快速入門:為使用者設定標籤,以便輕鬆地保護包含敏感性資訊的電子郵件Quickstart: Configure a label for users to easily protect emails that contain sensitive information

*適用於:*Azure 資訊保護*Applies to: Azure Information Protection*

*相關適用於 Windows 的 Azure 資訊保護傳統用戶端**Relevant for: Azure Information Protection classic client for Windows*

注意

為了提供統一且流暢的客戶體驗,自 2021 年 3 月 31 日 起,Azure 入口網站將 淘汰 Azure 資訊保護傳統用戶端標籤管理To provide a unified and streamlined customer experience, Azure Information Protection classic client and Label Management in the Azure Portal are being deprecated as of March 31, 2021. 此時間範圍可讓所有目前的 Azure 資訊保護客戶使用 Microsoft 資訊保護統一標籤平台轉換至我們統一的標籤解決方案。This time-frame allows all current Azure Information Protection customers to transition to our unified labeling solution using the Microsoft Information Protection Unified Labeling platform. 在正式的淘汰通知 (英文) 中深入了解。Learn more in the official deprecation notice.

在此快速入門中,您將設定現有的 Azure 資訊保護標籤以自動套用 [不可轉寄] 保護設定。In this quickstart, you'll configure an existing Azure Information Protection label to automatically apply the Do Not Forward protection setting.

目前的 Azure 資訊保護原則已包含具有此設定的兩個標籤:The current Azure Information Protection policy already contains two labels that have this configuration:

  • 機密\僅限收件者Confidential \ Recipients Only

  • 極機密\僅限收件者Highly Confidential \ Recipients Only

不過,如果您的原則較舊,或者在您的組織原則建立時未啟用保護,則您不會擁有這些標籤。However, if your policy is older, or if protection wasn't activated at the time your organization's policy was created, you won't have these labels.

所需時間:您可以在 5 分鐘內完成此設定。Time required: You can finish this configuration in 5 minutes.

先決條件Prerequisites

若要完成此快速入門,您需要:To complete this quickstart, you need:

需求Requirement 說明Description
支援的訂用帳戶A supporting subscription 您將需要包含 Azure 資訊保護的訂用帳戶。You'll need a subscription that includes Azure Information Protection.

如果您沒有這些訂用帳戶,您可以為您的組織建立免費帳戶。If you don't have one of these subscriptions, you can create a free account for your organization.
AIP 已新增至 Azure 入口網站AIP added to the Azure portal 您已經將 [Azure 資訊保護] 窗格新增到 Azure 入口網站,並確認保護服務已啟用。You've added the Azure Information Protection pane to the Azure portal, and confirmed that the protection service is activated.

如需詳細資訊,請參閱快速入門:開始使用 Azure 入口網站For more information, see Quickstart: Get started in the Azure portal.
要設定的現有 Azure 資訊保護標籤An existing Azure Information Protection label to configure 使用其中一個預設標籤,或您已建立的標籤。Use one of the default labels, or a label that you've created. 如需詳細資訊,請參閱快速入門:為特定使用者建立新的 Azure 資訊保護標籤For more information, see Quickstart: Create a new Azure Information Protection label for specific users.
已安裝傳統用戶端Classic client installed 若要測試新標籤,您將必須在電腦上安裝傳統用戶端。To test the new label, you'll need the classic client installed on your computer.

Azure 資訊保護傳統用戶端會在 2021 年 3 月淘汰。The Azure Information Protection classic client is being deprecated in March 2021. 若要部署 AIP 傳統用戶端,請建立支援票證以取得下載存取權。To deploy the AIP classic client, open a support ticket to get download access.
已登入 Office 應用程式的 Windows 電腦A Windows computer, signed into Office apps 若要測試新標籤:您需要執行 Windows (至少要是 Windows 7 Service Pack 1) 的電腦。To test the new label, you'll need a computer running Windows (minimum of Windows 7 with Service Pack 1).

在此電腦上,登入下列其中一個 Office 應用程式版本:On this computer, sign into one of the following Office app versions:

- 當使用者獲指派 Azure 版權管理 (也稱為適用於 Microsoft 365 的 Azure 資訊保護) 的授權時,來自 Microsoft 365 Apps 商務版或 Microsoft 365 商務進階版的 Office 應用程式 (對於列在更新通道的 Microsoft 365 Apps 支援版本表格內的版本)。- Office apps, for the versions listed in the table of supported versions for Microsoft 365 Apps by update channel, from Microsoft 365 Apps for Business or Microsoft 365 Business Premium, when the user is assigned a license for Azure Rights Management (also known as Azure Information Protection for Office 365).
- Microsoft 365 Apps 企業版- Microsoft 365 Apps for Enterprise
- Office 專業增強版 2019- Office Professional Plus 2019
- Office 專業增強版 2016- Office Professional Plus 2016
- Office 專業增強版 2013 (含 Service Pack 1)- Office Professional Plus 2013 with Service Pack 1
- Office 專業增強版 2010 (含 Service Pack 2)- Office Professional Plus 2010 with Service Pack 2

如需使用 Azure 資訊保護之先決條件的完整清單,請參閱 Azure 資訊保護需求For a full list of prerequisites to use Azure Information Protection, see Requirements for Azure Information Protection.

設定現有標籤以套用 [不可轉寄] 保護Configure an existing label to apply the Do Not Forward protection

  1. 開啟新的瀏覽器視窗並以全域系統管理員的身分登入 Azure 入口網站。然後瀏覽至 [Azure 資訊保護]。Open a new browser window and sign in to the Azure portal as a global admin. Then navigate to Azure Information Protection.

    例如,在資源、服務和文件的搜尋方塊中:輸入 [資訊],然後選取 [Azure 資訊保護]。For example, in the search box for resources, services, and docs: Start typing Information and select Azure Information Protection.

    若您不是全域管理員,請針對替代角色使用以下連結:登入 Azure 入口網站If you are not the global admin, use the following link for alternative roles: Signing in to the Azure portal

  2. 從 [分類] > [標籤] 功能表選項:在 [Azure 資訊保護 - 標籤] 窗格上,選取您要設定以套用保護的標籤。From the Classifications > Labels menu option: On the Azure Information Protection - Labels pane, select the label you want to configure to apply the protection.

  3. 在 [標籤] 窗格上,找到 [為包含此標籤的文件與電子郵件設定權限]。On the Label pane, locate Set permissions for documents and emails containing this label. 若先前已選取 [未設定] 或 [移除保護],則在選取 [保護] 時,系統就會自動開啟 [保護] 窗格。Select Protect, and the Protection pane automatically opens if Not configured or Remove Protection was previously selected.

    如果 [保護] 窗格沒有自動開啟,請選取 [保護]:If the Protection pane does not automatically open, select Protection:

    設定「Azure 資訊保護」標籤的保護

  4. 在 [保護] 窗格中,確認已選取 [Azure (雲端金鑰)]。On the Protection pane, make sure that Azure (cloud key) is selected.

  5. 選取 [設定使用者定義的權限 (預覽)]。Select Set user-defined permissions (Preview).

  6. 確認已選取下列選項:在 Outlook 中套用「不可轉寄」Make sure that the following option is selected: In Outlook apply Do Not Forward.

  7. 選取時,請清除下列選項:在 Word、Excel、PowerPoint 與檔案總管會提示使用者提供自訂權限If selected, clear the following option: In Word, Excel, PowerPoint and File Explorer prompt user for custom permissions.

  8. 按一下 [保護] 窗格上的 [確定],然後按一下 [標籤] 窗格上的 [儲存]。Click OK on the Protection pane, and then click Save on the Label pane.

您的標籤現在設定為僅在 Outlook 中顯示,而且會將 [不可轉寄] 保護套用至電子郵件。Your label is now configured to display in Outlook only, and apply the Do Not Forward protection to emails.

測試新的標籤Test your new label

已設定的標籤僅在 Outlook 中顯示,且當 Exchange Online 已針對 Office 365 郵件加密中的新功能設定時,適用於傳送至任何組織外部收件者的電子郵件。Your configured label displays only in Outlook and is suitable for emails sent to any recipient outside your organization when Exchange Online is configured for the new capabilities in Office 365 Message Encryption.

  1. 在您的電腦上,開啟 Outlook 並建立新的電子郵件訊息。On your computer, open Outlook and create a new email message. 如果 Outlook 已開啟,請重新啟動它以強制執行原則重新整理。If Outlook is already open, restart it to force a policy refresh.

  2. 指定收件者、電子郵件訊息的某些文字,然後再套用您剛才建立的標籤。Specify the recipients, some text for the email message, and then apply the label that you just created.

    電子郵件訊息會根據標籤名稱進行分類,並使用 [不可轉寄] 限制進行保護。The email message is classified according to the label name, and protected with the Do Not Forward restriction.

  3. 傳送電子郵件。Send the email.

結果是收件者無法將電子郵件轉寄或列印、複製、或儲存附件,或是將電子郵件另儲為不同的名稱。The result is that recipients cannot forward the email, or print it, copy from it, or save attachments, or save the email as a different name. 任何裝置上的任何使用者都可以讀取受保護的電子郵件訊息。The protected email message can be read by any user, on any device.

清除資源Clean up resources

如果您不想保留這項設定並傳回您的標籤以使其不會套用保護,請執行下列動作:Do the following if you do not want to keep this configuration and return your label such that it doesn't apply protection:

  1. 從 [分類] > [標籤] 功能表選項:在 [Azure 資訊保護 - 標籤] 窗格上,選取您已設定的標籤。From the Classifications > Labels menu option: On the Azure Information Protection - Labels pane, select the label you configured.

  2. 在 [標籤] 窗格上,找到 [為包含此標籤的文件與電子郵件設定權限],選取 [未設定],然後選取 [儲存]。On the Label pane, locate Set permissions for documents and emails containing this label, select Not configured, and select Save.

後續步驟Next steps

此快速入門中包含基本選項,以便您可以快速設定標籤,讓使用者可以輕鬆保護其電子郵件。This quickstart includes the minimum options so that you can quickly configure a label that makes it easy for users to protect their emails. 但是,如果設定過於受限或限制不夠,請參閱其他的範例設定:However, if the configuration is too restrictive, or not restrictive enough, see the other example configurations:

如需如何設定套用保護之標籤的完整指示,請參閱如何設定標籤以套用 Rights Management 保護For full instructions how to configure a label that applies protection, see How to configure a label for Rights Management protection.