步骤 3:为混合工作者部署安全性和合规性Step 3: Deploy security and compliance for hybrid workers

对于混合式工作者,他们中一些从未离开办公室或不常去,安全性和合规性是整个解决方案的重要组成部分。For hybrid workers, some of whom never go into the office or who go infrequently, security and compliance are an important part of the overall solution. 他们的所有通信都通过 Internet 进行,而不是局限于组织 Intranet。All of their communications occur over the Internet instead of being confined to an organizational intranet.

你和你的员工可以做一些事情来保持工作效率,同时降低网络安全风险并保持遵守内部策略和数据法规。There are things you and your workers can do to remain productive while decreasing cybersecurity risk and maintaining compliance with your internal policies and data regulations.

远程工作需要以下安全性和合规性元素:Remote work needs these elements of security and compliance:

  • 控制对混合工作者使用的生产力应用(如 Microsoft Teams)的访问Controlled access to the productivity apps that hybrid workers use, such as Microsoft Teams
  • 对远程工作者创建和使用的数据的受控访问和保护,例如聊天对话或共享文件Controlled access to and protection of the data that hybrid workers create and use, such as chat conversations or shared files
  • 保护 Windows 10 设备免受恶意软件和其他类型的网络攻击Protection of Windows 10 devices from malware and other types of cyberattacks
  • 使用一致的敏感度和保护级别标签保护电子邮件、文件和站点Protection of email, files, and site with consistent labeling for levels of sensitivity and protection
  • 防止信息泄漏Prevention of leaked information
  • 遵守区域数据法规Adherence to regional data regulations

下面是为混合工作者提供安全和合规性服务的 Microsoft 365 功能。Here are the features of Microsoft 365 that provide security and compliance services for hybrid workers.

使用这些 Microsoft 365 服务保持安全和合规

安全性Security

使用 Microsoft 365 的这些安全功能来保护应用程序和数据。Protect your applications and data with these security features of Microsoft 365.

功能或特性Capability or feature 为什么需要它Why I need it 许可Licensing
Microsoft Defender for Office 365Microsoft Defender for Office 365 保护你的 Microsoft 365 应用和数据(例如电子邮件、Office 文档和协作工具)免受攻击。Protect your Microsoft 365 apps and data—such as email messages, Office documents, and collaboration tools—from attack.

Microsoft Defender for Office 365 会收集并分析应用中信号,用于检测、调查和修正安全风险,并保护组织免受电子邮件、链接 (URL) 和协作工具造成恶意威胁。它还提供针对标准和严格安全性等同的租户配置评估和配置工具。Microsoft Defender for Office 365 collects and analyzes signals from your apps for detection, investigation, and remediation of security risks and safeguards your organization against malicious threats posed by email messages, links (URLs), and collaboration tools. It also provides automated tenant configuration assessment and configuration tooling for standard and strict security postures.
Microsoft 365 E3 或 E5Microsoft 365 E3 or E5
恶意软件防护Malware protection ‎Microsoft Defender 防病毒和 Device Guard 提供基于设备的恶意软件防护。‎Microsoft Defender Antivirus and Device Guard provides device-based malware protection.

SharePoint‎ Online 会自动扫描上传文件中已知的恶意软件。SharePoint‎ Online automatically scans file uploads for known malware. ‎

Exchange Online Protection‎ (‎EOP‎) 可保护云邮箱。Exchange Online Protection‎ (‎EOP‎) secures cloud mailboxes.
Microsoft 365 E3 或 E5Microsoft 365 E3 or E5
Microsoft Defender for EndpointMicrosoft Defender for Endpoint 保护你的组织的设备免受网络威胁和数据泄露,并检测、调查和响应高级威胁。Protect your organization’s devices from cyber threats and data breaches and detect, investigate, and respond to advanced threats. Microsoft 365 E5Microsoft 365 E5
云应用安全Cloud App Security 保防您的基于云的服务(Microsoft 365 和其他 SaaS 应用)受到攻击。Protect your cloud-based services—both Microsoft 365 and other SaaS apps—from attack. Microsoft 365 E5 或单独的云应用安全许可证Microsoft 365 E5 or individual Cloud App Security licenses
Azure AD 标识保护Azure AD Identity Protection 自动检测和修复基于标识的风险。Automate detection and remediation of identity-based risks.

创建基于风险的条件访问策略,以对有风险的登录要求多重身份验证 (MFA)。Create risk-based Conditional Access policies to require multi-factor authentication (MFA) for risky sign-ins.
Microsoft 365 E5 或 E3(含 Azure AD Premium P2 许可)Microsoft 365 E5 or E3 with Azure AD Premium P2 licenses

第一步是了解和使用 Microsoft Secure ScoreYou first step should be to learn about and use Microsoft Secure Score .

有关详细信息,请参阅安全团队为支持在家办公需完成的 12 大任务See Top 12 tasks for security teams to support working from home for more information.

有关 Microsoft 365 安全性的信息,请参阅 Microsoft 365 安全文档For information about security across Microsoft 365, see Microsoft 365 security documentation.

合规性Compliance

使用 Microsoft 365 的这些合规性功能来遵守内部政策或法规要求。Comply with internal policies or regulatory requirements with these compliance features of Microsoft 365.

功能或特性Capability or feature 为什么需要它Why I need it 许可Licensing
敏感度标签Sensitivity labels 通过在电子邮件、文件或站点上放置具有不同保护级别的标签,可以在不影响用户工作效率和协作能力的情况下对组织的数据进行分类和保护。Classify and protect your organization's data without hindering the productivity of users and their ability to collaborate by placing labels with various levels of protection on email, files, or sites. Microsoft 365 E3 或 E5Microsoft 365 E3 or E5
数据丢失防护 (DLP)Data Loss Protection (DLP) 在内部和外部检测、警告和阻止有风险的、无意或不适当的共享,例如包含个人信息的数据共享。Detect, warn, and block risky, inadvertent, or inappropriate sharing, such as sharing of data containing personal information, both internally and externally. Microsoft 365 E3 或 E5Microsoft 365 E3 or E5
条件访问应用控制Conditional Access App Control 防止敏感数据下载到用户的个人设备。Prevent sensitive data from being downloaded to users' personal devices. Microsoft 365 E3 或 E5Microsoft 365 E3 or E5
数据保留标签和策略Data retention labels and policies 实施信息治理控制,例如将数据保留多长时间以及对客户个人数据存储的要求,以符合组织的政策或数据法规。Implement information governance controls, such as how long to keep data and requirements on the storage of personal data on customers, to comply with your organization's policies or data regulations. Microsoft 365 E3 或 E5Microsoft 365 E3 or E5
Office 邮件加密 (OME)Office message encryption (OME) 在组织内部和外部的人员之间发送和接收加密的电子邮件,其中包含受监管的数据,例如客户的个人数据。Send and receive encrypted email messages between people inside and outside your organization that contains regulated data, such as personal data on customers. Microsoft 365 E3 或 E5Microsoft 365 E3 or E5
合规性管理器Compliance Manager 使用 Microsoft 服务信任门户中基于工作流的风险评估工具来管理与 Microsoft 云服务相关的法规合规性活动。Manage regulatory compliance activities related to Microsoft cloud services with this workflow-based risk assessment tool in the Microsoft Service Trust Portal. Microsoft 365 E3 或 E5Microsoft 365 E3 or E5
合规性管理器Compliance Manager 在 Microsoft 365 合规中心中查看当前合规配置和改进建议的总体分数。See an overall score of your current compliance configuration and recommendations for improving it in the Microsoft 365 compliance center. Microsoft 365 E3 或 E5Microsoft 365 E3 or E5
通信合规性Communication Compliance 对组织中的不当邮件进行检测、捕获和执行修正操作。Detect, capture, and take remediation actions for inappropriate messages in your organization. 具有合规性或内部风险管理加载项的 Microsoft 365 E5 或 Microsoft 365 E3Microsoft 365 E5 or Microsoft 365 E3 with the Compliance or Insider Risk Management add-ons
内部风险管理Insider Risk Management 对组织中的恶意和意外风险进行检测、调查并采取相关措施。Detect, investigate, and act on malicious and inadvertent risks in your organization. 即使员工使用的是非托管设备,Microsoft 365 也可检测到这些类型的风险。Microsoft 365 can detect these kinds of risks even when a worker is using an unmanaged device. 具有合规性或内部风险管理加载项的 Microsoft 365 E5 或 Microsoft 365 E3Microsoft 365 E5 or Microsoft 365 E3 with the Compliance or Insider Risk Management add-ons

有关详细信息,请参阅 Microsoft 365 合规中心入门快速任务See Quick tasks for getting started with Microsoft 365 compliance for more information.

步骤 3 的结果Results of Step 3

对于混合工作者,已实现:For your hybrid workers, you have implemented:

  • 安全性Security
    • 控制对混合工作者用于通信和协作的应用和数据的访问Controlled access to apps and data that hybrid workers use to communicate and collaborate
    • 针对云服务数据、电子邮件和 Windows 10 设备的恶意软件保护Malware protection for cloud service data, email, and Windows 10 devices
  • 合规性Compliance
    • 一致的敏感度和保护级别标签Consistent labeling for levels of sensitivity and protection
    • 防止信息泄露的策略Policies to prevention information leakage
    • 遵守区域数据法规Adherence to regional data regulations

后续步骤Next step

步骤 4:管理设备、电脑和其他终结点Step 4: Manage your devices, PCs, and other endpoints

继续执行步骤 4,以管理你的设备、电脑和其他终结点。Continue with Step 4 to manage your devices, PCs, and other endpoints.