快速入門:為特定使用者建立新的 Azure 資訊保護標籤Quickstart: Create a new Azure Information Protection label for specific users

適用對象: Azure 資訊保護Applies to: Azure Information Protection

操作指示:適用於 Windows 的 Azure 資訊保護用戶端Instructions for: Azure Information Protection client for Windows

在此快速入門中,您將建立一個新的 [Azure 資訊保護] 標籤,該標籤僅限特定使用者可以使用,並可針對其文件和電子郵件套用以進行分類和保護。In this quickstart, you'll create a new Azure Information Protection label that only specific users can see and apply to classify and protect their documents and emails.

此設定使用範圍原則。This configuration uses a scoped policy.

您可以在 10 分鐘內完成此設定。You can finish this configuration in less than 10 minutes.

必要條件Prerequisites

若要完成此快速入門,您需要:To complete this quickstart, you need:

  1. 包含 Azure 資訊保護方案 1 或方案 2 的訂用帳戶。A subscription that includes Azure Information Protection Plan 1 or Plan 2.

    如果您沒有這些訂用帳戶,您可以為您的組織建立免費帳戶。If you don't have one of these subscriptions, you can create a free account for your organization.

  2. 您已經將 [Azure 資訊保護] 刀鋒視窗新增到 Azure 入口網站,並確認保護服務已啟用。You've added the Azure Information Protection blade to the Azure portal, and confirmed that the protection service is activated.

    如果您需要這些動作的說明,請參閱快速入門:開始使用 Azure 入口網站If you need help with these actions, see Quickstart: Get started in the Azure portal.

  3. Azure AD 中啟用電子郵件功能之群組所包含的使用者,將會看到新的標籤並套用。An emailed-enabled group in Azure AD that contains the users who will see and apply the new label.

    如果您沒有適合的群組,請建立一個名為銷售小組的群組,並新增至少一個使用者。If you don't have a suitable group, create one named Sales Team and add at least one user.

  4. 若要測試新的標籤:Windows 電腦上必須安裝 Azure 資訊保護用戶端 (傳統)。To test the new label: The Azure Information Protection client (classic) must be installed on a Windows computer.

    您可以移至 Microsoft 下載中心 (英文),並從 [Azure 資訊保護] 頁面下載 AzInfoProtection.exe 來安裝傳統用戶端。You can install the classic client by going to the Microsoft download center and download AzInfoProtection.exe from the Azure Information Protection page.

    如果對傳統用戶端使用不同的標籤用戶端,請參閱 Office 文件,以取得與此教學課程相同的指示。If are using a different labeling client to the classic client, see the Office documentation for equivalent instructions to this tutorial. 例如,敏感度標籤概觀For example, Overview of sensitivity labels.

如需使用 Azure 資訊保護之先決條件的完整清單,請參閱 Azure 資訊保護需求For a full list of prerequisites to use Azure Information Protection, see Requirements for Azure Information Protection.

建立新的標籤Create a new label

首先,建立新的標籤。First, create your new label.

  1. 如果您尚未這樣做,請開啟新的瀏覽器視窗,並登入 Azure 入口網站If you haven't already done so, open a new browser window and sign in to the Azure portal. 然後瀏覽至 [Azure Information Protection] 刀鋒視窗。Then navigate to the Azure Information Protection blade.

    例如,在中樞功能表按一下 [所有服務] ,然後開始在 [篩選] 方塊中鍵入資訊For example, on the hub menu, click All services and start typing Information in the Filter box. 選取 [Azure 資訊保護] 。Select Azure Information Protection.

    若您不是全域管理員,請針對替代角色使用以下連結:登入 Azure 入口網站If you are not the global admin, use the following link for alternative roles: Signing in to the Azure portal

  2. 從 [分類] > [標籤] 功能表選項:在 [Azure 資訊保護 - 標籤] 刀鋒視窗上,按一下 [新增標籤] 。From the Classifications > Labels menu option: On the Azure Information Protection - Labels blade, click Add a new label.

  3. 在 [標籤] 刀鋒視窗中,至少指定下列項目:On the Label blade, specify at least the following:

    • 標籤顯示名稱:使用者將會看到的新標籤名稱,並用來識別內容的分類。Label display name: A name for the new label that users will see, and that identifies the classification for the content. 例如:Sales - RestrictedFor example: Sales - Restricted.

    • 描述:協助使用者識別何時要選取此新標籤的工具提示。Description: A tooltip to help users identify when to select this new label. 例如:Business data that is restricted to the Sales Team.For example: Business data that is restricted to the Sales Team.

  4. 確定 [已啟用] 設為 [開啟] (預設值),並選取 [儲存] 。Make sure that Enabled is set to On (the default), and select Save.

將標籤新增至新的範圍原則Add the label to a new scoped policy

現在,將新建立的標籤新增至新的範圍原則。Now, add your newly created label to a new scoped policy.

  1. 從 [分類] > [原則] 功能表選項:在 [Azure 資訊保護 - 原則] 刀鋒視窗上,選取 [新增原則] 。From the Classifications > Policies menu option: On the Azure Information Protection - Policies blade, select Add a new policy.

  2. 在 [原則] 刀鋒視窗中,在 [原則名稱] 方塊輸入可識別群組的名稱,群組內的使用者將會看到您新建立的標籤。On the Policy blade, for the Policy name box, enter a name that identifies the group of users who will see your new created label. 例如,SalesFor example, Sales.

  3. 選取 [選取取得此原則的使用者或群組] 。Select the option Select which users or groups get this policy.

  4. 在 [AAD 使用者與群組] 刀鋒視窗中,選取 [使用者/群組] 。On the AAD users and Groups blade, select Users/Groups. 然後在新的 [使用者/群組] 刀鋒視窗上,搜尋並選取您在先決條件中識別的群組。Then on the new Users/Groups blade, search for and select the group that you identified in the prerequisites. 例如,銷售小組For example, Sales Team. 在該刀鋒視窗上按一下 [選取] ,然後 [確定] 。Click Select on that blade, and then OK.

  5. 返回 [原則] 刀鋒視窗,選取[新增或移除標籤] 。Back on the Policy blade, select Add or remove labels.

  6. 在 [原則:新增或移除標籤] 刀鋒視窗上,選取您建立的標籤,例如 [銷售 - 受限制的] ,然後選取 [確定] 。On the Policy: Add or remove labels blade, select the label that you created, for example, Sales - Restricted, and then select OK.

  7. 返回 [原則] 刀鋒視窗,選取 [儲存] 。Back on the Policy blade, select Save.

您的新標籤現在只會發佈給您所指定之群組的成員。Your new label is now published just to the members of the group that you specified.

測試新的標籤Test your new label

若要測試此標籤,您需要至少兩台電腦,因為 Azure 資訊保護用戶端不支援相同電腦上的多個使用者:To test this label, you need a minimum of two computers because the Azure Information Protection client does not support multiple users on the same computer:

  • 在您的第一部電腦上,使用「銷售小組」群組的成員身分登入。On your first computer, sign in as a member of the Sales Team group. 開啟 Word,然後確認您可以看到新的標籤。Open Word and confirm that you can see the new label. 如果 Word 已開啟,請重新啟動它以強制執行原則重新整理。If Word is already open, restart it to force a policy refresh.

  • 在您的第二部電腦上,使用非「銷售小組」群組成員的使用者登入。On your second computer, sign in as a user who isn't a member of the Sales Team group. 開啟 Word,然後確認您無法看到新的標籤。Open Word and confirm that you can't see the new label. 同樣地,如果 Word 已經開啟,請重新啟動它。As before, if Word is already open, restart it.

清除資源Clean up resources

如果您不想保留此標籤和範圍原則,請執行下列動作:Do the following if you do not want to keep this label and scoped policy:

  1. 從 [分類] > [原則] 功能表選項:在 [Azure 資訊保護 - 原則] 刀鋒視窗中,針對您建立的範圍原則選取操作功能表 ( ... )。From the Classifications > Policies menu option: On the Azure Information Protection - Policies blade, select the context menu (...) for the scoped policy you just created. 例如,銷售For example, Sales.

  2. 選取 [刪除原則] ,如果系統要求您確認,請選取 [確定] 。Select Delete policy and if you're asked to confirm, select OK.

  3. 從 [分類] > [標籤] 功能表選項:在 [Azure 資訊保護 - 標籤] 刀鋒視窗中,針對您剛建立的標籤選取操作功能表 ( ... )。From the Classifications > Label menu option: On the Azure Information Protection - Label blade, select the context menu (...) for the label you just created. 例如,[銷售 - 受限制的] 。For example, Sales - Restricted.

  4. 選取 [刪除這個標籤] ,如果系統要求您確認,請選取 [確定] 。Select Delete this label and if you're asked to confirm, select OK.

接下來的步驟Next steps

此快速入門包含基本選項,可讓您快速為特定使用者建立新的標籤。This quickstart includes the minimum options so that you can quickly create a new label for specific users. 如需完整指示,請參閱下列文章:For full instructions, see the following articles:

此外,如果您想要讓標籤保護某些內容,使得只有銷售小組的成員可以開啟,您將需要設定標籤以套用保護。In addition, if you want the label to protect the content such that only members of the Sales Team could open it, you will need to configure the label to apply protection. 如需指示,請參閱如何設定 Rights Management 保護的標籤For instructions, see How to configure a label for Rights Management protection.