数据丢失防护 (DLP) 策略Data loss prevention (DLP) policies

什么是数据丢失防护策略?What is a data loss prevention policy?

组织的数据是取得成功的关键所在。An organization's data is critical to its success. 其数据需要随时可用于决策,但必须受到保护,避免与无权访问这些数据的受众共享。Its data needs to be readily available for decision-making but it needs to be protected so that it isn't shared with audiences that should not have access to it. 为保护这些数据,Microsoft PowerApps (PowerApps) 提供了创建和实施策略的功能,这些策略用于定义可共享的特定于消费者服务/连接器的业务数据。To protect this data, Microsoft PowerApps (PowerApps) provides you with the ability to create and enforce policies that define which consumer services/connectors specific business data can be shared with. 这些用于定义如何共享数据的策略称为数据丢失防护 (DLP) 策略。These policies that define how data can be shared are referred to as data loss prevention (DLP) policies.

为何要创建 DLP 策略?Why create a DLP policy?

创建 DLP 策略能够明确定义可共享的消费者服务业务数据。You would create DLP policy to clearly define which consumer services business data may be shared with. 例如,使用 PowerApps 的组织可能不希望其存储在 SharePoint 中的业务数据自动发布到其 Twitter 源。For example, an organization that uses PowerApps may not want its business data that's stored in SharePoint to be automatically published to its Twitter feed. 为防止出现这种情况,可创建 DLP 策略,阻止将 SharePoint 数据用作推文源。To prevent this, you can create a DLP policy that blocks SharePoint data from being used as the source for tweets.

DLP 策略的优点Benefits of a DLP policy

  • 确保在整个组织中以统一的方式管理数据Ensures that data is managed in a uniform manner across the organization
  • 防止将重要业务数据意外发布到社交媒体站点等服务。Prevents important business data from being accidentally published to services such as social media sites.

管理 DLP 策略Managing DLP policies

先决条件Prerequisites
若要创建、编辑或删除 DLP 策略,需要满足以下条件:In order to create, edit, or delete DLP policies, the following items are required:

  • 拥有环境管理员或租户管理员权限。Either environment admin or tenant admin permissions. 可通过环境主题了解有关权限的详细信息You can learn more about permissions in the environments topic

创建 DLP 策略Create a DLP policy

先决条件Prerequisites
若要创建 DLP 策略,必须拥有至少一个环境的相应权限。In order to create a DLP policy, you must have permissions to at least one environment.

按照以下步骤创建一个 DLP 策略,防止存储在 SharePoint 数据库中的数据发布到 Twitter:Follow these steps to create a DLP policy that prevents data that is stored in your SharePoint database from being published to Twitter:

  1. 在“数据策略”选项卡中,选择“新建策略”链接:While on the Data Policies tab, select the New policy link:
    登录Sign in
  2. 在打开的页面顶部的“数据策略名称”标签中,输入“Contoso 安全数据访问”作为 DLP 策略名称:Enter the name of the DLP policy as Secure Data Access for Contoso in the Data Policy Name label at the top of the page that opens:
    登录Sign in
  3. 在“应用于”选项卡中选择“环境”Select the environment on the Applies to tab.
    登录Sign in
  4. 选择“数据组”选项卡:Select the Data groups tab:
    登录Sign in
  5. 选择“仅业务数据”组框中的“+添加”链接:Select the + Add link located inside the Business data only group box:
    登录Sign in
  6. 从“添加服务”页中选择“SharePoint”和“Salesforce”服务:Select the SharePoint and Salesforce services from the Add services page:
    登录Sign in
  7. 选择“添加服务”按钮,将所选服务添加到允许共享业务数据的服务的列表:Select the Add services button to add the services you selected to the list of services that are allowed to share business data:
    登录Sign in
  8. 选择“保存策略”:Select Save Policy:
    登录Sign in
  9. 片刻后,新 DLP 策略将显示在数据丢失防护策略列表中:After a few moments, your new DLP policy will be displayed in the data loss prevention policies list:
    登录
  10. 可选向团队发送一封电子邮件或其他通讯,提醒他们有新的 DLP 策略可用。Optional Send an email or other communication to your team, alerting them that a new DLP policy is now available.

恭喜!现已创建一个允许应用在 SharePoint 与 Saleforce 之间共享数据,并阻止与其他任何服务共享数据的 DLP 策略。Congratulations, you have now created a DLP policy that allows app to share data between SharePoint and Salesforce and blocks the sharing of data with any other services.

查找 DLP 策略Find a DLP policy

管理员Admins

管理员可使用搜索功能从管理中心查找特定的 DLP 策略。Admins can use the search feature from the Admin center to find specific DLP policies.

请注意:管理员应发布所有 DLP 策略,以便组织中的用户在创建 PowerApps 之前,知道存在这些策略。NOTE Admins should publish all DLP policies so that users in the organization are aware of the policies prior to creating PowerApps.

创建者Makers

如果没有管理员权限并希望详细了解组织中的 DLP 策略,请与管理员联系。If you don't have admin permissions and you wish to learn more about the DLP policies in your organization, contact your administrator. 也可以通过创建者环境主题了解详细信息You can also learn more from the maker environments topic

请注意:只有管理员可以编辑或删除 DLP 策略。NOTE Only admins can edit or delete DLP policies.

编辑 DLP 策略Edit a DLP policy

  1. 通过浏览到 https://admin.powerapps.com,启动管理中心。Launch the Admin center by browsing to https://admin.powerapps.com.
  2. 在启动的管理中心内,选择左侧的“数据策略”链接。In the Admin center that launches, select the Data polices link on the left side.
    登录Sign in
  3. 搜索现有 DLP 策略的列表,选择要编辑的策略旁边的编辑链接:Search the list of existing DLP policies and select the edit link next to the policy you intend to edit:
    登录
  4. 执行所需更改。Make the changes you wish to make. 例如,可修改环境或者数据组中的服务。You can modify the environment or the services in the data groups, for example.
  5. 选择“保存策略”保存所做更改:Select Save Policy to save your changes:
    登录Sign in

策略现已更新。Your policy has now been updated. 在数据丢失防护策略列表中找到该策略并检查其属性,即可确认是否已进行更改。You can confirm that the changes have been made to your policy by finding it in the data loss prevention policies list and reviewing its properties.

删除 DLP 策略Delete a DLP policy

  1. 通过浏览到 https://admin.powerapps.com,启动管理中心Launch the Admin center by browsing to https://admin.powerapps.com
  2. 在启动的管理中心内,选择左侧的“数据策略”链接。In the Admin center that launches, select the Data polices link on the left side.
    登录Sign in
  3. 搜索现有 DLP 策略的列表,选择要删除的策略旁边的删除链接:Search the list of existing DLP policies and select the delete link next to the policy you intend to delete:
    登录
  4. 选择“删除”按钮,以确认要删除该策略:Confirm that you really want to delete the policy by selecting the Delete button:
    登录Sign in

策略现已删除。Your policy has now been deleted. 在左侧选择“数据策略”链接并查看策略列表,即可确认该策略是否已不在数据丢失防护策略列表中。You can confirm that the policy is no longer listed in the data loss prevention policies list by selecting the Data Policies link on the left and reviewing the list of policies.

DLP 策略权限DLP policy permissions

只有租户管理员和环境管理员可以创建和修改 DLP 策略。Only tenant and environment admins can create and modify DLP policies. 通过环境主题了解有关权限的详细信息。Learn more about permissions in the environments topic.

后续步骤Next steps