全面了解数据组Learn all about data groups

什么是数据组?What is a data group?

数据组是在数据丢失防护 (DLP) 策略中对服务进行分类的一种简单方法。Data groups are a simple way to categorize services within a data loss prevention (DLP) policy. 可用的两个数据组为“仅限业务数据”组和“不允许业务数据”组。The two data groups available are the Business data only group and the No business data allowed group. 组织可以自由决定将哪些服务划分到特定数据组。Organizations are free to determine which services are placed into a particular data group. 对服务进行分类的一个好方法是根据服务对组织的影响将它们划分成组。A good way to categorize services is to place them in groups, based on the impact to the organization. 默认情况下,所有服务都划分到“不允许业务数据”数据组。By default, all services are placed into the No business data allowed data group. 可以通过从管理中心创建或修改 DLP 策略的属性,来管理数据组中的服务。You manage the services in a data group when you create or modify the properties of a DLP policy from the admin center.

数据组之间如何共享数据How data is shared between data groups

位于不同组中的服务之间不能共享数据。Data cannot be shared among services located in different groups. 例如,如果将 SharePoint 和 Salesforce 划分到“仅限业务数据”组,并将 Facebook 和 Twitter 划分到“不允许业务数据”组,则不能创建在 SharePoint 和 Facebook 之间移动数据的流。For example, if you place SharePoint and Salesforce in the Business data only group and you place Facebook and Twitter in the No business data allowed group, you cannot create a flow that moves data between SharePoint and Facebook. 尽管不能在不同组中的服务之间共享数据,但可以在特定组内的服务之间共享数据。While data cannot be shared among services in different groups, you can share data among the services within a specific group. 因此,让我们回到前面的示例,由于将 SharePoint 和 Salesforce 划分到同一个数据组,最终用户创建的流可以在 SharePoint 与 Salesforce 之间共享数据。So, going back to the earlier example, since SharePoint and Salesforce were placed in the same data group, flows that your end users create can share data between SharePoint and Salesforce. 同样,最终用户可以创建在 Facebook 和 Twitter 之间共享数据的流和 PowerApps。Similarly, end users can create flows and PowerApps that share data between Facebook and Twitter. 要点是特定组中的服务可以共享数据,而不同组中的服务不能共享数据。The key point is that services in a specific group can share data, while services in different groups cannot share data.

此外,还必须将一个数据组指定为默认组。Additionally, one data group must be designated as the default group. 最初,“不允许业务数据”组是默认组,所有服务都在该数据组中。Initially, the No business data allowed group is the default group and all services are in the data group. 管理员可以将默认数据组更改为“仅限业务数据”数据组。An administrator can change the default data group to the business data only data group. 注意 添加到流的任何新服务都将划分到指定的默认组。Note any new services that are added to flow will be placed in the designated default group. 出于此原因,建议你将“不允许业务数据”保留为默认组,并在组织评估了允许与新服务共享业务数据的影响后手动将服务添加到“仅限业务数据”组。For this reason, we recommend you keep the No business data allowed as the default group and manually add services into the Business data only group after your organization has evaluated the impact of allowing business data to be shared with the new service.

将服务添加到数据组Add services to a data group

在本演练中,我们会将 SharePoint 和 Salesforce 添加到数据丢失防护 (DLP) 策略的“仅限业务数据”数据组。In this walk-through, we'll add SharePoint and Salesforce to the business data only data group of a data loss prevention (DLP) policy.

  1. 选择 DLP 策略的“仅限业务数据”分组框中的“+添加”链接:Select the + Add link located inside the Business data only group box of a DLP policy:
    添加映像Add image
  2. 选择 SharePoint 和 Salesforce,然后选择“添加服务”,将这两项添加到“仅限业务数据”组:Select SharePoint and Salesforce then select Add services to add both to the business data only group:
    添加服务映像Add services image
  3. 从顶部菜单中选择“保存策略”:Select Save Policy from the menu at the top:
    保存策略Save policy
  4. 请注意,SharePoint 和 Salesforce 现在已在“仅限业务数据”组中:Notice that both SharePoint and Salesforce are now in the business data only group:
    已更新业务数据组

在本演练中,已将 SharePoint 和 Salesforce 添加到 DLP 策略的“仅限业务数据”数据组。In this walk-through, you've added SharePoint and Salesforce to the business data only data group of a DLP policy. 如果属于 DLP 策略环境的某人创建了一个应用,该应用在 SharePoint 或 Salesforce 与“不允许业务数据”数据组中的任何服务之间共享数据,则不会允许该应用运行。If a person who is part of the DLP policy's environment creates an app that shares data between SharePoint or Salesforce and any service in the No business data allowed data group, the app will not be allowed to run.

从数据组中删除服务Remove services from a data group

由于所有服务都必须在某一可用数据组,若要从特定组中删除某个服务,只需将该服务添加到另一个组,然后保存策略即可。Since all services must be in one of the available data groups, to remove a service from a specific group, simply add the service to another group then save the policy.

更改默认数据组Change the default data group

在本演练中,我们会将默认数据组从“不允许业务数据”数据组更改为“仅限业务数据”数据组。In this walk-through, we will change the default data group from the no business data allowed data group to the business data only data group.

重要信息 添加到流的任何新服务都将划分到指定的默认组。Important any new services that are added to flow will be placed in the designated default group. 出于此原因,建议你将“不允许业务数据”保留为默认组,并手动将服务添加到“仅限业务数据”组。For this reason, we recommend you keep the No business data allowed as the default group and manually add services into the Business data only group.

  1. 对于要指定为默认数据组的数据组,选择其右上角的“...”:Select the ... located at the top right corner of the data group you wish to designate as the default data group:
    更改默认组change default group
  2. 选择“设为默认组”:Select Set as default group:
    更改默认组change default group
  3. 从顶部菜单中选择“保存策略”:Select Save Policy from the menu at the top:
    更改默认组change default group
  4. 请注意,该数据组现在已指定为默认数据组:Notice the data group is now designated as the default data group:
    更改默认组

后续步骤Next steps