快速入門:在 Azure 入口網站中開始使用 Azure 資訊保護Quickstart: Get started with Azure Information Protection in the Azure portal

適用對象: Azure 資訊保護Applies to: Azure Information Protection

在此快速入門中,您會將 Azure 資訊保護新增至 Azure 入口網站、確認保護服務已啟用、建立預設標籤 (如果您還沒有標籤),以及檢視 Azure 資訊保護用戶端 (傳統) 的原則設定。In this quickstart, you'll add Azure Information Protection to the Azure portal, confirm the protection service is activated, create default labels if you don't already have labels, and view the policy settings for the Azure Information Protection client (classic).

您可以在 10 分鐘內完成此快速入門。You can finish this quickstart in less than 10 minutes.

必要條件Prerequisites

若要完成此快速入門,您需要:To complete this quickstart, you need:

  • 包含 Azure 資訊保護方案 1 或方案 2 的訂用帳戶。A subscription that includes Azure Information Protection Plan 1 or Plan 2.

    如果您沒有這些訂用帳戶,您可以為您的組織建立免費帳戶。If you don't have one of these subscriptions, you can create a free account for your organization.

如需使用 Azure 資訊保護之先決條件的完整清單,請參閱 Azure 資訊保護需求For a full list of prerequisites to use Azure Information Protection, see Requirements for Azure Information Protection.

將 Azure 資訊保護新增到 Azure 入口網站Add Azure Information Protection to the Azure portal

Azure 資訊保護無法在 Azure 入口網站中自動取得。Azure Information Protection isn't automatically available in the Azure portal. 您必須新增它。You must add it.

  1. 使用您租用戶的全域管理員帳戶登入 Azure 入口網站Sign in to the Azure portal by using the global admin account for your tenant.

    若您不是全域管理員,請針對替代角色使用以下連結:登入 Azure 入口網站If you are not the global admin, use the following link for alternative roles: Signing in to the Azure portal

  2. 在 [中樞] 功能表中,選取 [建立資源] ,然後從 Marketplace 的搜尋方塊中,輸入 Azure 資訊保護On the hub menu, select Create a resource, and then, from the search box for the Marketplace, type Azure Information Protection.

  3. 從結果清單中,選取 [Azure 資訊保護] 。From the results list, select Azure Information Protection. 然後在 [Azure 資訊保護] 刀鋒視窗中,按一下 [建立] 。Then on the Azure Information Protection blade, click Create.

    提示

    或者,可以選取 [釘選到儀表板] ,在儀表板上建立 [Azure 資訊保護] 磚,以便您可以在下次登入入口網站時略過瀏覽步驟。Optionally, select Pin to dashboard to create an Azure Information Protection tile on your dashboard, so that you can skip browsing to the service the next time you sign in to the portal.

    再次按一下 [建立] 。Click Create again.

確認保護服務已啟用Confirm the protection service is activated

系統現在會自動為新的客戶啟用保護服務,但建議您確認它不需要手動啟用。The protection service is now automatically activated for new customers, but it's a good idea to confirm it doesn't need manually activating.

  1. 在 [Azure 資訊保護] 刀鋒視窗上,選取 [管理] > [保護啟用] 。On the Azure Information Protection blade, select Manage > Protection activation.

  2. 確認是否已針對租用戶啟用保護:Confirm whether protection is activated for your tenant:

    • 如果已啟用保護,您就會看到下列確認:If protection is activated, you see the following confirmation:

      Azure RMS 的 Azure 資訊保護狀態 - 已啟用

    • 如果未啟用保護,您就會看到其反映在狀態資訊中,以及要啟用的選項:If protection is not activated, you see this reflected in the status information, and the option to activate:

      Azure RMS 的 Azure 資訊保護狀態 - 未啟用

  3. 如果未啟用保護,請選取 [啟用] 。If protection isn't activated, select Activate.

    啟用完成時,資訊列會顯示 [Activation finished successfully (啟用成功完成)] 。When activation is complete, the information bar displays Activation finished successfully.

建立和發佈標籤Create and publish labels

您的組織可能已經有標籤,因為系統會為租用戶自動建立標籤,或者因為您的 Office 365 安全性與合規性中心、Microsoft 資訊安全中心或 Microsoft 合規性中心中有敏感度標籤。Your organization might already have labels because they were automatically created for your tenant, or because you have sensitivity labels in the Office 365 Security & Compliance center, the Microsoft security center, or the Microsoft compliance center. 讓我們來看看:Let's take a look:

  1. 選取 [分類] > [標籤] :Select Classifications > Labels:

    如果您看到 [產生預設標籤] 選項,表示您還沒有任何標籤:If you see the option Generate default labels, you don't yet have any labels:

    Azure 資訊保護沒有預設標籤

    如果您看不到產生預設標籤的這個選項,表示您已經有標籤,也許類似下圖的標籤,也就是 Azure 資訊保護的預設標籤:If you don't see this option to generate default labels, you already have labels, perhaps similar to those in the following picture, which are the default labels for Azure Information Protection:

    Azure 資訊保護預設標籤

  2. 如果您還沒有標籤,選取 [產生預設標籤] 這個選項。If you don't yet have labels, select that option to Generate default labels.

  3. 若要為所有使用者發佈標籤,請從 [分類] > [原則] > [全域] :To publish the labels for all users, from Classifications > Policies > Global:

    a.a. 選取 [新增或移除標籤] 。Select Add or remove labels.

    b.b. [原則:新增或移除標籤] 刀鋒視窗中選取所有標籤,然後選取 [確定] 。From the Policy: Add or remove labels blade, select all the labels, and then select OK.

    c.c. 返回 [原則:全域] 刀鋒視窗中,選取 [儲存] 。Back on the Policy: Global blade, select Save.

在 Azure 入口網站中發佈標籤可讓它們供 Azure 資訊保護用戶端 (傳統) 使用。Publishing the labels in the Azure portal makes them available for the Azure Information Protection client (classic).

檢視標籤View your labels

選取 [分類] > [標籤] ,然後花幾分鐘時間熟悉 [Azure 資訊保護 - 標籤] 刀鋒視窗上顯示的標籤。Select Classifications > Labels, and spend a few minutes familiarizing yourself with the labels that are displayed on the Azure Information Protection - Labels blade.

如果這些標籤看起來沒有與上一節圖片中的標籤類似,表示您不是使用 Azure 資訊保護的預設標籤,而是使用可能從 Office 365 安全性與合規性中心、Microsoft 365 安全性中心,或 Microsoft 365 合規性中心建立的標籤。If they don't look similar to the labels in the picture from the previous section, you aren't using default labels from Azure Information Protection but labels that might have been created from the Office 365 Security & Compliance Center, the Microsoft 365 Security center, or the Microsoft 365 Compliance center.

提示

如果您不想要使用您的自訂標籤,請改用 Azure 資訊保護的預設標籤:If you don't want to use your custom labels, but instead, use default labels from Azure Information Protection:

  • 刪除自訂標籤,您就會在 [標籤] 刀鋒視窗中看到產生預設標籤的選項,如上一節中所述。Delete the custom labels and you then see the option to generate default labels in the Labels blade, as described in the previous section.

從 [Azure 資訊保護 - 標籤] 刀鋒視窗:From the Azure Information Protection - Labels blade:

  • 分類的預設標籤包括 [個人] 、[公用] 、[一般] 、[機密] 和 [極機密] 。The default labels for classification are Personal, Public, General, Confidential, and Highly Confidential. 最後兩個標籤會展開以顯示子標籤,如此可提供分類如何具有子類別的範例。The last two labels expand to show sublabels, which provide examples of how a classification can have subcategories.

  • 從 [標記] 和 [保護] 資料行中,您可以看到有些標籤已設定視覺標記。From the MARKING and PROTECTION columns, you can see that some labels have visual markings configured. 視覺標記是頁尾、頁首和浮水印。The visual markers are a footer, header, and watermark. 有些標籤可能也已經設定保護。Some labels might also have protection set.

例如:For example:

Azure 資訊保護快速入門的預設標籤概觀

如果您選取某個標籤時,您會在新的刀鋒視窗上看到該標籤設定的詳細資料。If you select a label, you see details for that label configuration on a new blade.

檢視原則設定View your policy settings

第一次使用 Azure 入口網站連線到 Azure 資訊保護服務時,一律會為您建立 Azure 資訊保護用戶端 (傳統) 所使用的預設原則設定。The first time you connect to the Azure Information Protection service by using the Azure portal, default policy settings are always created for you that are used by the Azure Information Protection client (classic). 針對此傳統用戶端,我們所檢視的原則設定及標籤會下載到 Azure 資訊保護原則中的用戶端。For the classic client, policy settings and the labels we viewed are downloaded to the client in the Azure Information Protection policy.

如果您使用的是 Azure 資訊保護統一標籤用戶端,則此用戶端不會使用這些原則設定。If you are using the Azure Information Protection unified labeling client, this client does not use these policy settings. 但是,此用戶端會從 Office 365 安全性與合規性中心、Microsoft 365 合規性中心,或 Microsoft 365 安全性中心下載相同的標籤但不同的原則設定。Instead, this client downloads the same labels but different policy settings from the Office 365 Compliance & Security Center, the Microsoft 365 Compliance center, or the Microsoft 365 Security center. 使用這些系統管理中心來編輯您的標籤與標籤原則,而不是使用 Azure 入口網站。Use those admin centers to edit your labels and label policies instead of the Azure portal.

檢視傳統用戶端的預設 Azure 資訊保護原則設定:To view the default Azure Information Protection policy settings for the classic client:

  1. 選取 [分類] > [原則] > [全域] ,以顯示為您的租用戶建立的預設 Azure 資訊保護原則設定。Select Classifications > Policies > Global to display the default Azure Information Protection policy settings that are created for your tenant.

  2. 在標籤後面的 [設定要在資訊保護終端使用者上顯示及套用的設定] 區段中,您可以看到原則設定。After the labels, in the Configure settings to display and apply on Information Protection end users section, you see the policy settings. 例如,未設定任何預設標籤、文件及電子郵件都不必具備標籤、而使用者變更標籤時不需要提供理由:For example, there is no default label set, documents and emails are not required to have a label, and users do not have to provide justification when they change labels:

    Azure Information Protection 原則全域設定

  3. 您現在可以在入口網站中關閉已開啟的所有刀鋒視窗。You can now close any blades in the portal that you have opened.

後續步驟Next steps

如果您是使用傳統用戶端:If you are using the classic client:

如果您是使用統一標籤用戶端:If you are using the unified labeling client:

不確定這些用戶端之間的差異嗎?Not sure of the difference between these clients? 請參閱這份常見問題集See this FAQ.