定义用于加密电子邮件的邮件流规则Define mail flow rules to encrypt email messages

作为管理 Exchange Online 的管理员,您可以创建邮件流规则 (也称为传输规则) 保护您发送和接收的电子邮件。As an administrator that manages Exchange Online, you can create mail flow rules (also known as transport rules) to help protect email messages you send and receive. 您可以设置规则来加密任何传出电子邮件,并从来自组织内部的加密邮件或对从组织发送的加密邮件的答复中删除加密。You can set up rules to encrypt any outgoing email messages and remove encryption from encrypted messages coming from inside your organization or from replies to encrypted messages sent from your organization. 您可以使用 Exchange 管理中心 (EAC) 或 Exchange Online PowerShell 创建这些规则。You can use the Exchange admin center (EAC) or Exchange Online PowerShell to create these rules. 除了整体的加密规则,您还可以针对最终用户选择启用或禁用个人邮件加密选项。In addition to overall encryption rules, you can also choose to enable or disable individual message encryption options for end users.

无法加密来自组织外部发件人的入站邮件。You can't encrypt inbound mail from senders outside of your organization.

如果最近从 Active Directory RMS 迁移到 Azure 信息保护,则需要查看现有的邮件流规则,以确保它们继续在新环境中工作。If you recently migrated from Active Directory RMS to Azure Information Protection, you'll need to review your existing mail flow rules to ensure that they continue to work in your new environment. 此外,如果你想要利用通过 Azure 信息保护提供给你的新的 Office 365 邮件加密 (OME) 功能,则需要更新现有的邮件流规则。Also, if you want to take advantage of the new Office 365 Message Encryption (OME) capabilities available to you through Azure Information Protection, you need to update your existing mail flow rules. 否则,您的用户将继续接收使用以前的 HTML 附件格式的加密邮件,而不是新的无缝 OME 体验。Otherwise, your users will continue to receive encrypted mail that uses the previous HTML attachment format instead of the new, seamless OME experience. 如果尚未设置 OME,请参阅设置新的 Office 365 邮件加密功能 了解相关信息。If you haven't set up OME yet, see Set up new Office 365 Message Encryption capabilities for information.

有关组成邮件流规则的组件以及邮件流规则如何工作的信息,请参阅 Mail flow rules (transport rules) in Exchange OnlineFor information about the components that make up mail flow rules and how mail flow rules work, see Mail flow rules (transport rules) in Exchange Online. 有关邮件流规则如何与 Azure 信息保护一起运行的其他信息,请参阅为 Azure 信息保护标签配置 Exchange Online 邮件 流规则For additional information about how mail flow rules work with Azure Information Protection, see Configuring Exchange Online mail flow rules for Azure Information Protection labels.

重要

对于混合 Exchange 环境,只有当电子邮件通过 Exchange Online 路由时,本地用户才能使用 OME 发送和接收加密邮件。For hybrid Exchange environments, on-premises users can send and receive encrypted mail using OME only if email is routed through Exchange Online. 若要在混合 Exchange 环境中配置 OME,您需要首先使用混合配置向导配置混合,然后将邮件配置为从Office 365流向您的电子邮件服务器,然后将邮件配置为从您的电子邮件服务器流向Office 365。To configure OME in a hybrid Exchange environment, you need to first configure hybrid using the Hybrid Configuration wizard and then configure mail to flow from Office 365 to your email server and configure mail to flow from your email server to Office 365. 将邮件配置为通过 Office 365 后,可以使用本指南为 OME 配置邮件流规则。Once you've configured mail to flow through Office 365, then you can configure mail flow rules for OME by using this guidance.

创建邮件流规则以使用新的 OME 功能加密电子邮件Create mail flow rules to encrypt email messages with the new OME capabilities

可以使用 EAC 定义邮件流规则,以使用新的 OME 功能触发邮件加密。You can define mail flow rules for triggering message encryption with the new OME capabilities by using the EAC.

使用 EAC 创建使用新的 OME 功能加密电子邮件的规则Use the EAC to create a rule for encrypting email messages with the new OME capabilities

  1. 在 Web 浏览器中,使用已被授予全局管理员权限的工作或学校帐户登录Office 365。In a web browser, using a work or school account that has been granted global administrator permissions, sign in to Office 365.

  2. 选择" 管理" 磁贴。Choose the Admin tile.

  3. 在 Microsoft 365 管理中心中,选择"管理 中心 > ""Exchange"。In the Microsoft 365 admin center, choose Admin centers > Exchange.

  4. 在 EAC 中,转到"邮件 流 > ""规则",然后选择"新建"  图标 > "创建新规则"。In the EAC, go to Mail flow > Rules and select New New icon > Create a new rule. 有关使用 EAC 的信息,请参阅Exchange Admin center in Exchange Online。For more information about using the EAC, see Exchange admin center in Exchange Online.

  5. " 名称"中,键入规则的名称,如加密邮件 DrToniRamos@hotmail.com。In Name, type a name for the rule, such as Encrypt mail for DrToniRamos@hotmail.com.

  6. "在应用此规则的条件"中,选择一个条件,并在必要时输入一个值。In Apply this rule if, select a condition, and enter a value if necessary. 例如,若要加密发送到 DrToniRamos@hotmail.com 的邮件:For example, to encrypt messages going to DrToniRamos@hotmail.com:

    1. 在“在以下情况应用此规则”中,选择“收件人为”。In Apply this rule if, select the recipient is.

    2. 从联系人列表中选择一个现有名称,或在“检查名称”框中键入一个新的电子邮件地址。Select an existing name from the contact list or type a new email address in the check names box.

      • 若要选择一个现有名称,可以从列表中进行选择,然后单击“确定”。To select an existing name, select it from the list and then click OK.

      • 若要输入新名称,请在"检查名称"框中键入电子邮件地址,然后选择"检查名称 > ""确定"。To enter a new name, type an email address in the check names box and then select check names > OK.

  7. 若要添加更多条件,请选择" 更多选项 ",然后选择" 添加 条件",然后从列表中选择。To add more conditions, choose More options and then choose add condition and select from the list.

    例如,若要仅在收件人在组织外部时应用规则,请选择"添加条件",然后选择"收件人在组织外部 / 内部 > "" 确定 > "。For example, to apply the rule only if the recipient is outside your organization, select add condition and then select The recipient is external/internal > Outside the organization > OK.

  8. 若要使用新的 OME 功能启用加密,请从"执行以下操作"中选择"修改邮件安全性",然后选择"应用 Office 365 邮件加密和权限保护"。To enable encryption using the new OME capabilities, from Do the following, select Modify the message security and then choose Apply Office 365 Message Encryption and rights protection. 从列表中选择 RMS 模板,选择"保存 ", 然后选择"确定 "。Select an RMS template from the list, choose Save, and then choose OK.

模板列表包括所有默认模板和选项,以及你创建供 Office 365 使用的任何自定义模板。The list of templates includes all default templates and options as well as any custom templates you've created for use by Office 365. 如果列表为空,请确保已使用新功能设置 Office 365 邮件加密,如设置新的 Office 365 邮件加密功能中所述If the list is empty, ensure that you have set up Office 365 Message Encryption with the new capabilities as described in Set up new Office 365 Message Encryption capabilities. 有关默认模板的信息,请参阅 配置和管理 Azure 信息保护的模板For information about the default templates, see Configuring and managing templates for Azure Information Protection. 有关"不要转发 "选项的信息 ,请参阅电子邮件 的"不要转发"选项For information about the Do Not Forward option, see Do Not Forward option for emails. 有关仅 加密选项的信息 ,请参阅电子邮件的仅 加密选项For information about the encrypt-only option, see Encrypt-only option for emails.

如果要指定 其他操作 ,可以选择"添加操作"。You can choose add action if you want to specify another action.

使用 EAC 更新现有邮件流规则以使用新的 OME 功能Use the EAC to update an existing mail flow rule to use the new OME capabilities

  1. 在 Web 浏览器中,使用已被授予全局管理员权限的工作或学校帐户登录Office 365。In a web browser, using a work or school account that has been granted global administrator permissions, sign in to Office 365.

  2. 选择" 管理" 磁贴。Choose the Admin tile.

  3. 在 Microsoft 365 管理中心中,选择"管理 中心 > ""Exchange"。In the Microsoft 365 admin center, choose Admin centers > Exchange.

  4. In the EAC, go to Mail flow > Rules.In the EAC, go to Mail flow > Rules.

  5. 在邮件流规则列表中,选择要修改的规则以使用新的 OME 功能,然后选择"编辑 编辑  "图标 In the list of mail flow rules, select the rule you want to modify to use the new OME capabilities and then choose Edit Edit icon.

  6. 若要使用新的 OME 功能启用加密,请从"执行以下操作"中选择"修改邮件安全性",然后选择"应用 Office 365 邮件加密和权限保护"。To enable encryption using the new OME capabilities, from Do the following, choose Modify the message security and then choose Apply Office 365 Message Encryption and rights protection. 从列表中选择 RMS 模板,选择"保存", 然后选择"确定 "。Select an RMS template from the list, choose Save and then choose OK.

    模板列表包括所有默认模板和选项,以及你创建供 Office 365 使用的任何自定义模板。The list of templates includes all default templates and options as well as any custom templates you've created for use by Office 365. 如果列表为空,请确保你已使用新功能设置 Office 365 邮件加密,如设置基于 Azure 信息保护 构建的新 Office 365邮件加密功能中所述。If the list is empty, ensure that you have set up Office 365 Message Encryption with the new capabilities as described in Set up new Office 365 Message Encryption capabilities built on top of Azure Information Protection. 有关默认模板的信息,请参阅 配置和管理 Azure 信息保护的模板For information about the default templates, see Configuring and managing templates for Azure Information Protection. 有关"不要转发"选项的信息,请参阅电子邮件 的"不要转发"选项For information about the Do Not Forward option, see Do Not Forward option for emails. 有关仅加密选项的信息,请参阅加密 仅电子邮件选项For information about the encrypt-only option, see Encrypt Only option for emails.

    如果要指定 其他操作 ,可以选择"添加操作"。You can choose add action if you want to specify another action.

  7. "执行以下操作"列表中,删除分配给"修改邮件安全性""应用以前版本的 > OME"的任何操作From the Do the following list, remove any actions that are assigned to Modify the message security > Apply the previous version of OME.

  8. 选择“保存”。Choose Save.

创建邮件流规则以使用新的 OME 功能删除电子邮件的加密Create mail flow rules to remove encryption for email messages with the new OME capabilities

可以使用 EAC 定义邮件流规则,以使用新的 OME 功能触发删除邮件加密。You can define mail flow rules for triggering remove message encryption with the new OME capabilities by using the EAC.

使用 EAC 创建规则以使用新的 OME 功能从电子邮件中删除加密Use the EAC to create a rule to remove encryption from email messages with the new OME capabilities

您可以删除组织可访问的加密。You can remove encryption that is accessible by your organization. 这意味着组织应用的任何加密邮件或受仅加密限制保护的任何邮件。This means any mail with encryption that is applied by the organization or any mail that is protected with encrypt-only restrictions.

  1. 在 Web 浏览器中,使用已被授予全局管理员权限的工作或学校帐户登录Office 365。In a web browser, using a work or school account that has been granted global administrator permissions, sign in to Office 365.

  2. 选择" 管理" 磁贴。Choose the Admin tile.

  3. 在 Microsoft 365 管理中心中,选择"管理 中心 > ""Exchange"。In the Microsoft 365 admin center, choose Admin centers > Exchange.

  4. 在 EAC 中,转到"邮件 流 > ""规则",然后选择"新建"  图标 > "创建新规则"。In the EAC, go to Mail flow > Rules and select New New icon > Create a new rule. 有关使用 EAC 的信息,请参阅Exchange Admin center in Exchange Online。For more information about using the EAC, see Exchange admin center in Exchange Online.

  5. " 名称"中,键入规则的名称,例如"从传出邮件中删除加密"。In Name, type a name for the rule, such as Remove encryption from outgoing mail.

  6. "在应用此规则的条件"中,选择应从邮件中删除加密的条件。In Apply this rule if, select the conditions where encryption should be removed from messages. 添加 发件人位于组织 > 内部收件人位于 > 组织内部Add The sender is located > Inside the organization or The recipient is located > Inside the organization.

  7. "执行以下操作"中选择"修改邮件安全性 > ""删除 Office 365 邮件加密和权限保护"。In Do the following, select Modify the message security > Remove Office 365 Message Encryption and rights protection.

  8. 选择“保存”。Select Save.

创建没有新功能的 Office 365 邮件加密的邮件流规则Create mail flow rules for Office 365 Message Encryption without the new capabilities

如果你尚未将组织移动到新的 OME 功能,Microsoft 建议你制定一个计划,在组织合理时尽快移动到新的 OME 功能。If you haven't yet moved your organization to the new OME capabilities, Microsoft recommends that you make a plan to move to the new OME capabilities as soon as it is reasonable for your organization. 有关说明,请参阅设置基于 Azure 信息保护构建的新 Office 365 邮件加密功能For instructions, see Set up new Office 365 Message Encryption capabilities built on top of Azure Information Protection. 否则, 请参阅为不使用新 OME 功能的 Office 365邮件加密定义邮件流规则。Otherwise, see Defining mail flow rules for Office 365 Message Encryption that don't use the new OME capabilities.

Office 365 中的加密Encryption in Office 365

设置全新的 Office 365 邮件加密功能Set up new Office 365 Message Encryption capabilities

将品牌添加到加密邮件Add branding to encrypted messages

Exchange Online 中的邮件流规则(传输规则)Mail flow rules (transport rules) in Exchange Online

邮件流规则 (Exchange Online Protection) 传输规则Mail flow rules (transport rules) in Exchange Online Protection