快速入門:為使用者設定標籤,以便輕鬆地保護包含敏感性資訊的電子郵件Quickstart: Configure a label for users to easily protect emails that contain sensitive information

適用對象: Azure 資訊保護Applies to: Azure Information Protection

操作指示:適用於 Windows 的 Azure 資訊保護用戶端Instructions for: Azure Information Protection client for Windows

在此快速入門中,您將設定現有的標籤以自動套用 [不可轉寄] 保護設定。In this quickstart, you'll configure an existing label to automatically apply the Do Not Forward protection setting.

目前的 Azure 資訊保護原則已包含具有此設定的兩個標籤:The current Azure Information Protection policy already contains two labels that have this configuration:

  • 機密\僅限收件者Confidential \ Recipients Only

  • 極機密\僅限收件者Highly Confidential \ Recipients Only

不過,如果您的原則較舊,或者在您的組織原則建立時未啟用保護,則您不會擁有這些標籤。However, if your policy is older, or if protection wasn't activated at the time your organization's policy was created, you won't have these labels.

您可以在 5 分鐘內完成此設定。You can finish this configuration in 5 minutes.

必要條件Prerequisites

若要完成此快速入門,您需要:To complete this quickstart, you need:

  1. 包含 Azure 資訊保護方案 1 或方案 2 的訂用帳戶。A subscription that includes Azure Information Protection Plan 1 or Plan 2.

    如果您沒有這些訂用帳戶,您可以為您的組織建立免費帳戶。If you don't have one of these subscriptions, you can create a free account for your organization.

  2. 您已經將 [Azure 資訊保護] 刀鋒視窗新增到 Azure 入口網站,並確認保護服務已啟用。You've added the Azure Information Protection blade to the Azure portal, and confirmed that the protection service is activated.

    如果您需要這些動作的說明,請參閱快速入門:開始使用 Azure 入口網站If you need help with these actions, see Quickstart: Get started in the Azure portal.

  3. 要設定的現有 Azure 資訊保護標籤。An existing Azure Information Protection label to configure.

    您可以使用其中一個預設標籤,或您已建立的標籤。You can use one of the default labels, or a label that you've created. 如果您在建立新標籤時需要協助,請參閱快速入門:為特定使用者建立新的 Azure 資訊保護標籤If you need help with creating a new label, see Quickstart: Create a new Azure Information Protection label for specific users.

  4. 若要測試新的標籤:必須在使用者的電腦上安裝 Azure 資訊保護用戶端。To test the new label: The Azure Information Protection client must be installed on computers for users.

    若要自行嘗試標籤,您可以移至 Microsoft 下載中心 (英文),並從 [Azure 資訊保護] 頁面下載 AzInfoProtection.exe 來安裝用戶端。To try the label for yourself, you can install the client by going to the Microsoft download center and download AzInfoProtection.exe from the Azure Information Protection page.

  5. 若要測試新的標籤:執行 Windows (至少要是 Windows 7 Service Pack 1) 的電腦,而且在這部電腦上,您已從下列其中一個類別登入 Office 應用程式:To test the new label: A computer running Windows (minimum of Windows 7 with Service Pack 1), and on this computer, you're signed in to Office apps from one of the following categories:

    • 當您獲指派 Azure 版權管理授權 (也稱為適用於 Office 365 的 Azure 資訊保護) 時,來自 Office 365 商務版或 Microsoft 365 商務版的 Office 應用程式 (最低版本 1805、組建 9330.2078)。Office apps minimum version 1805, build 9330.2078 from Office 365 Business or Microsoft 365 Business when you are assigned a license for Azure Rights Management (also known as Azure Information Protection for Office 365).

    • Office 365 專業增強版。Office 365 ProPlus.

    • Office 專業增強版 2019。Office Professional Plus 2019.

    • Office 專業增強版 2016。Office Professional Plus 2016.

    • Office 專業增強版 2013 Service Pack 1。Office Professional Plus 2013 with Service Pack 1.

    • Office 專業增強版 2010 Service Pack 2。Office Professional Plus 2010 with Service Pack 2.

如需使用 Azure 資訊保護之先決條件的完整清單,請參閱 Azure 資訊保護需求For a full list of prerequisites to use Azure Information Protection, see Requirements for Azure Information Protection.

設定現有標籤以套用 [不可轉寄] 保護Configure an existing label to apply the Do Not Forward protection

  1. 開啟新的瀏覽器視窗並以全域系統管理員的身分登入 Azure 入口網站。然後瀏覽至 [Azure 資訊保護] 。Open a new browser window and sign in to the Azure portal as a global admin. Then navigate to Azure Information Protection.

    例如,在中樞功能表按一下 [所有服務] ,然後開始在 [篩選] 方塊中鍵入資訊For example, on the hub menu, click All services and start typing Information in the Filter box. 選取 [Azure 資訊保護] 。Select Azure Information Protection.

    若您不是全域管理員,請針對替代角色使用以下連結:登入 Azure 入口網站If you are not the global admin, use the following link for alternative roles: Signing in to the Azure portal

  2. 從 [分類] > [標籤] 功能表選項:在 [Azure 資訊保護 - 標籤] 刀鋒視窗中,選取您要設定以套用保護的標籤。From the Classifications > Labels menu option: On the Azure Information Protection - Labels blade, select the label you want to configure to apply the protection.

  3. 在 [標籤] 刀鋒視窗中,找到 [設定權限以保護包含此標籤的文件和電子郵件] 。On the Label blade, locate Set permissions for documents and emails containing this label. 選取 [保護] ,就會自動開啟 [保護] 刀鋒視窗 ( 若先前已選取 [尚未設定] 或 [移除保護] )。Select Protect, and the Protection blade automatically opens if Not configured or Remove Protection was previously selected.

    如果 [保護] 刀鋒視窗沒有自動開啟,請選取 [保護] :If the Protection blade does not automatically open, select Protection:

    設定「Azure 資訊保護」標籤的保護.

  4. 在 [保護] 刀鋒視窗中,請確認已選取 [Azure 雲端金鑰] 。On the Protection blade, make sure that Azure (cloud key) is selected.

  5. 選取 [設定使用者定義的權限 (預覽)] 。Select Set user-defined permissions (Preview).

  6. 確認已選取下列選項:在 Outlook 中套用「不可轉寄」Make sure that the following option is selected: In Outlook apply Do Not Forward.

  7. 選取時,請清除下列選項:在 Word、Excel、PowerPoint 與檔案總管會提示使用者提供自訂權限If selected, clear the following option: In Word, Excel, PowerPoint and File Explorer prompt user for custom permissions.

  8. 按一下 [保護] 刀鋒視窗上的 [確定] ,然後按一下 [標籤] 刀鋒視窗上的 [儲存] 。Click OK on the Protection blade, and then click Save on the Label blade.

您的標籤現在設定為僅在 Outlook 中顯示,並將 [不可轉寄] 保護套用至電子郵件。Your label is now configured to display in Outlook only, and apply the Do Not Forward protection to emails.

測試新的標籤Test your new label

已設定的標籤僅在 Outlook 中顯示,且當 Exchange Online 已針對 Office 365 郵件加密中的新功能設定時,適用於傳送至任何組織外部收件者的電子郵件。Your configured label displays only in Outlook and is suitable for emails sent to any recipient outside your organization when Exchange Online is configured for the new capabilities in Office 365 Message Encryption.

  1. 在您的電腦上,開啟 Outlook 並建立新的電子郵件訊息。On your computer, open Outlook and create a new email message. 如果 Outlook 已開啟,請重新啟動它以強制執行原則重新整理。If Outlook is already open, restart it to force a policy refresh.

  2. 指定收件者、電子郵件訊息的某些文字,然後再套用您剛才建立的標籤。Specify the recipients, some text for the email message, and then apply the label that you just created.

    電子郵件訊息會根據標籤名稱進行分類,並使用 [不可轉寄] 限制進行保護。The email message is classified according to the label name, and protected with the Do Not Forward restriction.

  3. 傳送電子郵件。Send the email.

結果,收件者無法將電子郵件轉寄或列印、複製、或儲存附件,或是將電子郵件另儲為不同的名稱。The result is that recipients cannot forward the email, or print it, copy from it, or save attachments, or save the email as a different name. 任何裝置上的任何使用者都可以讀取受保護的電子郵件訊息。The protected email message can be read by any user, on any device.

清除資源Clean up resources

如果您不想保留這項設定並傳回您的標籤以使其不會套用保護,請執行下列動作:Do the following if you do not want to keep this configuration and return your label such that it doesn't apply protection:

  1. 從 [分類] > [標籤] 功能表選項:在 [Azure 資訊保護 - 標籤] 刀鋒視窗上,選取您已設定的標籤。From the Classifications > Labels menu option: On the Azure Information Protection - Labels blade, select the label you configured.

  2. 在 [標籤] 刀鋒視窗中,找到 [為包含此標籤的文件與電子郵件設定權限] ,選取 [未設定] ,然後選取 [儲存] 。On the Label blade, locate Set permissions for documents and emails containing this label, select Not configured, and select Save.

接下來的步驟Next steps

此快速入門中包含基本選項,以便您可以快速設定標籤,讓使用者可以輕鬆保護其電子郵件。This quickstart includes the minimum options so that you can quickly configure a label that makes it easy for users to protect their emails. 但是,如果設定過於受限或限制不夠,請參閱其他的範例設定:However, if the configuration is too restrictive, or not restrictive enough, see the other example configurations:

如需如何設定套用保護之標籤的完整指示,請參閱如何設定標籤以套用 Rights Management 保護For full instructions how to configure a label that applies protection, see How to configure a label for Rights Management protection.