电子数据展示Microsoft 365中的解密Decryption in Microsoft 365 eDiscovery tools

加密是文件保护和信息保护策略的重要组成部分。Encryption is an important part of your file protection and information protection strategy. 所有类型的组织都使用加密技术来保护其组织的敏感内容,并确保只有合适的人员可以访问该内容。Organizations of all types use encryption technology to protect sensitive content within their organization and ensure that only the right people have access to that content.

若要对加密内容执行常见的电子数据展示任务,电子数据展示管理员需要从内容搜索、核心电子数据展示事例和加密事例导出电子邮件内容时解密Advanced eDiscovery内容。To execute common eDiscovery tasks on encrypted content, eDiscovery managers were required to decrypt email message content as it was exported from content searches, Core eDiscovery cases, and Advanced eDiscovery cases. 使用 Microsoft 加密技术加密的内容在导出之前无法查看。Content encrypted with Microsoft encryption technologies wasn't available for review until after it was exported.

为了更加轻松地管理电子数据展示工作流中的加密内容,Microsoft 365电子数据展示工具现在合并对附加到电子邮件并发送到 Exchange Online 中的加密文件的解密。1此外,存储在 SharePoint Online 和 OneDrive for Business 中的加密Advanced eDiscovery。To make it easier to manage encrypted content in the eDiscovery workflow, Microsoft 365 eDiscovery tools now incorporate the decryption of encrypted files attached to email messages and sent in Exchange Online.1 Additionally, encrypted documents stored in SharePoint Online and OneDrive for Business are decrypted in Advanced eDiscovery.

在此新功能之前,只有受权限管理保护的电子邮件内容 (未附加的文件) 解密。Prior to this new capability, only the content of an email message protected by rights management (and not attached files) were decrypted. 电子数据展示SharePoint OneDrive加密的文档无法解密。Encrypted documents in SharePoint and OneDrive couldn't be decrypted during the eDiscovery workflow. 现在,当准备预览搜索结果、添加到 Advanced eDiscovery 中的审阅集并导出时,使用 Microsoft 加密技术加密的文件位于 SharePoint 或 OneDrive 帐户上,可进行搜索和解密。Now, files that are encrypted with a Microsoft encryption technology is located on a SharePoint or OneDrive account are searchable and decrypted when the search results are prepared for preview, added to a review set in Advanced eDiscovery, and exported. 此外,还可以SharePoint OneDrive电子邮件中的加密文档。Additionally, encrypted documents in SharePoint and OneDrive that are attached to an email message are searchable. 此解密功能允许电子数据展示管理员在预览搜索结果时查看加密电子邮件附件和网站文档的内容,并在将已添加到 Advanced eDiscovery 审阅集后查看这些内容。This decryption capability allows eDiscovery managers to view the content of encrypted email attachments and site documents when previewing search results, and review them after they have been added to a review set in Advanced eDiscovery.

支持的加密技术Supported encryption technologies

Microsoft 电子数据展示工具支持使用 Microsoft 加密技术加密的项目。Microsoft eDiscovery tools support items encrypted with Microsoft encryption technologies. 这些技术是 Azure 权限管理和 Microsoft 信息保护 (特别是敏感度标签) 。These technologies are Azure Rights Management and Microsoft Information Protection (specifically sensitivity labels). 有关 Microsoft 加密技术的信息,请参阅加密。For more information about Microsoft encryption technologies, see Encryption. 不支持通过第三方加密技术加密的内容。Content encrypted by third-party encryption technologies isn't supported. 例如,不支持预览或导出使用非 Microsoft 技术加密的内容。For example, previewing or exporting content encrypted with non-Microsoft technologies isn't supported.

支持加密项目的电子数据展示活动eDiscovery activities that support encrypted items

下表标识了可以在 Microsoft 365 电子数据展示工具中对附加到电子邮件的加密文件以及 SharePoint 和 OneDrive 中执行的支持任务。The following table identifies the supported tasks that can be performed in Microsoft 365 eDiscovery tools on encrypted files attached to email messages and encrypted documents in SharePoint and OneDrive. 可以在符合搜索条件的加密文件上执行这些支持的任务。These supported tasks can be performed on encrypted files that match the criteria of a search. 值 表示功能在相应的电子数据展示 N/A 工具中不可用。A value of N/A indicates the functionality isn't available in the corresponding eDiscovery tool.

电子数据展示任务eDiscovery task 内容搜索Content search 核心电子数据展示Core eDiscovery 高级电子数据展示Advanced eDiscovery
在电子邮件和网站1中搜索加密文件中的内容Search for content in encrypted files in email and sites1 Yes Yes Yes
预览附加到电子邮件的加密文件Preview encrypted files attached to email Yes Yes Yes
预览加密文档SharePoint OneDrivePreview encrypted documents in SharePoint and OneDrive No No Yes
查看审阅集的加密文件Review encrypted files in a review set 不适用N/A 不适用N/A Yes
导出附加到电子邮件的加密文件Export encrypted files attached to email Yes Yes Yes
导出加密的文档SharePoint OneDriveExport encrypted documents in SharePoint and OneDrive No No Yes

备注

1不针对电子数据展示对位于本地计算机 (且未存储在 SharePoint 或 OneDrive 站点) 的加密文件编制索引。1 Encrypted files that are located on a local computer (and not stored on a SharePoint or OneDrive site) aren't indexed for eDiscovery. 这意味着,如果加密的本地文件附加到电子邮件,则关键字搜索查询不会返回该文件,即使该文件包含与搜索查询匹配的关键字。That means if an encrypted local file is attached to an email message, the file won't be returned by a keyword search query, even if the file contains keywords that match the search query. 但是,如果电子邮件属性 (如发送日期、发件人、收件人或主题) 匹配,电子数据展示搜索可以返回包含本地加密文件的电子邮件。However, email messages with local encrypted file can be returned by an eDiscovery search if an email property (such as sent date, sender, recipient, or subject) matches the search query.

敏感度标签的解密限制Decryption limitations with sensitivity labels

当应用了加密的敏感度标签SharePoint配置了以下任一设置时,电子数据展示不支持 SharePoint 和 OneDrive 中的加密文件:eDiscovery doesn't support encrypted files in SharePoint and OneDrive when a sensitivity label that applied the encryption is configured with either of the following settings:

  • 用户可以在手动将标签应用于文档时分配权限。Users can assign permissions when they manually apply the label to a document. 这有时称为用户 定义权限This is sometimes referred to as user-defined permissions.

  • 用户对文档的访问具有设置为"从不"的值的过期 设置User access to the document has an expiration setting that is set to a value other than Never.

有关这些设置详细信息,请参阅使用敏感度标签应用加密来限制对内容的访问中的"配置 加密设置"部分For more information about these settings, see the "Configure encryption settings" section in Restrict access to content by using sensitivity labels to apply encryption.

使用以前的设置加密的文档仍可由电子数据展示搜索返回。Documents encrypted with the previous settings can still be returned by an eDiscovery search. 当文档属性匹配搜索 (,例如标题、作者或修改日期) 可能会发生这种情况。This may happen when a document property (such as the title, author, or modified date) matches the search criteria. 尽管这些文档可能包含在搜索结果中,但无法预览或查看它们。Although these documents might be included in search results, they can't be previewed or reviewed. 这些文档在导出时也会保持加密Advanced eDiscovery。These documents will also remain encrypted when they're exported in Advanced eDiscovery.

电子数据展示中的解密要求Requirements for decryption in eDiscovery

您必须获得 RMS 解密角色,以预览、查看和导出使用 Microsoft 加密技术加密的文件。You have to be assigned the RMS Decrypt role to preview, review, and export files encrypted with Microsoft encryption technologies. 还必须分配有此角色,以审阅和查询已添加到 Advanced eDiscovery 审阅集的加密Advanced eDiscovery。You also have to be assigned this role to review and query encrypted files that are added to a review set in Advanced eDiscovery.

默认情况下,此角色分配给安全与合规中心中"权限"页上Office 365电子数据&组。This role is assigned by default to the eDiscovery Manager role group on the Permissions page in the Office 365 Security & Compliance Center. 有关 RMS 解密角色详细信息,请参阅分配 电子数据展示权限For more information about the RMS Decrypt role, see Assign eDiscovery permissions.