客戶管理:租用戶金鑰生命週期作業Customer-managed: Tenant key life cycle operations

*適用於:*Azure 資訊保護Office 365*Applies to: Azure Information Protection, Office 365*

*相關AIP 統一標籤用戶端和傳統用戶端**Relevant for: AIP unified labeling client and classic client*

如果您自行管理 Azure 資訊保護租用戶金鑰 (攜帶您自己的金鑰 (BYOK) 情節),請參閱下列各節,以了解與此拓撲相關的生命週期作業詳細資訊。If you manage your tenant key for Azure Information Protection (the bring your own key, or BYOK, scenario), use the following sections for more information about the life cycle operations that are relevant to this topology.

撤銷租用戶金鑰Revoke your tenant key

在許多情況下,您可能需要撤銷金鑰,而不是重設金鑰。There are very few scenarios when you might need to revoke your key instead of rekeying. 當您撤銷金鑰時,所有使用該金鑰的租使用者所保護的內容都會變成無法存取 (包括 Microsoft、您的全域管理員和超級使用者) 除非您有可以還原的金鑰備份。When you revoke your key, all content that has been protected by your tenant using that key will become inaccessible to everybody (including Microsoft, your global admins, and super users) unless you have a backup of the key that you can restore. 撤銷金鑰之後,您將無法保護新的內容,除非您為 Azure 資訊保護建立和設定新的租使用者金鑰。After revoking your key, you won't be able to protect new content until you create and configure a new tenant key for Azure Information Protection.

若要撤銷客戶管理的租使用者金鑰,請在 Azure Key Vault 中,變更包含您 Azure 資訊保護租使用者金鑰之金鑰保存庫的許可權,讓 Azure Rights Management 服務無法再存取該金鑰。To revoke your customer-managed tenant key, in Azure Key Vault, change the permissions on the key vault that contains your Azure Information Protection tenant key so that the Azure Rights Management service can no longer access the key. 此動作可有效撤銷 Azure 資訊保護的租使用者金鑰。This action effectively revokes the tenant key for Azure Information Protection.

當您取消 Azure Information Protection 訂用帳戶時,Azure Information Protection 即會停止使用您的租用戶金鑰,您不必採取任何動作。When you cancel your subscription for Azure Information Protection, Azure Information Protection stops using your tenant key and no action is needed from you.

重設租用戶金鑰Rekey your tenant key

重設金鑰又稱為輪換金鑰。Rekeying is also known as rolling your key. 當您執行這項作業時,Azure 資訊保護會停止使用現有租用戶金鑰來保護文件和電子郵件,並開始使用不同的金鑰。When you do this operation, Azure Information Protection stops using the existing tenant key to protect documents and emails, and starts to use a different key. 原則和範本會立刻放棄,但會對使用 Azure 資訊保護的現有用戶端及服務採取漸進式轉換。Policies and templates are immediately resigned but this changeover is gradual for existing clients and services using Azure Information Protection. 因此,有些新內容會繼續以舊的租用戶金鑰保護一段時間。So for some time, some new content continues to be protected with the old tenant key.

若要重設金鑰,您必須設定租用戶金鑰目標,並指定要使用的替代金鑰。To rekey, you must configure the tenant key object and specify the alternative key to use. 然後,先前使用的金鑰都會為 Azure 資訊保護自動標記為封存。Then, the previously used key is automatically marked as archived for Azure Information Protection. 此設定可確保使用此金鑰所保護的內容仍可存取。This configuration ensures that content that was protected by using this key remains accessible.

可能會需要重設 Azure 資訊保護金鑰的例子如下:Examples of when you might need to rekey for Azure Information Protection:

  • 您的公司分拆成兩家以上的公司。Your company has split into two or more companies. 當您重設租用戶金鑰時,新公司將無法存取您的員工所發佈的新內容。When you rekey your tenant key, the new company will not have access to new content that your employees publish. 只要他們有一份舊的租用戶金鑰,就可以存取舊的內容。They can access the old content if they have a copy of the old tenant key.

  • 您想要從某個金鑰管理拓撲移至另一個金鑰管理拓撲。You want to move from one key management topology to another.

  • 您認為租用戶金鑰的主複本 (您擁有的複本) 遭洩漏。You believe the master copy of your tenant key (the copy in your possession) is compromised.

若要重設為您管理的另一個金鑰,您可以在 Azure Key Vault 中建立新的金鑰,也可以使用已在 Azure Key Vault 中的不同金鑰。To rekey to another key that you manage, you can either create a new key in Azure Key Vault or use a different key that is already in Azure Key Vault. 然後遵循您為 Azure 資訊保護實作 BYOK 的相同程序。Then follow the same procedures that you did to implement BYOK for Azure Information Protection.

  1. 只有當新的金鑰位於不同的金鑰保存庫中,而您已用於 Azure 資訊保護:使用 >set-azkeyvaultaccesspolicy 指令程式授權 Azure 資訊保護使用金鑰保存庫時,才會使用此金鑰保存庫。Only if the new key is in a different key vault to the one you are already using for Azure Information Protection: Authorize Azure Information Protection to use the key vault, by using the Set-AzKeyVaultAccessPolicy cmdlet.

  2. 如果 Azure 資訊保護還不知道您想要使用的金鑰,請執行 AipServiceKeyVaultKey Cmdlet。If Azure Information Protection doesn't already know about the key you want to use, run Use-AipServiceKeyVaultKey cmdlet.

  3. 使用 AipServiceKeyProperties Cmdlet 來設定租使用者金鑰組象。Configure the tenant key object, by using the run Set-AipServiceKeyProperties cmdlet.

如需所有這些步驟的詳細資訊:For more information about each of these steps:

  • 若要重設為您所管理的另一個金鑰,請參閱 規劃和實施您的 Azure 資訊保護租使用者金鑰To rekey to another key that you manage, see Planning and implementing your Azure Information Protection tenant key.

    若您為您在內部部署環境建立並傳輸到 Key Vault 的 HSM 保護金鑰進行重設金鑰,您可以使用與您為目前金鑰使用之安全性環境與存取卡片相同的安全性環境與存取卡片。If you are rekeying an HSM-protected key that you create on-premises and transfer to Key Vault, you can use the same security world and access cards as you used for your current key.

  • 若要重設金鑰,以變更為 Microsoft 為您管理的金鑰,請參閱針對受 Microsoft 管理作業的重設租用戶金鑰一節。To rekey, changing to a key that Microsoft manages for you, see the Rekey your tenant key section for Microsoft-managed operations.

備份和復原租用戶金鑰Backup and recover your tenant key

因為您要管理租用戶金鑰,所以您負責備份 Azure 資訊保護所使用的金鑰。Because you are managing your tenant key, you are responsible for backing up the key that Azure Information Protection uses.

如果您在內部部署環境中產生了租使用者金鑰,請在 nCipher HSM 中:若要備份金鑰,請備份 token 化金鑰檔案、世界檔案和系統管理員卡。If you generated your tenant key on premises, in a nCipher HSM: To back up the key, back up the tokenized key file, the world file, and the administrator cards. 將您的金鑰傳輸至 Azure Key Vault 時,此服務會儲存 Token 化金鑰檔案,以防止任何服務節點失敗。When you transfer your key to Azure Key Vault, the service saves the tokenized key file, to protect against failure of any service nodes. 這個檔案會繫結至特定 Azure 區域或執行個體的安全範圍。This file is bound to the security world for the specific Azure region or instance. 然而,這份權杖化的金鑰檔案並不算是完整備份。However, do not consider this tokenized key file to be a full backup. 例如,如果您需要在 nCipher HSM 以外使用金鑰的純文字複本,Azure Key Vault 無法為您抓取,因為它只有無法復原的複本。For example, if you ever need a plain text copy of your key to use outside a nCipher HSM, Azure Key Vault cannot retrieve it for you, because it has only a non-recoverable copy.

Azure Key Vault 的備份 Cmdlet 可用來備份金鑰,方法是下載並將其儲存至檔案中。Azure Key Vault has a backup cmdlet that you can use to back up a key by downloading it and storing it in a file. 因為下載的內容已加密,所以無法在 Azure Key Vault 外部使用它。Because the downloaded content is encrypted, it cannot be used outside Azure Key Vault.

匯出租用戶金鑰Export your tenant key

如果您使用 BYOK,您無法從 Azure Information Protection 上的 Azure 金鑰保存庫匯出租用戶金鑰。If you use BYOK, you cannot export your tenant key from Azure Key Vault or Azure Information Protection. Azure 金鑰保存庫中是無法復原的複本。The copy in Azure Key Vault is non-recoverable.

漏洞應變Respond to a breach

安全性系統不論多麼堅固,不可能完美到沒有任何漏洞應變程序。No security system, no matter how strong, is complete without a breach response process. 租用戶金鑰可能已外洩或遭竊。Your tenant key might be compromised or stolen. 即使受到嚴密保護,最新一代的金鑰技術或目前的金鑰長度和演算法仍可能有弱點。Even when it’s protected well, vulnerabilities might be found in current generation key technology or in current key lengths and algorithms.

Microsoft 有專屬團隊負責對產品與服務中的安全性事件做出應變。Microsoft has a dedicated team to respond to security incidents in its products and services. 每當有可靠的報告指出有事件發生,此團隊就會立即介入來調查範圍、根本原因及防護措施。As soon as there is a credible report of an incident, this team engages to investigate the scope, root cause, and mitigations. 如果此事件影響到您的資產,Microsoft 會透過電子郵件通知您租使用者的全域管理員。If this incident affects your assets, Microsoft notifies your tenant Global administrators by email.

如果發生漏洞,您或 Microsoft 可採取的最佳行動取決於漏洞的範圍;Microsoft 會與您一起完成此過程。If you have a breach, the best action that you or Microsoft can take depends on the scope of the breach; Microsoft will work with you through this process. 下表顯示一些常見的情況和可能的反應,但確切的反應取決於調查期間揭露的所有資訊。The following table shows some typical situations and the likely response, although the exact response depends on all the information that is revealed during the investigation.

事件描述Incident description 可能的反應Likely response
租用戶金鑰外洩。Your tenant key is leaked. 重設租用戶金鑰。Rekey your tenant key. 請參閱重設 租使用者金鑰See Rekey your tenant key.
未獲授權的人或惡意程式碼可能取得權限來使用您的租用戶金鑰,但金鑰本身並未外洩。An unauthorized individual or malware got rights to use your tenant key but the key itself did not leak. 重設租用戶金鑰在此無濟於事,必須分析根本原因。Rekeying your tenant key does not help here and requires root-cause analysis. 如果是程序或軟體的錯誤導致未獲授權的人取得存取權,則必須解決這種情況。If a process or software bug was responsible for the unauthorized individual to get access, that situation must be resolved.
最新一代 HSM 技術中發現的弱點。Vulnerability discovered in the current-generation HSM technology. Microsoft 必須更新 HSM。Microsoft must update the HSMs. 如果確信弱點已暴露金鑰,Microsoft 會指示所有客戶重設其租用戶金鑰。If there is reason to believe that the vulnerability exposed keys, Microsoft will instruct all customers to rekey their tenant keys.
經由運算可找出 RSA 演算法、金鑰長度或暴力密碼破解攻擊的弱點。Vulnerability discovered in the RSA algorithm, or key length, or brute-force attacks become computationally feasible. Microsoft 必須更新 Azure Key Vault 或 Azure 資訊保護,以支援更彈性的新演算法和更長的金鑰長度,並指示所有客戶重設其租用戶金鑰。Microsoft must update Azure Key Vault or Azure Information Protection to support new algorithms and longer key lengths that are resilient, and instruct all customers to rekey their tenant key.