Azure 信息保护中的保护功能正在向现有租户推出Protection features in Azure Information Protection rolling out to existing tenants

重要

改进的 Microsoft 365 安全中心现在可用。The improved Microsoft 365 security center is now available. 此新体验将 Defender for Endpoint、Defender for Office、365 Microsoft 365 Defender 等引入了 Microsoft 365 安全中心。This new experience brings Defender for Endpoint, Defender for Office 365, Microsoft 365 Defender, and more into the Microsoft 365 security center. 了解新增功能Learn what's new.

适用对象Applies to

为了帮助保护你的信息的初始步骤,从 2018 年 7 月开始,所有符合条件的 Azure 信息保护租户都将默认启用 Azure 信息保护中的保护功能。To help with the initial step in protecting your information, starting July 2018 all Azure Information Protection eligible tenants will have the protection features in Azure Information Protection turned on by default. Azure 信息保护中的保护功能在 Office 365 中以前称为权限管理或 Azure RMS。The protection features in Azure Information Protection were formerly known in Office 365 as Rights Management or Azure RMS. 如果你的组织拥有 Office E3 服务计划或更高服务计划,那么现在,当我们推出这些功能时,你将开始通过 Azure 信息保护来保护信息。If your organization has an Office E3 service plan or a higher service plan you will now get a head start protecting information through Azure Information Protection when we roll out these features.

从 2018 年 7 月 1 日开始的更改Changes beginning July 1, 2018

从 2018 年 7 月 1 日开始,Microsoft 将为具有以下订阅计划之一的所有组织启用 Azure 信息保护中的保护功能:Starting July 1, 2018, Microsoft will enable the protection capability in Azure Information Protection for all organizations with one of the following subscription plans:

  • Office 365 邮件加密作为 Office 365 E3 和 E5、Microsoft E3 和 E5、Office 365 A1、A3 和 A5 以及 Office 365 G3 和 G5 的一部分提供。Office 365 Message Encryption is offered as part of Office 365 E3 and E5, Microsoft E3 and E5, Office 365 A1, A3, and A5, and Office 365 G3 and G5. 无需其他许可证,就无需其他许可证,即可以接收由 Azure 信息保护支持的新保护功能。You do not need additional licenses to receive the new protection capabilities powered by Azure Information Protection.

  • 还可以将 Azure 信息保护计划 1 添加到以下计划,以接收新的 Office 365 邮件加密功能:Exchange Online 计划 1、Exchange Online 计划 2、Office 365 F1、Microsoft 365 商业基础版、Microsoft 365 商业标准版或 Office 365 企业版 E1。You can also add Azure Information Protection Plan 1 to the following plans to receive the new Office 365 Message Encryption capabilities: Exchange Online Plan 1, Exchange Online Plan 2, Office 365 F1, Microsoft 365 Business Basic, Microsoft 365 Business Standard, or Office 365 Enterprise E1.

  • 从 Office 365 邮件加密受益的每个用户都需要获得许可,以涵盖此功能。Each user benefiting from Office 365 Message Encryption needs to be licensed to be covered by the feature.

  • 有关完整列表,请参阅 Office 365 邮件加密的 Exchange Online 服务说明。For the full list, see the Exchange Online service descriptions for Office 365 Message Encryption.

租户管理员可以在 Office 365 管理员门户中检查保护状态。Tenant administrators can check the protection status in the Office 365 administrator portal.

显示 Office 365 中权限管理已激活的屏幕截图。

我们为什么要进行此更改?Why are we making this change?

Office 365 邮件加密利用 Azure 信息保护中的保护功能。Office 365 Message Encryption leverages the protection capabilities in Azure Information Protection. 最近对 Office 365 邮件加密的改进以及我们对 Microsoft 365 信息保护的更广泛投资的核心是,我们使组织能够更轻松地启用和使用我们的保护功能,就像以往一样,加密技术一直难以设置。At the heart of the recent improvements to Office 365 Message Encryption and our broader investments to information protection in Microsoft 365, we are making it easier for organizations to turn on and use our protection capabilities, as historically, encryption technologies have been difficult to set up. 默认情况下,通过打开 Azure 信息保护中的保护功能,可以快速开始保护敏感数据。By turning on the protection features in Azure Information Protection by default, you can quickly get started to protect your sensitive data.

这是否会影响我?Does this impact me?

如果组织已购买符合条件的 Office 365 许可证,则你的租户将受此更改的影响。If your organization has purchased an eligible Office 365 license, then your tenant will be impacted by this change.

重要

如果你在本地环境中使用 Active Directory Rights Management Services (AD RMS) ,则必须选择立即退出此更改,或迁移到 Azure 信息保护,然后才能我们在这 30 天内推出此更改。If you're using Active Directory Rights Management Services (AD RMS) in your on-premises environment, you must either opt-out of this change immediately or migrate to Azure Information Protection before we roll out this change within the next 30 days. 若要了解如何选择退出,请参阅"我使用 AD RMS,如何选择退出?"For information on how to opt-out, see "I use AD RMS, how do I opt out?" ”中所述的过程安装本地化文件。later in this article. 如果你想要迁移,请参阅从 AD RMS 迁移到 Azure 信息保护If you prefer to migrate, see Migrating from AD RMS to Azure Information Protection..

能否将 Azure 信息保护与 Active Directory Rights Management Services (AD RMS) ?Can I use Azure Information Protection with Active Directory Rights Management Services (AD RMS)?

不正确。No. 这不是受支持的部署方案。This is not a supported deployment scenario. 如果不执行其他选择退出步骤,某些计算机可能会自动开始使用 Azure 权限管理服务,还可以连接到 AD RMS 群集。Without taking the additional opt-out steps, some computers might automatically start using the Azure Rights Management service and also connect to your AD RMS cluster. 此方案不受支持,且结果不可靠,因此,在推出这些新功能之前,必须选择在接下来 30 天内退出此更改。This scenario isn't supported and has unreliable results, so it's important that you opt out of this change within the next 30 days before we roll out these new features. 若要了解如何选择退出,请参阅"我使用 AD RMS,如何选择退出?"For information on how to opt-out, see "I use AD RMS, how do I opt out?" ”中所述的过程安装本地化文件。later in this article. 如果你想要迁移,请参阅 从 AD RMS 迁移到 Azure 信息保护。If you prefer to migrate, see Migrating from AD RMS to Azure Information Protection.

我如何知道我是否正在使用 AD RMS?How do I know if I'm using AD RMS?

在还具有 AD RMS Active Directory Rights Management Services (准备 Azure 权限管理) 检查是否部署了 AD RMS,请按照准备 Azure 权限管理中的以下说明操作:Use these instructions from Preparing the environment for Azure Rights Management when you also have Active Directory Rights Management Services (AD RMS) to check if you have deployed AD RMS:

  1. 尽管是可选的,但大多数 AD RMS 部署将服务连接点 (SCP) 发布到 Active Directory,以便域计算机可以发现 AD RMS 群集。Although optional, most AD RMS deployments publish the service connection point (SCP) to Active Directory so that domain computers can discover the AD RMS cluster.

    使用 ADSI Edit 查看是否在 Active Directory 中发布了 SCP:CN=Configuration [server name]、CN=Services、CN=RightsManagementServices、CN=SCPUse ADSI Edit to see whether you have an SCP published in Active Directory: CN=Configuration [server name], CN=Services, CN=RightsManagementServices, CN=SCP

  2. 如果未使用 SCP,则必须使用 Windows 注册表为连接到 AD RMS 群集的 Windows 计算机配置客户端服务发现或许可重定向 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSIPC\ServiceLocation or HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\MSIPC\ServiceLocation :。If you are not using an SCP, Windows computers that connect to an AD RMS cluster must be configured for client-side service discovery or licensing redirection by using the Windows registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSIPC\ServiceLocation or HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\MSIPC\ServiceLocation.

有关这些注册表配置详细信息,请参阅使用 Windows 注册表启用客户端服务发现和 重定向许可服务器流量For more information about these registry configurations, see Enabling client-side service discovery by using the Windows registry and Redirecting licensing server traffic.

我使用 AD RMS,如何选择退出?I use AD RMS, how do I opt out?

若要选择退出即将进行的更改,请完成以下步骤:To opt out of the upcoming change, complete these steps:

  1. 使用在组织中具有全局管理员权限的工作或学校帐户,启动Windows PowerShell会话并连接到 Exchange Online。Using a work or school account that has global administrator permissions in your organization, start a Windows PowerShell session and connect to Exchange Online. 有关说明,请参阅连接 PowerShell Exchange OnlineFor instructions, see Connect to Exchange Online PowerShell.

  2. 运行Set-IRMConfiguration cmdlet:Run the Set-IRMConfiguration cmdlet using the following syntax:

Set-IRMConfiguration -AutomaticServiceUpdateEnabled $false

进行此更改后,我可以期望什么?What can I expect after this change has been made?

启用此功能后,如果你尚未选择退出,你可以开始使用新版本的 Office 365 邮件加密(在 Microsoft Ignite 2017 上宣布)并利用 Azure 信息保护的加密和保护功能。Once this is enabled, provided you haven't opted out, you can start using the new version of Office 365 Message Encryption which was announced at Microsoft Ignite 2017 and leverages the encryption and protection capabilities of Azure Information Protection.

Screenshot that shows an OME protected message in Outlook on the web.

有关新增强功能的信息,请参阅 Office 365 邮件加密For more information about the new enhancements, see Office 365 Message Encryption.