Microsoft 365 内部风险解决方案Insider risk solutions in Microsoft 365

内部风险是新式工作场所中安全与合规专业人员最关心的问题之一。Insider risks are one of the top concerns of security and compliance professionals in the modern workplace. 行业研究表明,内部风险通常与特定的用户事件或活动相关联。Industry studies have shown that insider risks are often associated with specific user events or activities. 保护组织免受这些风险可能难以识别且难以缓解。Protecting your organization against these risks can be challenging to identify and difficult to mitigate. 内部风险包括多个方面的漏洞,并且可能导致组织出现严重问题,包括知识产权丢失和工作场所骚扰等。Insider risks include vulnerabilities in a variety of areas and can cause major problems for your organization, ranging from the loss of intellectual property to workplace harassment, and more. 下图概述了常见的内部风险:The following figure outlines common insider risks:

内部风险威胁

Microsoft 365风险防护功能已设计为内置于我们的内部风险产品和解决方案中。Microsoft 365 risk prevention features are designed and built-in to our insider risk products and solutions. 这些解决方案协同工作,并使用高级服务和第三方指示器来帮助快速识别、会审和操作风险活动。These solutions work together and use advanced service and 3rd-party indicators to help you quickly identify, triage, and act on risk activity. 大多数解决方案都为数据分析师和研究人员提供了全面的检测、警报和修正工作流,以用于快速处理和最大限度地降低这些风险。Most solutions offer a comprehensive detection, alert, and remediation workflow for your data analysts and investigators to use to quickly act on and minimize these risks.

风险图标Risk icon 风险Risks 通信合规性Communication compliance 内部风险管理Insider risk management 信息屏障Information barriers 特权访问管理Privileged access management
数据泄漏图标 数据泄漏Data spillage 支持 支持
"违反机密"图标 违反保密规定Confidentiality violations 支持 支持 支持
IP 盗窃图标 IP 盗窃IP theft 支持 支持 支持
工作场所暴力图标 工作场所暴力Workplace violence 受支持
欺诈/欺诈图标 欺诈Fraud 支持 支持
策略违反图标 策略违反Policy violations 支持 支持 支持 支持
预览体验成员交易/握手图标 内幕交易Insider trading 受支持
"利益冲突"图标 冲突Conflicts of interest 支持 支持
敏感数据泄露/设备图标 敏感数据泄露Sensitive data leaks 支持 支持
工作场所骚扰/人员图标 工作场所骚扰Workplace harassment 受支持
安全冲突图标 违反安全规定Security violations 支持 支持
违反法规的图标 违反法规遵从性Regulatory compliance violations 支持 支持 支持

Microsoft 365 内部风险解决方案Microsoft 365 insider risk solutions

若要帮助组织抵御内部风险,请使用Microsoft 365和特性。To help protect your organization against insider risks, use these Microsoft 365 capabilities and features.

通信合规性Communication compliance

通信合规性通过帮助您检测、捕获和操作组织中不适当的邮件,帮助最大程度地降低通信风险。Communication compliance helps minimize communication risks by helping you detect, capture, and act on inappropriate messages in your organization. 通信合规性在下列订阅中可用:Communication compliance is available in the following subscriptions:

  • Microsoft 365 E5 订阅(付费或试用版本)Microsoft 365 E5 subscription (paid or trial version)
  • Microsoft 365 E3 订阅 + Microsoft 365 E5 合规加载项Microsoft 365 E3 subscription + the Microsoft 365 E5 Compliance add-on
  • Microsoft 365 E3 订阅 + Microsoft 365 E5 预览体验成员风险管理加载项Microsoft 365 E3 subscription + the Microsoft 365 E5 Insider Risk Management add-on
  • Microsoft 365 A5 订阅(付费或试用版本)Microsoft 365 A5 subscription (paid or trial version)
  • Microsoft 365 A3 订阅 + Microsoft 365 A5 合规加载项Microsoft 365 A3 subscription + the Microsoft 365 A5 Compliance add-on
  • Microsoft 365 A3 订阅 + Microsoft 365 A5 预览体验成员风险管理加载项Microsoft 365 A3 subscription + the Microsoft 365 A5 Insider Risk Management add-on
  • Microsoft 365 G5 订阅(付费或试用版本)Microsoft 365 G5 subscription (paid or trial version)
  • Microsoft 365 G5 订阅 + Microsoft 365 G5 合规加载项Microsoft 365 G5 subscription + the Microsoft 365 G5 Compliance add-on
  • Microsoft 365 G5 订阅 + Microsoft 365 G5 预览体验成员风险管理加载项Microsoft 365 G5 subscription + the Microsoft 365 G5 Insider Risk Management add-on
  • Office 365 企业版 E5 订阅(付费或试用版本)Office 365 Enterprise E5 subscription (paid or trial version)
  • Office 365 A5 订阅(付费或试用版本)Office 365 A5 subscription (paid or trial version)
  • Office 365 企业版 E3 订阅和 Office 365 高级合规版附加设备(不再适用于新订阅)Office 365 Enterprise E3 subscription + the Office 365 Advanced Compliance add-on (no longer available for new subscriptions)

内部风险管理Insider risk management

内部风险管理通过让你能够检测、调查和处理组织中恶意和无意的活动,帮助最大程度地降低内部风险。Insider risk management helps minimize internal risks by enabling you to detect, investigate, and act on malicious and inadvertent activities in your organization.

以下订阅中提供内部风险管理:Insider risk management is available in the following subscriptions:

  • Microsoft 365 E5 订阅(付费或试用版本)Microsoft 365 E5 subscription (paid or trial version)
  • Microsoft 365 E3 订阅 + Microsoft 365 E5 合规加载项Microsoft 365 E3 subscription + the Microsoft 365 E5 Compliance add-on
  • Microsoft 365 E3 订阅 + Microsoft 365 E5 预览体验成员风险管理加载项Microsoft 365 E3 subscription + the Microsoft 365 E5 Insider Risk Management add-on
  • Microsoft 365 A5 订阅(付费或试用版本)Microsoft 365 A5 subscription (paid or trial version)
  • Microsoft 365 A3 订阅 + Microsoft 365 A5 合规加载项Microsoft 365 A3 subscription + the Microsoft 365 A5 Compliance add-on
  • Microsoft 365 A3 订阅 + Microsoft 365 A5 预览体验成员风险管理加载项Microsoft 365 A3 subscription + the Microsoft 365 A5 Insider Risk Management add-on
  • Microsoft 365 G5 订阅(付费或试用版本)Microsoft 365 G5 subscription (paid or trial version)
  • Microsoft 365 G3订阅 + Microsoft 365 G5 合规性加载项Microsoft 365 G3 subscription + the Microsoft 365 G5 Compliance add-on
  • Microsoft 365 G3订阅 + Microsoft 365 G5 内部风险管理加载项Microsoft 365 G3 subscription + the Microsoft 365 G5 Insider Risk Management add-on
  • Office 365E3 订阅 + Enterprise移动性和安全性 E3 + Microsoft 365 E5 合规加载项Office 365 E3 subscription + Enterprise Mobility and Security E3 + the Microsoft 365 E5 Compliance add-on

信息屏障Information barriers

信息屏障允许您限制两个内部组之间的通信和协作,以避免在组织中发生利益冲突。Information barriers allow you to restrict communication and collaboration between two internal groups to avoid a conflict of interest from occurring in your organization.

以下订阅中提供了信息屏障:Information barriers are available in the following subscriptions:

  • Microsoft 365 E5 订阅(付费或试用版本)Microsoft 365 E5 subscription (paid or trial version)
  • Microsoft 365 A5 订阅(付费或试用版本)Microsoft 365 A5 subscription (paid or trial version)
  • Office 365 企业版 E5 订阅(付费或试用版本)Office 365 Enterprise E5 subscription (paid or trial version)
  • Office 365 A5 订阅(付费或试用版本)Office 365 A5 subscription (paid or trial version)
  • Office 365 高级合规版加载项 (不再可用于新订阅) Office 365 Advanced Compliance add-on (no longer available for new subscriptions)
  • Microsoft 365 E3 订阅 + Microsoft 365 E5 合规加载项Microsoft 365 E3 subscription + the Microsoft 365 E5 Compliance add-on
  • Microsoft 365 E3 订阅 + Microsoft 365 E5 预览体验成员风险管理加载项Microsoft 365 E3 subscription + the Microsoft 365 E5 Insider Risk Management add-on
  • Microsoft 365 A3 订阅 + Microsoft 365 A5 合规加载项Microsoft 365 A3 subscription + the Microsoft 365 A5 Compliance add-on
  • Microsoft 365 A3 订阅 + Microsoft 365 A5 预览体验成员风险管理加载项Microsoft 365 A3 subscription + the Microsoft 365 A5 Insider Risk Management add-on

特权访问管理Privileged access management

利用特权访问管理,可以精细地控制特权Exchange Online管理任务Office 365。Privileged access management allows granular access control over privileged Exchange Online admin tasks in Office 365. 它可以帮助保护你的组织免受具有永久访问敏感数据或访问关键配置设置权限的现有特权管理账户带来的安全问题。It can help protect your organization from breaches that use existing privileged admin accounts with standing access to sensitive data or access to critical configuration settings.

特权访问管理在下列订阅中可用:Privileged access management is available in the following subscriptions:

  • Microsoft 365 E5 订阅(付费或试用版本)Microsoft 365 E5 subscription (paid or trial version)
  • Microsoft 365 A5 订阅(付费或试用版本)Microsoft 365 A5 subscription (paid or trial version)
  • Office 365 企业版 E5 订阅(付费或试用版本)Office 365 Enterprise E5 subscription (paid or trial version)
  • Office 365 A5 订阅(付费或试用版本)Office 365 A5 subscription (paid or trial version)
  • Microsoft 365 E3 订阅 + Microsoft 365 E5 合规加载项Microsoft 365 E3 subscription + the Microsoft 365 E5 Compliance add-on
  • Microsoft 365 E3订阅 + Microsoft 365 E5信息保护和管理加载项Microsoft 365 E3 subscription + the Microsoft 365 E5 Information Protection and Governance add-on
  • Microsoft 365 A3 订阅 + Microsoft 365 A5 合规加载项Microsoft 365 A3 subscription + the Microsoft 365 A5 Compliance add-on
  • Microsoft 365A3 订阅 + Microsoft 365 A5 信息保护和管理加载项Microsoft 365 A3 subscription + the Microsoft 365 A5 Information Protection and Governance add-on

部署Microsoft 365内部风险解决方案Deploy Microsoft 365 insider risk solutions

若要帮助组织抵御内部风险,请设置和部署以下Microsoft 365解决方案:To help protect your organization against insider risks, set up and deploy the following Microsoft 365 solutions:

内部风险解决方案深度防御

  1. 配置和创建 通信合规性策略Configure and create communication compliance policies.
  2. 配置和创建 内部风险管理策略Configure and create insider risk management policies.
  3. 可选:配置和创建 信息屏障策略Optional: Configure and create information barrier policies.
  4. 可选:启用和配置 特权访问管理Optional: Enable and configure privileged access management.

包含示例的图示Illustrations with examples

为帮助你规划实施内部风险Microsoft 365集成策略,请下载Microsoft 365信息保护和合规性 功能 集的图示。To help you plan an integrated strategy for implementing Microsoft 365 insider risk capabilities, download the Microsoft 365 information protection and compliance capabilities set of illustrations. 有关内部风险功能,请参阅体系结构图示第 5-7 页。For insider risk capabilities, see the architecture illustration pages 5-7. 可随时根据自己的使用情况来修改这些插图。Feel free to adapt these illustrations for your own use.

项目Item 说明Description
模型海报:Microsoft 365 信息保护和合规性功能Model poster: Microsoft 365 information protection and compliance capabilities
以 PDF 格式下载 | 以 Visio 格式下载Download as a PDF | Download as a Visio
更新时间:2020年 10 月Updated October 2020
包括:Includes:
  • Microsoft 信息保护和数据丢失防护Microsoft information protection and data loss prevention
  • 保留策略和保留标签Retention policies and retention labels
  • 信息屏障Information barriers
  • 通信合规性Communication compliance
  • 内部风险管理Insider risk management
  • 第三方数据摄取Third-party data ingestion

培训Training

针对每个内部风险解决方案对管理员和合规性团队进行基础知识培训可帮助组织更快速地开始部署和实施工作。Training your administrators and compliance team in the basics for each insider risk solution can help your organization get started more quickly with your deployment and implementation efforts.

Microsoft 365提供了以下资源来帮助通知并培训贵组织中这些用户:Microsoft 365 provides the following resources to help inform and train these users in your organization:

解决方案/区域Solution/Area 资源Resources
在 Microsoft 365 中管理内部风险Manage insider risk in Microsoft 365 完整学习路径Complete learning path
此学习路径包括通信合规性、内部风险管理、信息屏障和特权访问管理的所有单个解决方案模块。This learning path includes all the individual solution modules for communication compliance, insider risk management, information barriers, and privileged access management. 选择此学习路径以完成所有模块。Select this learning path to complete all the modules.
通信合规性Communication compliance 学习模块:准备通信合规性Microsoft 365Learning module: Prepare communication compliance in Microsoft 365
本模块可帮助你了解如何在通信合规性下识别和修正行为准则违反策略的基础知识,介绍创建通信合规性策略之前所需的先决条件,并了解通信合规性中内置的预定义策略模板的类型。This module helps you learn the basics on how to identify and remediate code-of-conduct policy violations with communication compliance, cover the prerequisites needed before creating communication compliance policies, and learn about the types of built-in, pre-defined policy templates in communication compliance.
内部风险管理Insider risk management 学习模块:企业内部风险管理Microsoft 365Learning module: Insider risk management in Microsoft 365
本模块可帮助你了解 Microsoft 365 中的内部风险管理如何有助于防止、检测和包含组织内部风险,了解内置预定义策略模板的类型,了解创建内部风险策略之前所需的基本先决条件,并说明您可以对内部风险管理案例采取的操作类型。This module helps you learn how insider risk management in Microsoft 365 can help prevent, detect, and contain internal risks in an organization, learn about the types of built-in, pre-defined policy templates, understand the basic prerequisites needed before creating insider risk policies, and explains the types of actions you can take on insider risk management cases.
信息屏障Information barriers 学习模块:规划信息障碍Learning module: Plan for information barriers
本模块可帮助你了解信息屏障策略如何帮助你的组织保持对相关行业标准和法规的遵从性,列出信息屏障适用的情况类型,帮助解释创建信息屏障策略的过程,并帮助说明在信息屏障就位后如何解决意外问题。This module helps you learn how information barrier policies can help your organization maintain compliance with relevant industry standards and regulations, lists the types of situations when information barriers would be applicable, helps explain the process of creating an information barrier policy, and helps explain how to troubleshoot unexpected issues after information barriers are in place.
特权访问管理Privileged access management 学习模块:实现特权访问管理Learning module: Implement privileged access management
本模块可帮助你了解特权访问管理和特权标识管理的区别,了解特权访问管理过程流,以及了解如何配置和启用特权访问管理的基础知识。This module helps you understand the difference between privileged access management and privileged identity management, understand the privileged access management process flow, and understand the basics of how to configure and enable privileged access management.