活动资源管理器入门Get started with activity explorer

通过数据分类概述和内容资源管理器选项卡,您可以了解已发现和标记的内容以及该内容位于何处。The data classification overview and content explorer tabs give you visibility into what content has been discovered and labeled, and where that content is. 活动资源管理器通过允许你监视对已标记内容所执行的操作来完善此功能套件。Activity explorer rounds out this suite of functionality by allowing you to monitor what's being done with your labeled content. 活动资源管理器提供已标记内容上活动的历史视图。Activity explorer provides a historical view of activities on your labeled content. 活动信息收集自活动Microsoft 365统一审核日志,在活动资源管理器 UI 中转换和提供。The activity information is collected from the Microsoft 365 unified audit logs, transformed and made available in the Activity explorer UI.

占位符屏幕截图概述活动资源管理器

有 30 多种不同筛选器可供使用,其中有:There are over 30 different filters available for use, some are:

  • 日期范围date range
  • 活动类型activity type
  • 位置location
  • 用户user
  • 敏感度标签sensitivity label
  • 保留标签retention label
  • 文件路径file path
  • DLP 策略DLP policy

必备条件Prerequisites

访问和使用数据分类的每个帐户,都必须拥有从以下其中一个订阅向其分配的许可证:Every account that accesses and uses data classification must have a license assigned to it from one of these subscriptions:

  • Microsoft 365 (E5)Microsoft 365 (E5)
  • Office 365 (E5)Office 365 (E5)
  • 高级合规性(E5)加载项Advanced Compliance (E5) add-on
  • 高级威胁智能(E5)加载项Advanced Threat Intelligence (E5) add-on
  • Microsoft 365 E5/A5 信息保护和管控Microsoft 365 E5/A5 Info Protection & Governance
  • Microsoft 365 E5/A5 合规Microsoft 365 E5/A5 Compliance

权限Permissions

若要获取对活动资源管理器选项卡的访问权限,必须为帐户显式分配这些角色组中任何一个的成员身份或明确授予该角色。In order to get access to the activity explorer tab, an account must be explicitly assigned membership in any one of these role groups or explicitly granted the role.

Microsoft 365 角色组Microsoft 365 role groups

  • 全局管理员Global administrator
  • 合规性管理员Compliance administrator
  • 安全管理员Security administrator
  • 合规性数据管理员Compliance data administrator

Microsoft 365角色Microsoft 365 roles

  • 合规性管理员Compliance administrator
  • 安全管理员Security administrator

活动类型Activity types

活动资源管理器从多个活动源的审核日志中收集活动信息。Activity explorer gathers activity information from the audit logs on multiple sources of activities. 有关哪些标签活动可用于活动资源管理器的更多详细信息,请参阅活动资源管理器中可用的标签 事件For more detailed information on what labeling activity makes it to Activity explorer, see Labeling events available in Activity explorer.

Office 本机应用程序、Azure 信息保护外接程序、SharePoint Online 中的敏感度标签活动和保留标签活动Exchange Online (仅) 和 OneDrive。 Sensitivity label activities and Retention labeling activities from Office native applications, Azure Information Protection add-in, SharePoint Online, Exchange Online (sensitivity labels only) and OneDrive. 示例如下:Some examples are:

  • 已应用的标签label applied
  • 已更改(已升级、已降级或已删除)的标签label changed (upgraded, downgraded, or removed)
  • 自动标记模拟auto-labeling simulation
  • 文件读取file read

Azure 信息保护 (AIP) 扫描程序和 AIP 客户端Azure Information Protection (AIP) scanner and AIP clients

  • 已应用保护protection applied
  • 保护已更改protection changed
  • 已删除保护protection removed
  • 发现的文件files discovered

活动资源管理器还通过终结点数据丢失防护 (DLP) 收集来自 Exchange Online、SharePoint Online、OneDrive、Teams 聊天和频道 (预览) 、本地 SharePoint 文件夹和库以及本地文件共享以及 Windows 10 设备的 DLP 策略匹配事件。Activity explorer also gathers DLP policy matches events from Exchange Online, SharePoint Online, OneDrive, Teams Chat and Channel (preview), on-premises SharePoint folders and libraries, and on-premises file shares, and Windows 10 devices via Endpoint data loss prevention (DLP). 设备中的一Windows 10事件包括文件:Some examples events from Windows 10 devices are file:

  • deletionsdeletions
  • creationscreations
  • 复制到剪贴板copied to clipboard
  • 修改内容modified
  • 阅读read
  • 已打印printed
  • 已重命名renamed
  • 复制到网络共享copied to network share
  • 由不允许的应用访问accessed by unallowed app

了解对敏感标记内容采取的操作的价值是,你可以看到已放置的控件(如数据丢失防护)是否有效。 The value of understanding what actions are being taken with your sensitive labeled content is that you can see if the controls that you have already put into place, such as data loss prevention are effective or not. 如果无效,或者发现某项意外内容(如大量项目被标记为highly confidential并降级为general),则可管理各种策略并采取新操作来限制意外行为。If not, or if you discover something unexpected, such as a large number of items that are labeled highly confidential and are downgraded general, you can manage your various policies and take new actions to restrict the undesired behavior.

备注

活动资源管理器当前不监视 Exchange Online 的保留活动。Activity explorer doesn't currently monitor retention activities for Exchange Online.

另请参阅See also