了解敏感度标签Learn about sensitivity labels

Microsoft 365 安全性与合规性许可指南Microsoft 365 licensing guidance for security & compliance.

组织内人员需要与组织内外的其他人员协作,才能完成工作。也就是说,内容不再一直停留在防火墙后面,而是可跨设备、应用和服务到处漫游。你希望内容的漫游方式不仅安全、受保护,还符合组织的业务和合规性策略。To get their work done, people in your organization collaborate with others both inside and outside the organization. This means that content no longer stays behind a firewall—it can roam everywhere, across devices, apps, and services. And when it roams, you want it to do so in a secure, protected way that meets your organization's business and compliance policies.

通过 Microsoft 信息保护框架中的灵敏度标签,可以对组织的数据进行分类和保护,同时确保用户工作效率及其协作能力不受影响。Sensitivity labels from the Microsoft Information Protection framework let you classify and protect your organization's data, while making sure that user productivity and their ability to collaborate isn't hindered.

示例显示了 Excel 中功能区 Home 选项卡上可用的灵敏度标签。Example showing available sensitivity labels in Excel, from the Home tab on the Ribbon. 在此示例中,状态栏上将显示已应用的标签:In this example, the applied label displays on the status bar:

Excel 功能区和状态栏上的敏感度标签

若要应用敏感度标签,用户必须使用其 Microsoft 365 工作或学校帐户登录。To apply sensitivity labels, users must be signed in with their Microsoft 365 work or school account.

备注

对于美国政府(GCC、GCC-H 和 GCC-HC)租户,目前仅支持其Azure信息保护统一标签客户端和扫描仪的敏感性标签。For US Government tenants (GCC, GCC-H, and DoD), sensitivity labels are currently supported only for the Azure Information Protection unified labeling client and scanner.

更多详细信息,请参阅Azure 信息保护高级政府服务说明For more information, see Azure Information Protection Premium Government Service Description.

借助敏感度标签,你可以:You can use sensitivity labels to:

  • 强制执行保护设置,如对已标记内容设置加密或水印。 例如,用户可以向文档或电子邮件应用“机密”标签,然后此标签便能加密相应内容,并应用“机密”水印。Enforce protection settings such as encryption or watermarks on labeled content. For example, your users can apply a Confidential label to a document or email, and that label can encrypt the content and apply a Confidential watermark.

  • 跨不同平台和设备保护 Office 应用中的内容。Protect content in Office apps across different platforms and devices. 有关受支持的应用的列表,请参阅在 Office 应用中使用敏感度标签For a list of supported apps, see Use sensitivity labels in Office apps.

  • 利用 Microsoft 云应用安全性保护第三方应用和服务中的内容Protect content in third-party apps and services by using Microsoft Cloud App Security. 借助 Cloud App Security,可检测、分类、标记和保护第三方服务和应用(如 SalesForce、Box 或 Dropbox)中的内容,即使第三方应用或服务无法读取或不支持敏感度标签也不例外。With Cloud App Security, you can detect, classify, label, and protect content in third-party apps and services, such as SalesForce, Box, or DropBox, even if the third-party app or service does not read or support sensitivity labels.

  • 保护容器 ,包括 Teams、Microsoft 365 组和 SharePoint 网站。Protect containers that include Teams, Microsoft 365 Groups and SharePoint sites. 例如,设置隐私设置、外部用户访问权限和来自非托管设备的访问。For example, set privacy settings, external user access, and access from unmanaged devices.

  • 将灵敏度标签扩展到第三方应用程序和服务。Extend sensitivity labels to third-party apps and services. 借助 Microsoft 信息保护 SDK,第三方应用可读取敏感度标签和应用保护设置。Using the Microsoft Information Protection SDK, third-party apps can read sensitivity labels and apply protection settings.

  • 对内容进行分类,无需使用任何保护设置。Classify content without using any protection settings. 也可以只对内容进行分类(如不干胶标签),只要有人使用和共享内容,此分类就会随内容一起暂留和漫游。You can also simply assign a classification to content (like a sticker) that persists and roams with the content as it's used and shared. 使用此分类,可生成使用情况报告,并查看敏感内容的活动数据。You can use this classification to generate usage reports and see activity data for your sensitive content. 根据此类信息,稍后随时可以选择应用保护设置。Based on this information, you can always choose to apply protection settings later.

在所有这些情况下,Office 365 中的敏感度标签都可帮助你针对各个内容采取恰当的操作。In all these cases, sensitivity labels in Microsoft 365 can help you take the right actions on the right content. 通过敏感度标签,可对整个组织中的数据进行分类,并根据该分类强制执行保护设置。With sensitivity labels, you can classify data across your organization, and enforce protection settings based on that classification.

什么是敏感度标签What a sensitivity label is

为文档或电子邮件分配敏感度标签时,它就像是应用于以下内容的标记:When you assign a sensitivity label to a document or email, it's like a stamp that's applied to content that is:

  • 可自定义:可以为组织中不同级别的敏感内容创建类别,如“个人”、“公开”、“常规”、“机密”和“高度机密”。Customizable. You can create categories for different levels of sensitive content in your organization, such as Personal, Public, General, Confidential, and Highly Confidential.

  • 明文。Clear text. 由于该标签以明文的方式存储在内容的元数据中,因此第三方应用和服务可以读取它,然后根据需要应用其自己的保护操作。Because the label is stored in clear text in the content's metadata, third-party apps and services can read it and then apply their own protective actions, if required.

  • 永久。Persistent. 将敏感度标签应用于内容后,该标签将保留在该电子邮件或文档的元数据中。After you apply a sensitivity label to content, the label is stored in the metadata of that email or document. 这意味着标签将随内容(包括保护设置)一起漫游,并且此数据将成为应用和强制实施策略的基础。This means the label roams with the content, including the protection settings, and this data becomes the basis for applying and enforcing policies.

在 Office 应用中,敏感度标签就像是电子邮件或文档上向用户显示的标记。In Office apps, a sensitivity label appears like a tag to users on an email or document.

支持敏感度标签的每个项目都可以应用单一敏感度标签。Each item that supports sensitivity labels can have a single sensitivity label applied to it. 文档和电子邮件可同时具有敏感度标签和保留标签应用。Documents and emails can have both a sensitivity label and a retention label applied to them.

应用于电子邮件的敏感度标签Sensitivity label applied to an email

敏感度标签有何用途What sensitivity labels can do

当电子邮件或文档应用敏感度标签后,系统便会对内容强制执行相应标签的任何已配置保护设置。After a sensitivity label is applied to an email or document, any configured protection settings for that label are enforced on the content. 敏感度标签可用于:With a sensitivity label, you can:

  • 加密加密电子邮件,或者同时加密电子邮件和文档。Encrypt email only or both email and documents. 可选择哪些用户或组有权执行哪些操作多长时间。You can choose which users or group have permissions to perform which actions and for how long. 例如,可选择允许组织外特定组中的用户在标记内容后的 7 天内查看这些内容。For example, you can choose to allow users in a specific group in another organization to have permissions to review the content for only seven days after the content is labeled. 或者,可允许用户在应用标签时分配对内容的权限,而不是管理员分配权限。Alternatively, instead of administrator-defined permissions, you can allow your users to assign permissions to the content when they apply the label.

    有关创建或编辑敏感度标签时的“加密”设置的详细信息,请参阅使用敏感度标签中的加密限制对内容的访问For more information about the Encryption settings when you create or edit a sensitivity label, see Restrict access to content by using encryption in sensitivity labels.

  • 使用 Office 应用时对内容进行标记:方法是向已应用标签的电子邮件或文档添加水印、页眉或页脚。Mark the content when you use Office apps, by adding watermarks, headers, or footers to email or documents that have the label applied. 水印可应用于文档,但不能用于电子邮件。Watermarks can be applied to documents but not email. 页眉和水印示例:Example header and watermark:

    应用于文档的水印和页眉

    需要检查何时应用内容标记?Need to check when content markings are applied? 请参阅 Office 应用何时应用内容标记和加密See When Office apps apply content marking and encryption.

    字符串长度:水印的长度限制为 255 个字符。String lengths: Watermarks are limited to 255 characters. 页眉和页脚限制为 1024 个字符,但 Excel 中除外。Headers and footers are limited to 1024 characters, except in Excel. 对于页眉和页脚,Excel 总限制为 255 个字符,但此限制包括不可见的字符,例如格式代码。Excel has a total limit of 255 characters for headers and footers but this limit includes characters that aren't visible, such as formatting codes. 如果超出该限制,则你输入的字符串将不会在 Excel 中显示。If that limit is reached, the string you enter is not displayed in Excel.

  • 启用相应功能以将敏感度标签用于 Microsoft Teams、Microsoft 365 组和 SharePoint 网站时,可保护网站和组等容器中的内容Protect content in containers such as sites and groups when you enable the capability to use sensitivity labels with Microsoft Teams, Microsoft 365 groups, and SharePoint sites.

    如果启用此功能,则无法为组和网站配置保护设置。You can't configure protection settings for groups and sites until you enable this capability. 此标签配置不会导致自动标记文档或电子邮件,而是通过控制对存储内容的容器的访问来保护内容。This label configuration doesn't result in documents or emails being automatically labeled but instead, the label settings protect content by controlling access to the container where content can be stored. 这些设置包括隐私设置、外部用户访问权限和来自非托管设备的访问。These settings include privacy settings, external user access, and access from unmanaged devices.

  • 在 Office 应用中自动应用标签,或推荐标签。****Apply the label automatically in Office apps, or recommend a label. 你可以选择要应用标签的敏感信息类型;标签可以自动应用,或者你可以提示用户应用推荐的标签。You can choose what types of sensitive information that you want labeled, and the label can either be applied automatically, or you can prompt users to apply the label that you recommend. 如果你推荐了标签,则在提示中将显示你选择的任何文本。If you recommend a label, the prompt displays whatever text you choose. 例如:For example:

    提示分配所需的标签

    有关创建或编辑敏感度标签时的“Office 应用的自动标签”设置的详细信息,请参阅将敏感度标签自动应用于内容For more information about the Auto-labeling for Office apps settings when you create or edit a sensitivity label, see Apply a sensitivity label to content automatically.

标记范围Label scopes

创建灵敏度标签时,系统会要求你配置标签的范围,该范围决定了两件事:When you create a sensitivity label, you're asked to configure the label's scope which determines two things:

  • 可为该标签配置的标签设置Which label settings you can configure for that label
  • 用户将可以看到标签的位置Where the label will be visible to users

此范围配置使你可以拥有仅适用于文档和电子邮件但不能选择用于容器的敏感度标签。This scope configuration lets you have sensitivity labels that are just for documents and emails and can't be selected for containers. 同样地,仅适用于容器的敏感度标签则不能选择用于文件和电子邮件。And similarly, sensitivity labels that are just for containers and can't be selected for documents and emails. 默认情况下,两个范围都已选中:By default, both scopes are selected:

敏感度标签的范围选项

更改此默认值并仅选择一个范围时,仍会看到另一个范围的配置设置的第一页,但不能选择这些设置。When you change this default and select just one scope, you still see the first page of the configuration settings for the other scope but you can't select them. 例如,如果未选中“文件和电子邮件”的范围,则不能选择下一页上的选项:For example, if the scope for files and emails is not selected, you can't select the options on the next page:

敏感度标签的不可用选项

对于具有不可用选项的这些页面,选择 “下一步” 继续。For these pages that have unavailable options, select Next to continue. 或者,选择 “返回” 更改标签的范围。Or, select Back to change the label's scope.

标签优先级(顺序非常重要)Label priority (order matters)

在管理中心创建敏感度标签时,这些标签会显示在“标签”页的“敏感度”选项卡的列表中。When you create your sensitivity labels in your admin center, they appear in a list on the Sensitivity tab on the Labels page. 此列表中的标签顺序至关重要,因为它反映了标签的优先级。In this list, the order of the labels is important because it reflects their priority. 限制性最高的敏感度标签(如“高度机密”)需显示在此列表的底部,限制性最低的敏感度标签(如“公开”)需显示在顶部You want your most restrictive sensitivity label, such as Highly Confidential, to appear at the bottom of the list, and your least restrictive sensitivity label, such as Public, to appear at the top.

可仅将一个敏感度标签应用于文档、电子邮件或容器等项目。You can apply just one sensitivity label to an item such as a document, email, or container. 如果设置的选项需要用户提供将标签更改为较低分类的理由,理由可以是此列表的排序,因为它会标识较低分类。If you set an option that requires your users to provide a justification for changing a label to a lower classification, the order of this list identifies the lower classifications. 但是,此选项不适用于子标签。However, this option does not apply to sublabels.

子标签的排序与自动标签结合使用。The ordering of sublabels is used with automatic labeling, though. 将标签配置为自动应用或推荐时,多个匹配项可能会导致出现多个标签。When you configure labels to be applied automatically or as a recommendation, multiple matches can result for more than one label. 要确定要应用或推荐的标签,请使用标签排序:选择最不敏感的标签,如果适用,选择最后一个子标签。To determine the label to apply or recommend, the label ordering is used: The last sensitive label is selected, and then if applicable, the last sublabel.

子标签创建选项

子标签(对标签进行分组)Sublabels (grouping labels)

使用子标签,你可以将一个或多个标签分组到用户在 Office 应用程序中看到的父标签下方。With sublabels, you can group one or more labels below a parent label that a user sees in an Office app. 例如,在“机密”下,你的组织可能会为该分类的特定类型使用多个不同的标签。For example, under Confidential, your organization might use several different labels for specific types of that classification. 在此示例中,父标签“机密”仅仅是没有保护设置的文本标签,并且因为它具有子标签,所以它不能应用于内容。In this example, the parent label Confidential is simply a text label with no protection settings, and because it has sublabels, it can't be applied to content. 相反,用户必须选择“机密”才能查看子标签,然后他们可以选择要应用于内容的子标签。Instead, users must choose Confidential to view the sublabels, and then they can choose a sublabel to apply to content.

子标签只是向逻辑组中的用户显示标签的一种方式。Sublabels are simply a way to present labels to users in logical groups. 子标签不会从其父标签继承任何设置。Sublabels don't inherit any settings from their parent label. 为用户发布子标签时,该用户可以将该子标签应用于内容,但不能仅应用父标签。When you publish a sublabel for a user, that user can then apply that sublabel to content but can't apply just the parent label.

不要选择父标签作为默认标签,也不要将父标签配置为自动应用(或推荐)。Don't choose a parent label as the default label, or configure a parent label to be automatically applied (or recommended). 如果执行此操作,则不会将父标签应用于内容。If you do, the parent label won't be applied to content.

子标签如何向用户显示的示例:Example of how sublabels display for users:

功能区上的已分组子标签

编辑或删除敏感度标签Editing or deleting a sensitivity label

如果在管理中心内删除敏感度标签,标签并未从内容中删除,并且将继续对已标记内容强制执行所有保护设置。If you delete a sensitivity label from your admin center, the label is not automatically removed from content, and any protection settings continue to be enforced on content that had that label applied.

如果编辑敏感度标签,应用于内容的标签版本就是对相应内容强制执行的标签。If you edit a sensitivity label, the version of the label that was applied to content is what's enforced on that content.

标签策略有何用途What label policies can do

创建灵敏度标签后,需要进行发布,以便组织中的人员和服务可以使用它们。After you create your sensitivity labels, you need to publish them, to make them available to people and services in your organization. 可随后将灵敏度标签应用于文档和电子邮件。The sensitivity labels can then be applied to documents and emails. 与发布到诸如所有 Exchange 邮箱等位置的保留标签不同,敏感标签发布到用户或组。Unlike retention labels, which are published to locations such as all Exchange mailboxes, sensitivity labels are published to users or groups. 灵敏度标签随后将显示在适用于这些用户和组的 Office 应用中。Sensitivity labels then appear in Office apps for those users and groups.

借助标签策略,你可以:With a label policy, you can:

  • 选择可查看标签的用户和组。Choose which users and groups see the labels. 可以将标签发布到任何特定用户或启用电子邮件的安全组、通讯组或 Microsoft 365 组(它们可以在 Azure AD 中具有动态成员身份)。Labels can be published to any specific user or email-enabled security group, distribution group, or Microsoft 365 group (which can have dynamic membership) in Azure AD.

  • 对标签策略中包含的用户和组所创建的所有新文档和电子邮件应用默认标签,并对容器应用相同或不同的默认标签(如果已 启用 Microsoft Teams、Microsoft 365 组和 SharePoint 网站的敏感度标签,则)。Apply a default label to all new documents and email created by the users and groups included in the label policy, and the same or different default label to containers (if you've enabled sensitivity labels for Microsoft Teams, Microsoft 365 groups, and SharePoint sites). 如果默认标签不是用户文档或电子邮件的正确标签,则用户始终可以进行更改。Users can always change the default label if it's not the right label for their document or email.

    考虑使用默认标签来设置你想要应用于所有内容的基本级别的保护设置。Consider using a default label to set a base level of protection settings that you want applied to all your content. 但是,如果没有用户培训和其他控件,此设置也会导致标签不准确。However, without user training and other controls, this setting can also result in inaccurate labeling. 最好不要选择应用加密的标签作为文档的默认标签。It's usually not a good idea to select a label that applies encryption as a default label to documents. 例如,许多组织需要向外部用户发送并与其共享文档,这些用户可能不具有支持加密的应用,或者他们可能未使用可以获得授权的帐户。For example, many organizations need to send and share documents with external users who might not have apps that support the encryption or they might not use an account that can be authorized. 有关此方案的详细信息,请参阅与外部用户共享加密的文档For more information about this scenario, see Sharing encrypted documents with external users.

  • 要求提供更改标签的理由。Require a justification for changing a label. 如果用户尝试删除标签,或将其替换为有较低订单号的标签,则你可以要求用户提供一个理由来执行此操作。If a user tries to remove a label or replace it with a label that has a lower-order number, you can require the user provides a justification to perform this action. 例如,用户打开一个标记为“机密”(订单号 3)的文档,并将该标签替换为一个名为“公共”(订单号 1)的文档。For example, a user opens a document labeled Confidential (order number 3) and replaces that label with one named Public (order number 1). 目前,理由描述仅由 Azure 信息保护的统一标记客户端使用,后者将此信息发送到 Azure 信息保护分析Currently, the justification reason is used only by the Azure Information Protection unified labeling client, which sends this information to Azure Information Protection analytics.

    提示用户输入理由的页面

  • 要求用户应用标签,其中一个选项用于电子邮件和文档,另一个选项用于容器。Require users to apply a label with one option for email and documents, and another for containers. 也称为强制标记,这些选项确保必须先应用标签,用户才能保存文档、发送电子邮件、创建新的组或网站。Also known as mandatory labeling, these options ensure a label must be applied before users can save documents and send emails, and create new groups or sites.

    对文档和电子邮件,标签可由用户手动分配,由你配置的条件或默认分配的条件(如上所述的默认标签选项)而自动分配。For documents and emails, a label can be assigned manually by the user, automatically as a result of a condition that you configure, or be assigned by default (the default label option described above). 当用户需要分配一个标签时,Outlook 中显示的示例提示:An example prompt shown in Outlook when a user is required to assign a label:

    在 Outlook 中要求用户应用所需标签的提示

    备注

    文档和电子邮件强制标记目前需要 Azure 信息保护统一标记客户端Mandatory labeling for documents and emails currently requires the Azure Information Protection unified labeling client. 此客户端仅在 Windows 上运行,因此 Mac、iOS 和 Android 上尚不支持此功能。This client runs only on Windows, so this feature is not yet supported on Mac, iOS, and Android.

    对于容器,必须在创建组或网站时分配标签。For containers, a label must be assigned at the time the group or site is created.

    考虑使用此选项帮助增加标签的覆盖范围。Consider using this option to help increase your labeling coverage. 但是,如果没有用户培训,此设置也会导致标记不准确。However, without user training, these settings can result in inaccurate labeling. 此外,除非你还设置了相应的默认标签,否则强制标记可能会使你的用户因更频繁地收到提示而感到沮丧。In addition, unless you also set a corresponding default label, mandatory labeling can frustrate your users with the frequent prompts.

  • 为自定义帮助页面提供帮助链接。Provide help link to a custom help page. 如果用户不确定敏感度标签的含义或用法,你可以提供在 Office 应用中“敏感度标签”菜单底部显示的“了解更多” URL:If your users aren't sure what your sensitivity labels mean or how they should be used, you can provide a Learn More URL that appears at the bottom of the Sensitivity label menu in the Office apps:

    功能区上“敏感度”按钮中的“了解更多”链接

创建为用户和组分配新敏感度标签的标签策略后,用户在 30 分钟内即可在其 Office 应用中看到这些标签。After you create a label policy that assigns new sensitivity labels to users and groups, users see those labels in their Office apps within 30 minutes. 但是,最多需要 24 小时才能看到对这些标签的更改。However, allow up to 24 hours for changes to those labels.

可创建和发布的敏感度标签的数量没有限制,但有一种例外:如果标签应用了加密,则最多可创建 500 个标签。There is no limit to the number of sensitivity labels that you can create and publish, with one exception: If the label applies encryption, there is a maximum of 500 labels that you can create. 但是,最佳做法是减少管理开销并降低用户复杂程度,尽量将标签的数量保持在最低限度。However, as a best practice to lower admin overheads and reduce complexity for your users, try to keep the number of labels to a minimum. 事实证明,当用户拥有五个以上的主标签或者每个主标签拥有五个以上的子标签时,实际部署的效率就会显著降低。Real-world deployments have proved effectiveness to be noticeably reduced when users have more than five main labels or more than five sublabels per main label.

标签策略优先级(顺序非常重要)Label policy priority (order matters)

你可以通过在敏感度标签策略中发布敏感度标签来向用户提供敏感度标签,该策略显示在“标签策略”页的“敏感度策略”选项卡的列表中。You make your sensitivity labels available to users by publishing them in a sensitivity label policy that appears in a list on the Sensitivity policies tab on the Label policies page. 正如敏感度标签(参见标签优先级(顺序非常重要))一样,敏感度标签策略的顺序很重要,因为它反映了它们的优先级。Just like sensitivity labels (see Label priority (order matters)), the order of the sensitivity label policies is important because it reflects their priority. 优先级最低的标签策略显示在顶部,优先级最高的标签策略显示在底部The label policy with lowest priority is shown at the top, and the label policy with the highest priority is shown at the bottom.

标签策略包括:A label policy consists of:

  • 一组标签。A set of labels.
  • 标签策略的范围,表示策略中包含的用户和组。The scope of the label policy, meaning the users and groups included in the policy.
  • 上述标签策略的设置(默认标签、对齐方式、强制标签和帮助链接)。The settings of the label policy described above (default label, justification, mandatory label, and help link).

可以在多个标签策略中包含某个用户,该用户将看到这些策略中的所有敏感度标签。You can include a user in multiple label policies, and the user will see all the sensitivity labels from those policies. 但是,用户只能从具有最高优先级的标签策略中看到策略设置。However, a user gets the policy settings from only the label policy with the highest priority.

如果看不到你希望用于用户或组的标签或标签策略设置,并且已等待了 30 分钟,请检查灵敏度标签策略的顺序。If you're not seeing the label or label policy setting that you expect for a user or group, and you have waited 30 minutes, check the order of the sensitivity label policies. 若要重新排序标签策略,请选择某个敏感度标签策略 > 选择右侧的省略号 >“下移”或“上移”。To reorder the label policies, select a sensitivity label policy > choose the ellipsis on the right > Move down or Move up.

敏感度标签策略页上的移动选项

如果除了敏感度标签之外还使用保留标签,请务必注意优先级对敏感度标签策略至关重要,而对保留标签则不重要。If you use retention labels in addition to sensitivity labels, it's important to remember that priority matters for sensitivity label policies, but not for retention labels.

敏感度标签和 Azure 信息保护Sensitivity labels and Azure Information Protection

如果已使用 Azure 信息保护部署了标签,则在开始使用灵敏度标签之前,请参考以下各节的指导。If you have deployed labels with Azure Information Protection, use the following sections for guidance before you start to use sensitivity labels.

Azure 信息保护标签Azure Information Protection labels

备注

Azure 门户中的 Azure 信息保护标签的标签管理将于 2021 年 3 月 31 日弃用。Label management for Azure Information Protection labels in the Azure portal is being deprecated March 31, 2021. 有关详细信息,请参阅官方弃用通知Learn more from the official deprecation notice.

如果由于租户尚未使用统一标签平台而使用 Azure 信息保护标签,则建议你避免创建敏感度标签,直到激活统一标签。If you are using Azure Information Protection labels because your tenant isn't yet on the unified labeling platform, we recommend that you avoid creating sensitivity labels until you activate unified labeling. 在此方案中,Azure 门户中看到的标签是 Azure 信息保护标签,而不是敏感度标签。In this scenario, the labels you see in the Azure portal are Azure Information Protection labels rather than sensitivity labels. 这些标签可由 Windows 计算机上的 Azure 信息保护客户端(经典)使用,但无法由运行 macOS、iOS 或 Android 的设备使用。These labels can be used by the Azure Information Protection client (classic) on Windows computers, but can't be used by devices running macOS, iOS, or Android. 若要解决此问题,请 将这些标签迁移 到灵敏度标签。To resolve this, migrate these labels to sensitivity labels.

两组标签应用的元数据是兼容的,因此在迁移完成后,无需重新标记文档和电子邮件。The metadata applied by both sets of labels are compatible, so you don't need to relabel documents and emails when the migration is complete.

Azure 信息保护客户端Azure Information Protection clients

在 Windows 计算机上使用 Microsoft 365 企业应用版应用中的敏感度标签时,可选择使用 Azure 信息保护客户端,或使用 Office 内置的标记。When you use sensitivity labels in Microsoft 365 Apps for enterprise apps on Windows computers, you have a choice of using an Azure Information Protection client, or use labeling that's built into Office.

默认情况下,安装 Azure 信息保护客户端时,将关闭这些应用中的内置标记功能。By default, built-in labeling is turned off in these apps when the Azure Information Protection client is installed. 有关详细信息(包括如何更改此默认行为),请参阅 Office 内置标签客户端和 Azure 信息保护客户端For more information, including how to change this default behavior, see Office built-in labeling client and the Azure Information Protection client.

即使在 Office 应用中使用内置标签时,也可以将 Azure 信息保护统一标签客户端与灵敏度标签配合使用以实现以下目的:Even when you use built-in labeling in Office apps, you can also use the Azure Information Protection unified labeling client with sensitivity labels for the following:

  • 扫描仪发现本地存储的敏感信息,然后(可选)为该内容添加标签A scanner to discover sensitive information that's stored on-premises, and then optionally, label that content

  • 文件资源管理器中的右键单击选项让用户可将标签应用于所有文件类型Right-click options in File Explorer for users to apply labels to all file types

  • 查看器显示文本、图像或 PDF 文档的加密文件A viewer to display encrypted files for text, images, or PDF documents

  • PowerShell 模块发现本地文件中的敏感信息,然后应用或删除这些文件中的标签和加密A PowerShell module to discover sensitive information in files on premises, and apply or remove labels and encryption from these files.

如果你不熟悉 Azure 信息保护,或者你是刚迁移标签的现有 Azure 信息保护客户,请参阅 Azure 信息保护文档中的选择用于 Windows 计算机的标签客户端If you are new to Azure Information Protection, or if you are an existing Azure Information Protection customer that has just migrated your labels, see Choose which labeling client to use for Windows computers from the Azure Information Protection documentation.

灵敏度标签和 Microsoft 云应用安全性Sensitivity labels and Microsoft Cloud App Security

使用云应用安全性 (CAS) 可以发现、分类、标记和保护第三方服务和应用(例如 SalesForce、Box 或 Dropbox)中的内容。By using Cloud App Security (CAS), you can discover, classify, label, and protect content in third-party services and apps, such as SalesForce, Box, or Dropbox.

“云应用安全性”适用于 Azure 信息保护标签和灵敏度标签:Cloud App Security works with both Azure Information Protection labels and sensitivity labels:

  • 如果标签管理中心将一个或多个敏感标签发布到至少一个用户:将使用敏感度标签。If the labeling admin centers have one or more sensitivity labels published to at least one user: Sensitivity labels are used.

  • 如果标签管理中心未发布敏感度标签:将使用 Azure 信息保护标签。If the labeling admin centers don't have sensitivity labels published: Azure Information Protection labels are used.

有关将 Cloud App Security 与这些标签一起使用的说明,请参阅 Azure 信息保护集成For instructions to use Cloud App Security with these labels, see Azure Information Protection integration.

敏感度标签和 Microsoft 信息保护 SDKSensitivity labels and the Microsoft Information Protection SDK

由于灵敏度标签在文档的元数据中存储为明文,因此第三方应用和服务可以读取和写入此标签元数据,为标签部署提供补充。Because a sensitivity label is stored as clear text in the metadata of a document, third-party apps and services can read from and write to this labeling metadata to supplement your labeling deployment. 此外,软件开发人员可以使用 Microsoft 信息保护 SDK 在多个平台之间全面支持标签和加密功能。Additionally, software developers can use the Microsoft Information Protection SDK to fully support labeling and encryption capabilities across multiple platforms. 若要了解详细信息,请参阅技术社区博客上的“正式发布”公告To learn more, see the General Availability announcement on the Tech Community blog.

你还可以了解与 Microsoft 信息保护集成的合作伙伴解决方案You can also learn about partner solutions that are integrated with Microsoft Information Protection.

部署指南Deployment guidance

有关支持的方案和最终用户文档的部署规划和指南(包括许可信息、权限、部署策略和资源列表),请参阅灵敏度标签入门For deployment planning and guidance that includes licensing information, permissions, deployment strategy, and a list of resources for supported scenarios and end user documentation, see Get started with sensitivity labels.