邮件策略和合规性Message policy and compliance

存档基于 Exchange Online 的邮箱Archiving Exchange Online-based mailboxes

Exchange Online 邮箱位于云中,对其进行存档需要独特的托管环境。在有些情况下,也可使用 Exchange Online 来将内部部署的邮箱存档到云中。本节介绍使用 Exchange Online 进行存档的各种选择。Exchange Online mailboxes reside in the cloud, and archiving them requires unique hosting environments. In some cases, Exchange Online can also be used to archive on-premises mailboxes in the cloud. The options for archiving with Exchange Online are described in this section.

Exchange Online 为基于云的邮箱提供了内置存档功能,包括可为用户提供存储较旧电子邮件的便利位置的就地存档。Exchange Online provides built-in archiving capabilities for cloud-based mailboxes, including an In-Place Archive that gives users a convenient place to store older email messages. 就地存档是一种特殊类型的邮箱,它显示在 Outlook 和 web 上的 outlook 中的用户主邮箱文件夹旁。An In-Place Archive is a special type of mailbox that appears alongside a user's primary mailbox folders in Outlook and Outlook on the web. 用户可以按他们访问和搜索其主邮箱的相同方式访问和搜索此存档。Users can access and search the archive in the same way they access and search their primary mailboxes. 可用功能取决于所使用的客户端:Available functionality depends on the client in use:

  • Outlook 2016、outlook 2013、outlook 2010 和 web 上的 outlook用户可以访问存档的所有功能以及相关的合规性功能,如控制保留和存档策略。Outlook 2016, Outlook 2013, Outlook 2010, and Outlook on the web Users have access to the full features of the archive, as well as related compliance features like control over retention and archive policies.

  • Outlook 2007 用户具有就地存档的基本支持,但不是所有的存档和合规性功能都可用。例如,用户无法将保留或存档策略应用到邮箱中的邮件,而是必须依赖管理员设置的策略。Outlook 2007 Users have basic support for the In-Place Archive, but not all archiving and compliance features are available. For example, users cannot apply retention or archive policies to mailbox items and must rely on administrator-provisioned policies instead.

管理员使用 Exchange 管理中心或远程 Windows PowerShell 为特定用户启用个人存档功能。Administrators use the Exchange admin center or remote Windows PowerShell to enable the personal archive feature for specific users.

有关详细信息,请参阅:For more information, see:

存档大小Archive sizes

每个个人存档中只能存储一个用户的邮件数据。Only one user's messaging data can be stored in each personal archive. 存储空间分配取决于订阅计划。The allocation of storage depends on the subscription plan. 有关存档邮箱大小的详细信息,请参阅Exchange Online 限制中的 "邮箱存储限制" 部分。For more information about archive mailbox sizes, see the "Mailbox storage limits" section in Exchange Online limits.


  • 不允许使用日记、传输规则或自动转发规则将邮件复制到 Exchange Online 邮箱中来进行存档。Using journaling, transport rules, or auto-forwarding rules to copy messages to an Exchange Online mailbox for the purposes of archiving is not permitted. 如果邮箱存档未在个人方案中使用或在其他不适当的情况下使用,Microsoft 保留在不使用邮箱存档的情况下拒绝无限存档的权利。Microsoft reserves the right to deny unlimited archiving in instances where a mailbox archive is not being used in a personal scenario or in other cases of inappropriate use.
  • 就地存档对 Outlook 用户有特定的许可要求。Outlook 2007 用户必须具有 2011 年 2 月的 Office 2007 累积更新才能访问个人存档。In-Place Archive has specific licensing requirements for Outlook users. Outlook 2007 users must have the Office 2007 Cumulative Update for February 2011 to access the personal archive.
  • Exchange Online 不支持 Exchange Server 2010 Service Pack 1 或更高版本的_New-mailboximportrequest_ Windows PowerShell cmdlet,以供管理员驱动的将 .pst 文件导入个人存档。Exchange Online does not support the New-MailboxImportRequest Windows PowerShell cmdlet of Exchange Server 2010 Service Pack 1 or later for administrator-driven import of .pst files into a personal archive. 如果用户在 Exchange Online 中具有主邮箱和此存档,则管理员可以使用 PST Capture 这款免费工具来将 .pst 文件数据导入到用户的主邮箱或存档中。If a user has both the primary mailbox and the archive in Exchange Online, an administrator can use PST Capture, a free tool, to import .pst file data to the user's primary mailbox or archive.

内部部署邮箱的基于云的存档Cloud-based archiving of on-premises mailboxes

通过 Microsoft Exchange Online Archiving(Microsoft 提供的托管存档解决方案),可以对内部部署 Exchange Server 2010 或更高版本的基于云的存档使用 Exchange Online。这要求内部部署组织处于混合模式下,或已针对 Exchange Online Archiving 进行了相关设置。Using Exchange Online for cloud-based archiving of on-premises Exchange Server 2010 or later mailboxes is possible with Microsoft Exchange Online Archiving, a hosted archiving solution from Microsoft. This requires that the on-premises organization be in Hybrid mode or be set up for Exchange Online Archiving.


在 Exchange 2010 邮箱服务器上具有内部部署邮箱且应用了“托管文件夹”策略的用户无法启用内部部署或基于云的就地存档。Users with an on-premises mailbox on an Exchange 2010 Mailbox server who have a Managed Folder policy applied cannot have an on-premises or cloud-based In-Place Archive enabled.

保留标记和保留策略Retention tags and retention policies

Exchange Online 提供了保留策略,可帮助组织减少与电子邮件和其他通信关联的义务。Exchange Online offers retention policies to help organizations reduce the liabilities associated with email and other communications. 通过这些策略,管理员可以将保留策略应用于用户收件箱中的特定文件夹。With these policies, administrators can apply retention settings to specific folders in users' inboxes. 管理员还可以向用户提供保留策略的菜单,并允许他们使用 Outlook 2010 或更高版本或 web 上的 Outlook 将策略应用于特定项目、对话或文件夹。Administrators can also give users a menu of retention policies and let them apply the policies to specific items, conversations, or folders using Outlook 2010 or later or Outlook on the web.

在 Exchange Online 中,管理员通过使用 Exchange 管理中心 (EAC) 或远程 Windows PowerShell 管理保留策略。In Exchange Online, administrators manage retention policies by using the Exchange admin center (EAC) or remote Windows PowerShell.

Exchange Online 提供了两种类型的策略:存档策略和删除策略。可以在相同的项目或文件夹中结合使用这两种类型。例如,用户可以将某个电子邮件标记为在特定天数之后自动移动到就地存档,并在若干天后自动删除。Exchange Online offers two types of policies: archive policies and delete policies. Both types can be combined on the same item or folder. For example, a user can tag an email message to be automatically moved to the In-Place Archive in a specified number of days and deleted after another span of days.

使用 Outlook 2010 或更高版本和 web 上的 Outlook,用户可以将保留策略应用于文件夹、对话或单个邮件。With Outlook 2010 or later and Outlook on the web, users can apply retention policies to folders, conversations, or individual messages. 他们也可以查看对邮件应用的保留策略和预期的删除日期。They can also view the applied retention policies and expected deletion dates on messages. 其他电子邮件客户端的用户只能根据管理员设置的服务器端保留策略删除或存档电子邮件。Users of other email clients can only have email messages deleted or archived based on server-side retention policies set by the administrator.

Exchange Online 中提供的保留策略功能与 Exchange Server 2010 Service Pack 2 RU4 中的提供的保留策略功能相同。管理员可以使用远程 Windows PowerShell 来将保留策略从内部部署 Exchange Server 2010 或更高版本环境迁移到 Exchange Online。The retention policy capabilities offered in Exchange Online are the same as those offered in Exchange Server 2010 Service Pack 2 RU4. Administrators can use remote Windows PowerShell to migrate retention policies from on-premises Exchange Server 2010 or later environments to Exchange Online.


托管文件夹在 Exchange Online 中不可用,托管文件夹是在 Exchange Server 2007 中引入的一种比较旧的邮件记录管理方法。Managed Folders, an older approach to messaging records management that was introduced in Exchange Server 2007, are not available in Exchange Online.

有关详细信息,请参阅保留标记和保留策略For more information, see Retention Tags and Retention Policies.

静态数据的加密Encryption of data at rest

静态客户数据的加密由多个服务端技术提供,其中包括 BitLocker、DKM、Azure 存储服务加密和 Exchange Online 中的服务加密、Skype for business、OneDrive for business 和 SharePoint Online。Encryption of customer data at rest is provided by multiple service-side technologies, including BitLocker, DKM, Azure Storage Service Encryption, and service encryption in Exchange Online, Skype for Business, OneDrive for Business, and SharePoint Online. Office 365 服务加密包含一个选项,可使用存储在 Azure Key Vault 中的客户托管的加密密钥。Office 365 Service Encryption include an option to use customer-managed encryption keys that are stored in Azure Key Vault. 此客户管理的密钥选项称为 "客户密钥",适用于 Exchange Online、SharePoint Online 和 OneDrive for business。This customer-managed key option, called Customer Key, is available for Exchange Online, SharePoint Online, and OneDrive for Business.


Microsoft 服务器使用 BitLocker 在卷级加密包含客户数据的磁盘驱动器。Microsoft servers use BitLocker to encrypt the disk drives containing customer data at rest at the volume-level. BitLocker 加密是 Windows 中内置的数据保护功能。BitLocker encryption is a data protection feature that is built into Windows. BitLocker 是一种用于预防威胁的技术,以防发生其他进程或控件(例如,对硬件的访问控制或回收)发生时出现的情况,从而导致某人能够物理访问包含客户数据的磁盘。BitLocker is one of the technologies used to safeguard against threats in case there are lapses in other processes or controls (e.g., access control or recycling of hardware) that could lead to someone gaining physical access to disks containing customer data. 在这种情况下,BitLocker 可消除因丢失、被盗或取消授权不当的计算机和磁盘而导致数据失窃或泄露的可能性。In this case, BitLocker eliminates the potential for data theft or exposure because of lost, stolen, or inappropriately decommissioned computers and disks.

分布式密钥管理器Distributed Key Manager

除了 BitLocker 之外,我们还使用一种称为 "分布式密钥管理器" (DKM)的技术。In addition to BitLocker, we use a technology called Distributed Key Manager (DKM). DKM 是一种客户端功能,它使用一组密钥对信息进行加密和解密。DKM is a client-side functionality that uses a set of secret keys to encrypt and decrypt information. 只有 Active Directory 域服务中特定安全组的成员才能访问这些密钥以解密由 DKM 加密的数据。Only members of a specific security group in Active Directory Domain Services can access those keys to decrypt the data that is encrypted by DKM. 在 Exchange Online 中,仅在运行 Exchange 进程的特定服务帐户是该安全组的一部分。In Exchange Online, only certain service accounts under which the Exchange processes run are part of that security group. 作为数据中心中的标准操作过程的一部分,将不会向任何人提供属于此安全组的凭据,因此没有人能够访问可以解密这些机密的密钥。As part of standard operating procedure in the datacenter, no human is given credentials that are part of this security group and therefore no human has access to the keys that can decrypt these secrets.

客户密钥Customer Key

使用 "客户密钥",可以控制组织的加密密钥,然后将其配置为在 Microsoft 数据中心中对静态数据进行加密。With Customer Key, you control your organization's encryption keys and then configure them to encrypt your data at rest in Microsoft's datacenters. 静态数据包含来自 Exchange Online 和 Skype for Business 的数据,这些数据存储在存储在 SharePoint Online 和 OneDrive for business 中的邮箱和文件中。Data at rest includes data from Exchange Online and Skype for Business that is stored in mailboxes and files that are stored in SharePoint Online and OneDrive for Business. 有关详细信息,请参阅使用客户密钥控制您的数据服务加密和客户关键 FAQFor more information, see Controlling your data in using Customer Key and Service Encryption with Customer Key FAQ.

Office 365 邮件加密Office 365 Message Encryption

Office 365 邮件加密允许电子邮件用户将加密的电子邮件发送给任何人。Office 365 Message Encryption allows email users to send encrypted email messages to anyone. 我们宣布了 Office 邮件加密中的新功能,这些功能利用了 Azure 信息加密中的保护功能。We announced new capabilities in Office Message Encryption that leverage the protection features in Azure Information Encryption. 这些新功能提供了增强的最终用户体验,使您可以更轻松地与组织内部或外部的任何人共享和协作处理受保护的邮件。These new capabilities provided enhanced end user experiences that make it easier to share and collaborate on protected messages with anyone inside or outside the organization. 新的 Office 邮件加密功能具有一些设置要求。The new Office Message Encryption capabilities have some setup requirements. 请参阅设置基于 Azure 信息保护基础构建的新 Office 365 邮件加密功能。See Set up new Office 365 Message Encryption capabilities built on top of Azure Information Protection. 旧版 Office 365 邮件加密的客户不会获得上述新功能,而无需遵循上面提供的指导。Customers on legacy Office 365 Message Encryption do not get the new capabilities without following the set up guidance provided above. 请阅读FAQ ,了解新的与旧版本的 Office 365 邮件加密功能中包含的内容的详细信息。Please read the FAQ for more details on what's included in the new vs. legacy Office 365 Message Encryption capabilities.

Office 365 高级邮件加密通过允许邮件过期和吊销来提供额外的保护。Office 365 Advanced Message Encryption provides additional protection by allowing message expiration and revocation. 您还可以为来自您的组织的加密电子邮件创建多个模板。You can also create multiple templates for encrypted emails originating from your organization. 高级邮件加密包含在 Microsoft 365 E5、Office 365 E5、Microsoft 365 E5 (非盈利员工定价)、Office 365 企业版 E5 (非盈利员工定价)或 Office 365 教育版 A5 中。Advanced Message Encryption is included in Microsoft 365 E5, Office 365 E5, Microsoft 365 E5 (Nonprofit Staff Pricing), Office 365 Enterprise E5 (Nonprofit Staff Pricing), or Office 365 Education A5. 如果你的组织有一个不包含 Office 365 高级邮件加密的订阅,你可以购买 Microsoft 365 E5 合规性或 Office 365 高级合规性 SKU 作为加载项。If your organization has a subscription that does not include Office 365 Advanced Message Encryption, you can purchase Microsoft 365 E5 Compliance or the Office 365 Advanced Compliance SKU as an add-on.

安全/多用途 Internet 邮件扩展 (S/MIME)Secure/Multipurpose Internet Mail Extensions (S/MIME)

借助 S/MIME,您可以通过在组织内发送签名的加密电子邮件来保护敏感信息。在创建 PKI 证书并将其分发给用户后,管理员可以使用远程 Windows PowerShell 设置 S/MIME。必须从本地 Active Directory 证书服务同步这些证书。S/MIME allows you to help protect sensitive information by sending signed and encrypted email within your organization. Administrators can use remote Windows PowerShell to set up S/MIME after establishing and issuing PKI certificates to users. These certificates must be synchronized from an on-premises Active Directory Certificate Service.

Microsoft Edge 和 Internet Explorer 11 支持 S/MIME。S/MIME is supported on Microsoft Edge and Internet Explorer 11. 目前,Firefox、Opera 和 Chrome 不支持 S/MIME。Currently, S/MIME is unsupported on Firefox, Opera, and Chrome. 有关详细信息,请参阅邮件签名和加密的 S/MIMEFor more information, see S/MIME for Message Signing and Encryption.

就地保留和诉讼保留In-Place Hold and Litigation Hold

当存在诉讼的合理预期时,需要组织保留与事实相关的以电子方式存储的信息 (ESI),包括电子邮件。这种预期可能在知道事实的细节之前发生,并且保留内容通常很广泛。组织可能保留与特定主题相关的所有电子邮件,或特定个人的所有电子邮件。When a reasonable expectation of litigation exists, organizations are required to preserve electronically stored information (ESI), including email that's relevant to the case. This expectation can occur before the specifics of the case are known, and preservation is often broad. Organizations may preserve all email related to a specific topic, or all email for certain individuals.

在 Exchange Online 中,您可以使用就地保留或诉讼保留来完成以下目标:In Exchange Online, you can use In-Place Hold or Litigation Hold to accomplish the following goals:

  • 允许将用户置于保留中并永久保留邮箱项目Enable users to be placed on hold and preserve mailbox items immutably

  • 保留由用户或自动删除过程删除的邮箱项目,例如 MRMPreserve mailbox items deleted by users or automatic deletion processes such as MRM

  • 保护邮箱项目不被用户或通过保存原始项目副本的自动过程篡改、更改Protect mailbox items from tampering, changes by a user, or automatic processes by saving a copy of the original item

  • 无限期保留项目或保留特定的持续时间Preserve items indefinitely or for a specific duration

  • 通过不必挂起 MRM 使保留对用户是透明的Keep holds transparent from the user by not having to suspend MRM

  • 使用就地电子数据展示搜索邮箱项目,包括保留项目Use In-Place eDiscovery to search mailbox items, including items placed on hold

此外,您可以使用就地保留进行以下操作:Additionally, you can use In-Place Hold to:

  • 搜索并保留与指定条件匹配的项目Search and hold items matching specified criteria

  • 将用户置于多个就地保留以用于不同的案件或调查Place a user on multiple In-Place Holds for different cases or investigations


当您将邮箱置于就地保留或诉讼保留中时,该保留将置于主邮箱和存档邮箱中。When you put a mailbox on In-Place Hold or Litigation Hold, the hold is placed on both the primary and the archive mailbox.

有关详细信息,请参阅就地保留和诉讼保留For more information, see In-Place Hold and Litigation Hold.

就地电子数据展示In-Place eDiscovery

Exchange Online 可让客户使用基于 web 的界面跨组织搜索邮箱内容。Exchange Online lets customers search the contents of mailboxes across an organization using a web-based interface. 管理员或有权执行就地电子数据展示搜索(通过分配)的合规性和安全性管理人员可以搜索电子邮件、附件、日历约会、任务、联系人和其他项目。Administrators or compliance and security officials who are authorized to perform In-Place eDiscovery search (by assigning) can search email messages, attachments, calendar appointments, tasks, contacts, and other items. 就地电子数据展示可以同时搜索主邮箱和存档。In-Place eDiscovery can search simultaneously across primary mailboxes and archives. 丰富的筛选功能包括发件人、收件人、邮件类型、发送/接收日期、抄送/密送以及 KQL 语法。Rich filtering capabilities include sender, receiver, message type, sent/receive date, and carbon copy/blind carbon copy, along with KQL Syntax. 搜索结果也包含"已删除邮件"中的邮件(如果这些邮件与搜索查询条件匹配)。Search results will also include items in the Deleted Items folder if they match the search query.

就地电子数据展示搜索的结果可以在基于 Web 的界面中预览、导出到 PST 文件中或复制到名为发现邮箱的特殊类型的邮箱中。发现邮箱具有 50 GB 的配额用于存储搜索结果。管理员还可以将 Outlook 连接到发现邮箱以访问搜索结果,并将搜索结果导出到 .pst 文件中。Results of In-Place eDiscovery searches can be previewed in the web-based interface, exported to a PST file or copied to a special type of mailbox called a Discovery mailbox. A Discovery mailbox has a 50 GB quota for storing search results. Administrators can also connect Outlook to the Discovery mailbox to access search results, and export the search results to a .pst file.

管理员可以使用 Exchange 管理中心或远程 Windows PowerShell 来执行多邮箱搜索。Exchange 管理中心可以提供只读的搜索结果预览,让管理员可以快速验证搜索,并在需要时使用不同的参数再次运行此搜索。在优化搜索之后,管理员可以将搜索结果复制到发现邮箱中。Administrators use either the Exchange admin center or remote Windows PowerShell to perform multi-mailbox searches. The Exchange admin center can provide a read-only preview of the search results, enabling administrators to quickly verify a search and rerun it, if needed, with different parameters. Once a search is optimized, the administrator can copy the results to the Discovery mailbox.

默认情况下,为每个组织创建一个发现邮箱,但管理员可以使用远程 Windows PowerShell 创建其他发现邮箱。发现邮箱不能用于存储就地电子数据展示搜索结果之外的任何目的。By default, one Discovery mailbox is created for each organization, but administrators can create additional Discovery mailboxes using remote Windows PowerShell. Discovery mailboxes cannot be used for any purpose other than storing In-Place eDiscovery search results.

管理员可以使用 Exchange 管理中心或远程 Windows PowerShell 来执行就地电子数据展示搜索。Exchange 管理中心可以提供只读的搜索结果预览,让管理员可以快速验证搜索,并在需要时使用不同的参数再次运行此搜索。在优化搜索之后,管理员可以将搜索结果复制到发现邮箱中或将搜索结果导出到 PST 文件中。Administrators use either the Exchange admin center or remote Windows PowerShell to perform In-Place eDiscovery searches. The Exchange admin center can provide a read-only preview of the search results, enabling administrators to quickly verify a search and rerun it, if needed, with different parameters. Once a search is optimized, the administrator can copy the results to the Discovery mailbox or export search results to a PST file.

管理员可以使用 Exchange 管理中心或远程 Windows PowerShell 以在就地电子数据展示搜索中一次搜索最多 10,000 个邮箱。Administrators can use either the Exchange admin center or remote Windows PowerShell to search up to 10,000 mailboxes at a time in an In-Place eDiscovery search.

在 Exchange Online 中,授权用户可以执行就地电子数据展示并选择以下选项之一:In Exchange Online, authorized users can perform In-Place eDiscovery and choose one of the following actions:

  • 估计搜索结果 获取搜索会返回的估计邮件数,包括关键字统计信息以确定搜索中使用的关键字有效性并在需要时调整搜索参数。Estimate search results Get an estimate of the number of messages the search will return, including keywords statistics to determine the effectiveness of keywords used in the search and tweak search parameters if required.

  • 预览搜索结果Preview search results

  • 将搜索结果中返回的邮件复制到发现邮箱。Copy messages returned in search results to a Discovery mailbox.

有关详细信息,请参阅就地电子数据展示For more information, see In-Place eDiscovery.

邮件流规则Mail flow rules

您可以使用邮件流规则来查找通过组织传递的邮件的特定条件并对其进行操作。You can use mail flow rules to look for specific conditions on messages that pass through your organization and act on them. 邮件流规则允许您对电子邮件应用邮件策略、保护邮件安全、保护邮件系统,并防止信息泄露。Mail flow rules let you apply messaging policies to email messages, secure messages, protect messaging systems, and prevent information leakage.

当今,法律、法规或公司政策要求许多组织应用邮件策略,以便限制组织内部和外部的收件人和发件人之间的交互。除了对个人、组织内部的部门小组以及组织外部的实体之间的交互进行限制以外,某些组织还要满足下列邮件策略要求:Many organizations today are required by law, regulatory requirements, or company policies to apply messaging policies that limit the interaction between recipients and senders, both inside and outside the organization. In addition to limiting interactions among individuals, departmental groups inside the organization, and entities outside the organization, some organizations are also subject to the following messaging policy requirements:

  • 防止不适当的内容进入或离开组织Preventing inappropriate content from entering or leaving the organization

  • 筛选机密组织信息Filtering confidential organization information

  • 对特定个人发送或接收的邮件进行跟踪或复制Tracking or copying messages that are sent to or received from specific individuals

  • 在传递之前重定向入站和出站邮件以便进行检查Redirecting inbound and outbound messages for inspection before delivery

  • 对通过组织的邮件应用免责声明Applying disclaimers to messages as they pass through the organization


需要在电子邮件服务器上安装第三方 Ifilter 的附件文件类型(如 Adobe .pdf)无法使用邮件流规则进行检查,直到安装了相应的 iFilter。Attachment file types that require installation of third-party iFilters on the email server (such as Adobe .pdf) cannot be inspected using mail flow rules until after an appropriate iFilter is installed. 有关邮件流规则支持的文件类型的详细信息,请参阅使用邮件流规则检查 Office 365 中的邮件附件For more information about file types that are supported by mail flow rules, see Use mail flow rules to inspect message attachments in Office 365.

有关邮件流规则的详细信息,请参阅Exchange 2016 中的邮件流规则For more information about mail flow rules, see Mail flow rules in Exchange 2016.

防止数据丢失Data loss prevention

防止数据丢失 (DLP) 功能可帮助您通过深入的内容分析标识、监控和保护您组织中的敏感信息。The data loss prevention (DLP) feature will help you identify, monitor, and protect sensitive information in your organization through deep content analysis. DLP 是一项对于企业邮件系统而言越来越重要的高级功能,因为对于企业非常重要的电子邮件包含需要保护的敏感信息。DLP is a premium feature that is increasingly important for enterprise message systems because business-critical email includes sensitive data that needs to be protected. Exchange Online 中的 DLP 功能允许您保护敏感数据,而不会影响工作人员的工作效率。The DLP feature in Exchange Online lets you protect sensitive data without affecting worker productivity.

您可以在 Exchange 管理中心 (EAC) 管理界面中配置 DLP 策略,以便您执行下列操作:You can configure DLP policies in the Exchange admin center (EAC) management interface, which allows you to:

  • 启动预配置的策略模板,此模板可帮助您检测特定类型的敏感信息,如 PCI-DSS 数据、格雷姆-里奇-比利雷法案数据,甚至是区域设置特定的个人身份信息 (PII)。Start with a pre-configured policy template that can help you detect specific types of sensitive information such as PCI-DSS data, Gramm-Leach-Bliley act data, or even locale-specific personally identifiable information (PII).

  • 使用现有传输规则条件和操作的强大功能,并添加新的传输规则。Use the full power of existing transport rule criteria and actions and add new transport rules.

  • 在全面执行前,测试您的 DLP 策略的有效性。Test the effectiveness of your DLP policies before fully enforcing them.

  • 整合您自己的自定义 DLP 策略模板和敏感的信息类型。Incorporate your own custom DLP policy templates and sensitive information types.

  • 检测邮件附件、正文文本或主题行中的敏感信息,并调整 Exchange Online 的行为可信度。Detect sensitive information in message attachments, body text, or subject lines and adjust the confidence level at which Exchange Online acts.

  • 通过使用文档指纹检测敏感型数据。文档指纹可以帮助您基于文本形式(您可以用其定义传输规则和 DLP 策略)轻松地创建自定义敏感信息类型。Detect sensitive form data by using Document Fingerprinting. Document Fingerprinting helps you easily create custom sensitive information types based on text-based forms that you can use to define transport rules and DLP policies.

  • 添加策略提示,通过向 Outlook 2016、Outlook 2013、Outlook 网页版和适用于设备的 OWA 显示通知,可以帮助减少数据丢失,还可以通过允许误报报告来提高策略的有效性。Add Policy Tips, which can help reduce data loss by displaying a notice to your Outlook 2016, Outlook 2013, Outlook on the web, and OWA for Devices users and can also improve the effectiveness of your policies by allowing false-positive reporting.

  • 查看 DLP 报告中的事件数据,或通过使用生成事件报告操作来添加自己的特定报告。Review incident data in DLP reports or add your own specific reports by using a generate incident report action.

有关 DLP 的详细信息,请参阅数据丢失防护For more information about DLP, see Data Loss Prevention.


您可以配置 Exchange Online,以将电子邮件的副本记录到通过 SMTP 接收邮件的任何外部邮箱中。通过记录入站和出站电子邮件通信,日记功能可以帮助组织对法律、法规和组织遵从性要求做出响应。规划邮件保留和合规性时,了解日记功能及其如何适应组织的合规性策略,这一点非常重要。You can configure Exchange Online to journal copies of emails to any external mailbox that can receive messages via SMTP. Journaling can help your organization respond to legal, regulatory, and organizational compliance requirements by recording inbound and outbound email communications. When planning for messaging retention and compliance, it's important to understand journaling and how it fits in with your organization's compliance policies.

您可以使用 Exchange 管理中心或远程 Windows PowerShell 管理日记规则。您可以按用户和通讯组列表来配置日记,并选择仅记录内部邮件日记、仅记录外部邮件日记或这两者。日记邮件不仅包含原始邮件,还包含有关发件人、收件人、副本和密送副本的信息。You can manage journal rules by using the Exchange admin center or remote Windows PowerShell. You can configure journaling on a per-user and per-distribution list basis, and choose to journal only internal messages, only external messages, or both. Journaled messages include not only the original message but also information about the sender, recipients, copies, and blind copies.

若要确保成功且可靠的日记解决方案,需要完成以下任务:To ensure a successful and reliable journaling solution, you need to complete the following tasks:

  • 请确保日记目标不是 Exchange Online 邮箱。Make sure that the journaling destination is not be an Exchange Online mailbox.

  • 在客户目录中为要用于日记记录的 SMTP 目标电子邮件地址创建联系人对象。Create in the customer directory a contact object for the SMTP target email address to be used for journaling.

  • 将第二个联系人对象创建为备用日记邮箱,用于在主日记邮箱不可用时捕获任何日记报告。Create a second contact object as an alternative journal mailbox to capture any journal reports when the primary journal mailbox is unavailable.

  • 维护 SMTP 目标的正确管理、冗余、可用性、性能和功能级别,以确保始终成功地接受邮件。Maintain proper management, redundancy, availability, performance, and functionality levels of the SMTP target to ensure successful mail acceptance always.

  • 提供与 Exchange Server 和 Exchange 传输的具体互操作性,包括邮件格式、发件人/收件人信息集成和正确的内容转换。Provide respective interoperability with Exchange Server and Exchange transport including message formats, sender/recipient information integration, and appropriate content conversion.

有关日记的详细信息,请参阅日记For more information about journaling, see Journaling.

功能可用性Feature availability

若要查看跨计划、独立选项和本地解决方案的功能可用性,请参阅Exchange Online 服务说明To view feature availability across plans, standalone options, and on-premises solutions, see Exchange Online service description.