your organization manage email lifecycle to meet business and regulatory requirements and reduce the legal risks associated with email. In Exchange Online, you can use In-Place Hold or Litigation Hold to preserve email and Retention tags and retention policies to archive and delete email.
Exchange Online 中的信息权限管理Information Rights Management in Exchange Online
信息权限管理 (IRM) 有助于您和您的用户控件可以访问,转发、 打印或复制电子邮件中的敏感数据。IRM 可以使用您的本地 Active Directory Rights Management Services (AD RMS) 服务器。Information Rights Management (IRM) helps you and your users control who can access, forward, print, or copy sensitive data within an email. IRM can use your on-premises Active Directory Rights Management Services (AD RMS) server.
Office 365 邮件加密Office 365 Message Encryption
Office 365 邮件加密允许您将加密的邮件发送给内部或外部组织,无论目标电子邮件服务人员 — 是否 Outlook.com、 Yahoo、 Gmail 或另一项服务。指定的收件人可以发送加密的答复。Office 365 邮件加密结合了电子邮件加密和权限管理功能。Azure 信息保护由供电权限管理功能。Office 365 Message Encryption allow you to send encrypted messages to people inside or outside your organization, regardless of the destination email service—whether it's Outlook.com, Yahoo, Gmail, or another service. Designated recipients can send encrypted replies. Office 365 Message Encryption combines email encryption and rights management capabilities. Rights management capabilities are powered by Azure Information Protection.
S/MIME for Message Signing and EncryptionS/MIME for Message Signing and Encryption
安全/多用途 Internet 邮件扩展 (S/MIME) 让电子邮件用户能够通过在其组织内发送已签名和加密电子邮件来帮助保护敏感信息。作为管理员,如果您具有 Exchange 2013 SP1 或 Exchange Online 邮箱,您可以为组织启用基于 S/MIME 的安全。Secure/Multipurpose Internet Mail Extensions (S/MIME) allows email users to help protect sensitive information by sending signed and encrypted email within their organization. As an administrator, you can enable S/MIME-based security for your organization if you have mailboxes in either Exchange 2013 SP1 or Exchange Online.
Exchange Online 中的日记功能Journaling in Exchange Online
通过记录入站和出站电子邮件通信,日记功能可以帮助您满足法律、法规和组织遵从性要求。在 Exchange Online 中,您可以创建日记规则,将日记报告发送到内部部署邮箱、存档系统或外部存档服务。Journaling can help you meet legal, regulatory, and organizational compliance requirements by recording inbound and outbound email communications. In Exchange Online, you can create journal rules to deliver journal reports to your on-premises mailbox or archiving system, or to an external archiving service.
Exchange Online 中的邮件流规则(传输规则)Mail flow rules (transport rules) in Exchange Online
您可以使用邮件流(也称为传输规则)检查用户发送或接收的电子邮件并采取相应的操作,例如阻止或弹回邮件、将其保存以供经理或管理员审核,或者在邮件满足指定条件时向其他收件人传递副本。You can use mail flow rules, also known as Transport rules, to inspect messages sent or received by your users and take actions such as blocking or bouncing a message, holding it for review by a manager or an administrator or delivering a copy to another recipient if the message matches specified conditions.