全面了解数据组Learn all about data groups

什么是数据组?What is a data group?

数据组是对数据丢失防护 (DLP) 策略中的服务进行分类的一种简单方式。Data groups are a simple way to categorize services within a data loss prevention (DLP) policy. 两个可用的数据组为“仅限业务数据”组和“不允许业务数据”组。The two data groups available are the Business data only group and the No business data allowed group. 组织可以自由确定要将哪些服务放置到哪个特定的数据组中。Organizations are free to determine which services are placed into a particular data group. 为服务分类的一种合理方式是根据对组织造成的影响将服务放置在组中。A good way to categorize services is to place them in groups, based on the impact to the organization. 默认情况下,所有服务放置在“不允许业务数据”数据组中。By default, all services are placed into the No business data allowed data group. 通过管理中心创建或修改 DLP 策略的属性时,可以管理数据组中的服务。You manage the services in a data group when you create or modify the properties of a DLP policy from the admin center.

数据在数据组之间的共享方式How data is shared between data groups

无法在不同组中的服务之间共享数据。Data cannot be shared among services located in different groups. 例如,如果将 SharePoint 和 Salesforce 放置在“仅限业务数据”组中,将 Facebook 和 Twitter 放置在“不允许业务数据”组中,则无法创建用于在 SharePoint 与 Facebook 之间移动数据的 PowerApp。For example, if you place SharePoint and Salesforce in the Business data only group and you place Facebook and Twitter in the No business data allowed group, you cannot create a PowerApp that moves data between SharePoint and Facebook. 尽管无法在不同组中的服务之间共享数据,但可以在特定组中的服务之间共享数据。While data cannot be shared among services in different groups, you can share data among the services within a specific group. 追溯到前面的示例,由于 SharePoint 和 Salesforce 放置在同一个数据组中,因此最终用户创建的 PowerApps 可在 SharePoint 与 Salesforce 之间共享数据。So, going back to the earlier example, since SharePoint and Salesforce were placed in the same data group, PowerApps that your end users create can share data between SharePoint and Salesforce. 关键之处在于,特定组中的服务可以共享数据,而不同组中的服务无法共享数据。The key point is that services in a specific group can share data, while services in different groups cannot share data.

此外,必须将一个数据组指定为默认组。Additionally, one data group must be designated as the default group. 最初,“不允许业务数据”组是默认组,所有服务都放置在该数据组中。Initially, the No business data allowed group is the default group and all services are in the data group. 管理员可将默认数据组更改为“仅限业务数据”数据组。An administrator can change the default data group to the business data only data group. 请注意,添加到 PowerApps 的所有新服务都将放置在指定的默认组中。Note any new services that are added to PowerApps will be placed in the designated default group. 为此,我们建议将“不允许业务数据”保留为默认组,在组织已评估允许与新服务共享业务数据所造成的影响后,手动将服务添加到“仅限业务数据”组中。For this reason, we recommend you keep the No business data allowed as the default group and manually add services into the Business data only group after your organization has evaluated the impact of allowing business data to be shared with the new service.

将服务添加到数据组Add services to a data group

本演练将 SharePoint 和 Salesforce 添加到数据丢失防护 (DLP) 策略的“仅限业务数据”数据组。In this walk-through, we'll add SharePoint and Salesforce to the business data only data group of a data loss prevention (DLP) policy.

  1. 选择 DLP 策略的“仅限业务数据”组框中的“+添加”链接:Select the + Add link located inside the Business data only group box of a DLP policy:
    添加图像Add image
  2. 选择 SharePoint 和 Salesforce,然后选择“添加服务”将这两个服务添加到“仅限业务数据”组:Select SharePoint and Salesforce then select Add services to add both to the business data only group:
    添加服务图像Add services image
  3. 在顶部菜单中选择“保存策略”:Select Save Policy from the menu at the top:
    保存策略Save policy
  4. 可以看到,SharePoint 和 Salesforce 现已放置在“仅限业务数据”组中:Notice that both SharePoint and Salesforce are now in the business data only group:
    更新业务数据组

本演练已将 SharePoint 和 Salesforce 添加到 DLP 策略的“仅限业务数据”数据组。In this walk-through, you've added SharePoint and Salesforce to the business data only data group of a DLP policy. 如果 DLP 策略环境中的某人创建的应用会在 SharePoint 或 Salesforce 与“不允许业务数据”数据组中的任一服务之间共享数据,则系统将不允许该应用运行。If one of the person who is part of the DLP policy's environment create an app shares data between SharePoint or Salesforce and any service in the No business data allowed data group, the app will not be allowed to run.

从数据组中删除服务Remove services from a data group

由于所有服务必须在一个可用的数据组中,因此,若要从特定的组中删除某个服务,只需将该服务添加到另一个组,然后保存策略。Since all services must be in one of the available data groups, to remove a service from a specific group, simply add the service to another group then save the policy.

更改默认数据组Change the default data group

本演练将默认数据组从“不允许业务数据”数据组更改为“仅限业务数据”数据组。In this walk-through, we will change the default data group from the no business data allowed data group to the business data only data group.

重要说明:添加到 PowerApps 的所有新服务都将放置在指定的默认组中。Important any new services that are added to PowerApps will be placed in the designated default group. 为此,我们建议将“不允许业务数据”保留为默认组,并手动将服务添加到“仅限业务数据”组中。For this reason, we recommend you keep the No business data allowed as the default group and manually add services into the Business data only group.

  1. 选择想要指定为默认数据组的数据组右上角的“...”:Select the ... located at the top right corner of the data group you wish to designate as the default data group:
    更改默认组change default group
  2. 选择“设为默认组”:Select Set as default group:
    更改默认组change default group
  3. 在顶部菜单中选择“保存策略”:Select Save Policy from the menu at the top:
    更改默认组change default group
  4. 可以看到,该数据组现已指定为默认数据组:Notice the data group is now designated as the default data group:
    更改默认组

后续步骤Next steps