邮件加密Message Encryption

人们经常使用电子邮件来交换敏感信息,例如财务数据、法律合同、机密产品信息、销售报表和预测、患者健康信息或客户和员工信息。因此,邮箱可能会成为一个包含大量潜在敏感信息的存储库,信息泄露可能会成为您组织的严重威胁。People often use email to exchange sensitive information, such as financial data, legal contracts, confidential product information, sales reports and projections, patient health information, or customer and employee information. As a result, mailboxes can become repositories for large amounts of potentially sensitive information and information leakage can become a serious threat to your organization.

使用 Office 365 邮件加密,组织可以在组织内部和外部的人员之间发送和接收加密的电子邮件。With Office 365 Message Encryption, your organization can send and receive encrypted email messages between people inside and outside your organization. Office 365 邮件加密适用于 Outlook.com、Yahoo!、Gmail 和其他电子邮件服务。Office 365 Message Encryption works with Outlook.com, Yahoo!, Gmail, and other email services. 电子邮件加密有助于确保只有预期的收件人可以查看邮件内容。Email message encryption helps ensure that only intended recipients can view message content.

Office 365 邮件加密的工作原理How Office 365 Message Encryption works

本文的其余部分适用于新的 OME 功能。The rest of this article applies to the new OME capabilities.

Office 365 邮件加密是基于 Microsoft Azure 权限管理(Azure RMS)构建的一种在线服务,它是 Azure 信息保护的一部分。Office 365 Message Encryption is an online service that's built on Microsoft Azure Rights Management (Azure RMS) which is part of Azure Information Protection. 这包括加密、标识和授权策略,以帮助保护您的电子邮件。This includes encryption, identity, and authorization policies to help secure your email. 您可以使用权限管理模板、"不转发" 和 "仅加密" 选项对邮件进行加密。You can encrypt messages by using rights management templates, the Do Not Forward option, and the encrypt-only option.

然后,用户可以使用这些选项来加密电子邮件和各种附件。Users can then encrypt email messages and a variety of attachments by using these options. 有关受支持的附件类型的完整列表,请参阅关于电子邮件的 Irm 简介中的 "在将 irm 策略附加到邮件时受 irm 策略覆盖的文件类型"For a full list of supported attachment types, see "File types covered by IRM policies when they are attached to messages" in Introduction to IRM for email messages.

作为管理员,您还可以定义邮件流规则以应用此保护。As an administrator, you can also define mail flow rules to apply this protection. 例如,您可以创建需要对发送到特定收件人的所有邮件进行加密,或在主题行中包含特定词语的规则,同时指定收件人无法复制或打印邮件的内容。For example, you can create a rule that requires the encryption of all messages addressed to a specific recipient, or that contains specific words in the subject line, and also specify that recipients can't copy or print the contents of the message.

与早期版本的 OME 不同,新功能提供了统一的发件人体验,无论您是将邮件发送到组织内部还是 Microsoft 365 之外的收件人。Unlike the previous version of OME, the new capabilities provide a unified sender experience whether you're sending mail inside your organization or to recipients outside of Microsoft 365. 此外,收到受保护的电子邮件的收件人在 Outlook 2016 或 web 上的 Outlook 中发送到 Microsoft 365 帐户时,无需执行任何其他操作即可查看邮件。In addition, recipients who receive a protected email message sent to a Microsoft 365 account in Outlook 2016 or Outlook on the web, don't have to take any additional action to view the message. 无缝运行。It works seamlessly. 使用其他电子邮件客户端和电子邮件服务提供商的收件人也具有改进的体验。Recipients using other email clients and email service providers also have an improved experience. 有关信息,请参阅了解 Office 365 中的受保护邮件如何打开受保护的邮件For information, see Learn about protected messages in Office 365 and How do I open a protected message.

有关 OME 的早期版本和新的 OME 功能之间的差异的详细列表,请参阅比较版本的 OMEFor a detailed list of the differences between the previous version of OME and the new OME capabilities, see Compare versions of OME.

当某人发送与加密邮件流规则匹配的电子邮件时,会在发送邮件之前对其进行加密。When someone sends an email message that matches an encryption mail flow rule, the message is encrypted before it's sent. 使用 Outlook 客户端读取邮件的所有 Microsoft 365 最终用户将接收对加密和受权限保护的邮件的本机、第一类阅读体验,即使它们与发件人不在同一组织中也是如此。All Microsoft 365 end users that use Outlook clients to read mail receive native, first-class reading experiences for encrypted and rights-protected mail even if they're not in the same organization as the sender. 支持的 Outlook 客户端包括 Outlook 桌面、Outlook Mac、iOS 和 Android 上的 Outlook 移动以及 web 上的 Outlook (以前称为 Outlook Web App)。Supported Outlook clients include Outlook desktop, Outlook Mac, Outlook mobile on iOS and Android, and Outlook on the web (formerly known as Outlook Web App).

接收被加密邮件或受权限保护的邮件发送到其 Outlook.com、Gmail 和 Yahoo 帐户的邮件收件人将收到一封包装邮件,该邮件将其定向到 OME 门户,在该门户中,可以使用 Microsoft 帐户、Gmail 或 Yahoo 凭据轻松地对其进行身份验证。Recipients of encrypted messages who receive encrypted or rights-protected mail sent to their Outlook.com, Gmail, and Yahoo accounts receive a wrapper mail that directs them to the OME Portal where they can easily authenticate using a Microsoft account, Gmail, or Yahoo credentials.

在 Outlook 以外的客户端上阅读加密或受权限保护的邮件的最终用户也使用 OME 门户来查看他们收到的加密邮件和受权限保护的邮件。End users that read encrypted or rights-protected mail on clients other than Outlook also use the OME portal to view encrypted and rights-protected messages that they receive.

如果受保护邮件的发件人在 GCC 高,且收件人不在 GCC 高(包括商业用户、Outlook.com 用户和其他电子邮件提供商(如 Gmail)的用户)中,则收件人会收到包装邮件。If the sender of the protected mail is in GCC High and the recipient is outside of GCC High, including commercial users, Outlook.com users, and users of other email providers such as Gmail, the recipient receives a wrapper mail. 包装邮件将收件人定向到 OME 门户,在该门户中,收件人能够读取和回复邮件。The wrapper mail directs the recipient to the OME Portal where the recipient is able to read and reply to the message. 否则,如果发件人和收件人都在 GCC 高环境中,即使它们不在同一组织中,使用 Outlook 客户端读取邮件的收件人可以接收对加密和受权限保护的邮件的本机、第一类阅读体验。Otherwise, if the sender and recipient are both in the GCC High environment, even if they're not in the same organization, then recipients that use Outlook clients to read mail receive native, first-class reading experiences for encrypted and rights-protected mail. 有关 GCC High 中的不同体验的详细信息,请参阅比较版本的 OMEFor more information about the different experience in GCC High, see Compare versions of OME.

有关可以使用 OME 进行加密的邮件和附件的大小限制的详细信息,请参阅Exchange Online 限制For more information about size limits for messages and attachments that you can encrypt using OME, see Exchange Online Limits.

Office 365 高级邮件加密在 OME 上的工作原理How Office 365 Advanced Message Encryption works on top of OME

Office 365 高级邮件加密功能使您可以创建多个品牌打造模板,以便您可以微调对收件人邮件的控制并创建自定义品牌打造体验以支持不同的组织结构。Office 365 Advanced Message Encryption lets you create multiple branding templates so you can fine-tune control over recipient mail and create custom branding experiences to support a diverse organizational structure.

Microsoft 365 中的高级邮件加密帮助您满足合规性义务,这些要求需要更灵活地控制外部收件人对加密电子邮件的访问。Advanced Message Encryption in Microsoft 365 helps you meet compliance obligations that require more flexible control over external recipient's access to encrypted emails. 使用 Office 365 中的高级邮件加密作为管理员,您可以控制在组织外共享的敏感电子邮件,通过自动策略检测敏感信息类型(例如,PII、财务或运行状况 Id)或关键字以通过将安全 web 门户转到加密电子邮件来增强保护。With Advanced Message Encryption in Office 365, as an administrator, you can control sensitive emails shared outside the organization with automatic policies that detect sensitive information types (for example, PII, Financial or Health IDs) or keywords to enhance protection by expiring access through a secure web portal to encrypted emails. 作为管理员,你可以随时撤销对电子邮件的访问权限,从而进一步控制通过 Microsoft 365 web 门户访问的加密电子邮件。As an admin you can further control encrypted emails accessed through a Microsoft 365 web portal by revoking access to an email anytime.

邮件吊销和过期仅适用于您的用户向组织外部的收件人发送的电子邮件。Message revocation and expiration only work for emails that your users send to recipients outside your organization. 此外,收件人必须通过 web 门户访问电子邮件。In addition, the recipients must access the email through the web portal. 为了确保收件人使用门户接收电子邮件,您设置了一个应用包装的自定义品牌模板。To ensure the recipient uses the portal to receive email, you set up a custom branding template that applies the wrapper. 然后,在邮件流规则中应用品牌模板。Then, you apply the branding template in a mail flow rule. 有关高级邮件加密的详细信息,请参阅Office 365 高级邮件加密For more information about Advanced Message Encryption, see Office 365 Advanced Message Encryption.

定义 Office 365 邮件加密的规则Defining rules for Office 365 Message Encryption

启用 Office 365 邮件加密的新功能的一种方法是 Exchange Online 和 Exchange Online Protection 管理员定义邮件流规则。One way to enable the new capabilities for Office 365 Message Encryption is for Exchange Online and Exchange Online Protection administrators to define mail flow rules. 这些规则确定应在哪些条件下加密电子邮件。These rules determine under what conditions email messages should be encrypted. 为规则设置加密操作后,与规则条件匹配的任何邮件在发送之前都会被加密。When an encryption action is set for a rule, any messages that match the rule conditions are encrypted before they're sent.

邮件流规则是灵活的,允许您将条件组合在一起,以便您可以在单个规则中满足特定的安全要求。Mail flow rules are flexible, letting you combine conditions so you can meet specific security requirements in a single rule. 例如,您可以创建一个规则,对包含特定关键字且发送给外部收件人的所有邮件进行加密。For example, you can create a rule to encrypt all messages that contain specified keywords and are addressed to external recipients. Office 365 邮件加密的新功能还对来自加密电子邮件收件人的答复进行加密。The new capabilities for Office 365 Message Encryption also encrypt replies from recipients of encrypted email.

有关如何创建邮件流规则以利用新的 OME 功能的详细信息,请参阅Define rules For Office 365 Message EncryptionFor more information about how to create mail flow rules to take advantage of the new OME capabilities, see Define Rules for Office 365 Message Encryption.

开始使用新的 OME 功能Get started with the new OME capabilities

如果你已准备好开始使用组织中的新 OME 功能,请参阅设置新的 Office 365 邮件加密功能If you're ready to get started using the new OME capabilities within your organization, see Set up new Office 365 Message Encryption capabilities.

发送、查看和回复加密电子邮件Sending, viewing, and replying to encrypted email messages

使用 Office 365 邮件加密,用户可以从 Outlook 和 web 上的 Outlook 发送加密电子邮件。With Office 365 Message Encryption, users can send encrypted email from Outlook and Outlook on the web. 此外,管理员还可以在 Microsoft 365 中设置邮件流规则,以根据关键字匹配或其他条件自动加密电子邮件。Additionally, admins can set up mail flow rules in Microsoft 365 to automatically encrypt emails based on keyword matching or other conditions.

组织中的加密邮件收件人将能够在任何版本的 Outlook 中无缝阅读这些邮件,包括 Outlook for PC、Outlook for Mac、Outlook 网页版、Outlook for iOS 和 Outlook for Android。Recipients of encrypted messages who are in organizations will be able to read those messages seamlessly in any version Outlook, including Outlook for PC, Outlook for Mac, Outlook on the web, Outlook for iOS, and Outlook for Android. 在其他电子邮件客户端上接收加密邮件的用户可以在 OME 门户中查看这些邮件。Users that receive encrypted messages on other email clients can view the messages in the OME portal.

有关如何发送和查看加密邮件的详细指导,请参阅以下文章:For detailed guidance about how to send and view encrypted messages, take a look at these articles:

阅读本文 .。。Read this article... 如果您是 .。。If you are...
了解 Office 365 中的受保护邮件Learn about protected messages in Office 365 想要详细了解加密邮件的工作方式以及可供您使用的选项的最终用户。An end user that wants to learn more about how encrypted messages work and what options are available to you.
如何打开受保护的邮件?How do I open a protected message? 要读取已发送给您的受保护邮件的最终用户。An end user that wants to read a protected message that was sent to you. 本文包含有关在 Outlook 的多个版本和不同的电子邮件帐户(包括除 gmail 和 Yahoo!之类的帐户之外的其他帐户)中读取邮件365的信息。This article includes information about reading messages in several versions of Outlook and from different email accounts, including those accounts outside of Microsoft 365 such as gmail and Yahoo! 账号.accounts.
在 Outlook 中发送、查看和回复加密邮件Send, view, and reply to encrypted messages in Outlook 要从 Outlook 发送、查看或回复加密邮件的最终用户。An end user that wants to send, view, or reply to an encrypted message from Outlook. 即使您不是组织的成员,仍会收到在 Outlook 中发送给您的加密邮件的通知。Even if you're not a member of an organization, you still receive notification of encrypted messages sent to you in Outlook. 使用此文章可获取有关如何查看和回复从 Office 365 发送的加密邮件的说明。Use this article for instructions on how to view and reply to encrypted messages sent from Office 365.
发送经过数字签名或加密的邮件Send a digitally signed or encrypted message 希望使用 Outlook for Mac 发送、查看或回复加密邮件的最终用户。An end user that wants to send, view, or reply to encrypted messages using Outlook for Mac. 本文还介绍了如何使用 OME 以外的加密方法,如 S/MIME。This article also covers using encryption methods other than OME, such as S/MIME.
在 Android 设备上查看加密邮件View encrypted messages on your Android device 已收到使用 Office 365 邮件加密在 Android 设备上加密的邮件的最终用户,可以使用免费的 OME 查看器应用程序查看邮件并发送加密答复。An end user who has received a message encrypted with Office 365 Message Encryption on your Android device, you can use the free OME Viewer app to view the message and send an encrypted reply. 本文介绍如何操作。This article explains how.
查看 iPhone 或 iPad 上的加密邮件View encrypted messages on your iPhone or iPad 已收到使用 Office 365 邮件加密在 iPhone 或 iPad 上加密的邮件的最终用户,您可以使用免费的 OME 查看器应用来查看邮件并发送加密答复。An end user who has received a message encrypted with Office 365 Message Encryption on your iPhone or iPad, you can use the free OME Viewer app to view the message and send an encrypted reply. 本文介绍如何操作。This article explains how.