Microsoft 365 电子数据展示工具中的解密Decryption in Microsoft 365 eDiscovery tools

加密是文件保护和信息保护策略的重要组成部分。Encryption is an important part of your file protection and information protection strategy. 所有类型的组织都使用加密技术来保护其组织的敏感内容,并确保只有合适的人员可以访问该内容。Organizations of all types use encryption technology to protect sensitive content within their organization and ensure that only the right people have access to that content.

若要对加密内容执行常见的电子数据展示任务,电子数据展示管理员需要解密从内容搜索、核心电子数据展示事例和高级电子数据展示事例导出的电子邮件内容。To execute common eDiscovery tasks on encrypted content, eDiscovery managers were required to decrypt email message content as it was exported from content searches, Core eDiscovery cases, and Advanced eDiscovery cases. 使用 Microsoft 加密技术加密的内容在导出之前无法查看。Content encrypted with Microsoft encryption technologies wasn't available for review until after it was exported.

为了更加轻松地管理电子数据展示工作流中的加密内容,Microsoft 365 电子数据展示工具现在合并加密文件的解密,这些文件附加到电子邮件并在 Exchange Online 中发送。To make it easier to manage encrypted content in the eDiscovery workflow, Microsoft 365 eDiscovery tools now incorporate decryption of encrypted files that are attached to email messages and sent in Exchange Online. 此外,存储在 SharePoint Online 和 OneDrive for Business 中的加密文档在高级电子数据展示中解密。Additionally, encrypted documents stored in SharePoint Online and OneDrive for Business are decrypted in Advanced eDiscovery.

在此新功能之前,只有受权限管理保护的电子邮件内容 (未附加的文件) 解密。Prior to this new capability, only the content of an email message protected by rights management (and not attached files) were decrypted. 在电子数据展示工作流期间,SharePoint 和 OneDrive 中的加密文档无法解密。Encrypted documents in SharePoint and OneDrive couldn't be decrypted during the eDiscovery workflow. 现在,如果使用 Microsoft 加密技术加密的文件附加到电子邮件或位于 SharePoint 或 OneDrive 帐户上,则当准备预览搜索结果、添加到高级电子数据展示中的审阅集并导出时,将解密这些加密项目。Now, if a file that's encrypted with a Microsoft encryption technology is attached to an email message or located on a SharePoint or OneDrive account, those encrypted items are decrypted when the search results are prepared for preview, added to a review set in Advanced eDiscovery, and exported. 这允许电子数据展示管理员在预览搜索结果时查看加密电子邮件附件和网站文档的内容,在将这些内容添加到高级电子数据展示中的审阅集后查看这些内容。This allows eDiscovery managers to view the content of encrypted email attachments and site documents when previewing search results, and review them after they have been added to a review set in Advanced eDiscovery.

支持的加密技术Supported encryption technologies

Microsoft 电子数据展示工具支持使用 Microsoft 加密技术加密的项目。Microsoft eDiscovery tools support items encrypted with Microsoft encryption technologies. 这些技术是 Azure 权限管理和 Microsoft 信息保护 (特别是敏感度标签) 。These technologies are Azure Rights Management and Microsoft Information Protection (specifically sensitivity labels). 有关 Microsoft 加密技术的信息,请参阅加密。For more information about Microsoft encryption technologies, see Encryption. 不支持通过第三方加密技术加密的内容。Content encrypted by third-party encryption technologies isn't supported. 例如,不支持预览或导出使用非 Microsoft 技术加密的内容。For example, previewing or exporting content encrypted with non-Microsoft technologies isn't supported.

支持加密项目的电子数据展示活动eDiscovery activities that support encrypted items

下表标识了可在 Microsoft 365 电子数据展示工具中对附加到电子邮件的加密文件以及 SharePoint 和 OneDrive 中的加密文档执行的支持任务。The following table identifies the supported tasks that can be performed in Microsoft 365 eDiscovery tools on encrypted files attached to email messages and encrypted documents in SharePoint and OneDrive. 可以在符合搜索条件的加密文件上执行这些支持的任务。These supported tasks can be performed on encrypted files that match the criteria of a search. 值 表示功能在相应的电子数据展示 N/A 工具中不可用。A value of N/A indicates the functionality isn't available in the corresponding eDiscovery tool.

电子数据展示任务eDiscovery task 内容搜索Content search 核心电子数据展示Core eDiscovery 高级电子数据展示Advanced eDiscovery
在电子邮件和网站中搜索加密文件中的内容Search for content in encrypted files in email and sites Yes Yes Yes
预览附加到电子邮件的加密文件Preview encrypted files attached to email Yes Yes Yes
在 SharePoint 和 OneDrive 中预览加密文档Preview encrypted documents in SharePoint and OneDrive No No Yes
查看审阅集的加密文件Review encrypted files in a review set 不适用N/A 不适用N/A Yes
导出附加到电子邮件的加密文件Export encrypted files attached to email Yes Yes Yes
在 SharePoint 和 OneDrive 中导出加密文档Export encrypted documents in SharePoint and OneDrive No No Yes

注意: 当应用加密的敏感度标签配置为以下任一设置时,电子数据展示不支持 SharePoint 和 OneDrive 中的加密文件:Note: eDiscovery doesn't support encrypted files in SharePoint and OneDrive when a sensitivity label that applied the encryption is configured with either of the following settings:

  • 用户可以在手动将标签应用于文档时分配权限。Users can assign permissions when they manually apply the label to a document. 这有时称为用户 定义权限This is sometimes referred to as user-defined permissions.

  • 用户对文档的访问具有设置为"从不"的值的过期 设置User access to the document has an expiration setting that is set to a value other than Never.

有关这些设置详细信息,请参阅使用敏感度标签应用加密来限制对内容的访问中的"配置 加密设置"部分For more information about these settings, see the "Configure encryption settings" section in Restrict access to content by using sensitivity labels to apply encryption.

使用以前的设置加密的文档仍可由电子数据展示搜索返回。Documents encrypted with the previous settings can still be returned by an eDiscovery search. 当文档属性匹配搜索 (,例如标题、作者或修改日期) 可能会发生这种情况。This may happen when a document property (such as the title, author, or modified date) matches the search criteria. 尽管这些文档可能包含在搜索结果中,但无法预览或查看它们。Although these documents might be included in search results, they can't be previewed or reviewed. 在高级电子数据展示中导出这些文档时,这些文档也将保持加密状态。These documents will also remain encrypted when they're exported in Advanced eDiscovery.

电子数据展示中的解密要求Requirements for decryption in eDiscovery

您必须获得 RMS 解密角色,以预览、查看和导出使用 Microsoft 加密技术加密的文件。You have to be assigned the RMS Decrypt role to preview, review, and export files encrypted with Microsoft encryption technologies. 还必须分配有此角色,以审阅和查询添加到高级电子数据展示审阅集的加密文件。You also have to be assigned this role to review and query encrypted files that are added to a review set in Advanced eDiscovery.

默认情况下,此角色分配给 Office 365 安全与合规中心的"权限"页上的"电子数据展示&组。This role is assigned by default to the eDiscovery Manager role group on the Permissions page in the Office 365 Security & Compliance Center. 有关 RMS 解密角色详细信息,请参阅分配 电子数据展示权限For more information about the RMS Decrypt role, see Assign eDiscovery permissions.