Azure Information Protection 租用戶金鑰的作業Operations for your Azure Information Protection tenant key

*適用于Azure 資訊保護Office 365**Applies to: Azure Information Protection, Office 365*

*適用于AIP 統一標籤用戶端和傳統用戶端**Relevant for: AIP unified labeling client and classic client*

根據 Azure 資訊保護的租用戶金鑰拓撲,您對 Azure 資訊保護租用戶金鑰會有不同層級的控制與責任。Depending on your tenant key topology for Azure Information Protection, you have different levels of control and responsibility for your Azure Information Protection tenant key. 這兩個金鑰拓撲是 受 Microsoft 管理受客戶管理The two key topologies are Microsoft-managed and customer-managed.

當您在 Azure 金鑰保存庫中管理自己的租用戶金鑰時,這通常稱為自備金鑰 (BYOK)。When you manage your own tenant key in Azure Key Vault, this is often referred to as bring your own key (BYOK). 如需此案例以及如何選擇這兩種租用戶金鑰拓撲的詳細資訊,請參閱規劃及實作 Azure 資訊保護租用戶金鑰For more information about this scenario and how to choose between the two tenant key topologies, see Planning and implementing your Azure Information Protection tenant key.

下表視您為 Azure 資訊保護租用戶金鑰選擇的拓撲,指出您可以執行的作業。The following table identifies the operations that you can do, depending on the topology that you’ve chosen for your Azure Information Protection tenant key.

生命週期作業Life cycle operation 由 Microsoft 管理 (預設)Microsoft-managed (default) 由客戶管理 (BYOK)Customer-managed (BYOK)
撤銷租用戶金鑰Revoke your tenant key 否 (自動)No (automatic) Yes
重設租用戶金鑰Rekey your tenant key Yes Yes
備份和復原租用戶金鑰Backup and recover your tenant key No Yes
匯出租用戶金鑰Export your tenant key Yes No
漏洞應變Respond to a breach Yes Yes

識別您已實作的拓撲之後,請選取下列其中一個連結,以了解對 Azure 資訊保護租用戶金鑰執行這些作業的詳細資訊:After you have identified which topology you have implemented, select one of the following links for more information about these operations for your Azure Information Protection tenant key:

不過,如果您想要從 Active Directory Rights Management Services 匯入信任發行網域 (TPD) ,建立 Azure 資訊保護租用戶金鑰,此匯入作業會在從 AD RMS 移轉至 Azure 資訊保護時進行。However, if you want to create an Azure Information Protection tenant key by importing a trusted publishing domain (TPD) from Active Directory Rights Management Services, this import operation is part of the migration from AD RMS to Azure Information Protection.