Azure 資訊保護統一標籤用戶端支援的檔案類型File types supported by the Azure Information Protection unified labeling client

適用于 Azure 資訊保護、Windows 10、Windows 8.1、Windows 8、Windows Server 2019、Windows Server 2016、windows Server 2012 R2、windows server 2012>Applies to Azure Information Protection, Windows 10, Windows 8.1, Windows 8, Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, Windows Server 2012>

如果您有 Windows 7 或 Office 2010,請參閱 AIP 和舊版 Windows 和 office 版本If you have Windows 7 or Office 2010, see AIP and legacy Windows and Office versions.

*適用于僅 AIP 統一標籤用戶端*Relevant for: AIP unified labeling client only. 若為傳統用戶端,請參閱 傳統用戶端檔案類型*For the classic client, see Classic client file types*

Azure 資訊保護統一標籤用戶端可以將下列內容套用至檔和電子郵件:The Azure Information Protection unified labeling client can apply the following to documents and emails:

  • 僅分類Classification only

  • 分類和保護Classification and protection

  • 僅保護Protection only

Azure 資訊保護統一標籤用戶端也可以使用已知的敏感性資訊類型或您定義的正則運算式,檢查某些檔案類型的內容。The Azure Information Protection unified labeling client can also inspect the content of some file types using well-known sensitive information types or regular expressions that you define.

使用下列資訊來檢查 Azure 資訊保護統一標籤用戶端支援的檔案類型、瞭解不同的保護層級,以及如何變更預設保護層級,以及識別哪些檔案會自動排除 (從分類和保護中略過) 。Use the following information to check which file types the Azure Information Protection unified labeling client supports, understand the different levels of protection and how to change the default protection level, and to identify which files are automatically excluded (skipped) from classification and protection.

針對列出的檔案類型,不支援 WebDav 位置。For the listed file types, WebDav locations are not supported.

僅支援分類的檔案類型File types supported for classification only

下列檔案類型即使未受保護也可以進行分類。The following file types can be classified even when they are not protected.

  • Adobe 可攜式文件格式:.pdfAdobe Portable Document Format: .pdf

  • Microsoft Project:.mpp、.mptMicrosoft Project: .mpp, .mpt

  • Microsoft Publisher:.pubMicrosoft Publisher: .pub

  • Microsoft XPS:.xps、.oxpsMicrosoft XPS: .xps .oxps

  • 影像:.jpg、.jpe、.jpeg、.jif、.jfif、.jfi。Images: .jpg, .jpe, .jpeg, .jif, .jfif, .jfi. png、.tif、.tiffpng, .tif, .tiff

  • Autodesk Design Review 2013:.dwfxAutodesk Design Review 2013: .dwfx

  • Adobe Photoshop:.psdAdobe Photoshop: .psd

  • Digital Negative:.dngDigital Negative: .dng

  • Microsoft Office:下表中的檔案類型。Microsoft Office: File types in the following table.

    針對這些檔案類型支援的檔案格式為下列 Office 程式的 97-2003 檔案格式與 Office Open XML 格式:Word、Excel 與 PowerPoint。The supported file formats for these file types are the 97-2003 file formats and Office Open XML formats for the following Office programs: Word, Excel, and PowerPoint.

    Office 檔案類型Office file type Office 檔案類型Office file type
    .doc.doc

    .docm.docm

    .docx.docx

    .dot.dot

    .dotm.dotm

    .dotx.dotx

    .potm.potm

    .potx.potx

    .pps.pps

    .ppsm.ppsm

    .ppsx.ppsx

    .ppt.ppt

    .pptm.pptm

    .pptx.pptx

    .vdw.vdw

    .vsd.vsd
    .vsdm.vsdm

    .vsdx.vsdx

    .vss.vss

    .vssm.vssm

    .vst.vst

    .vstm.vstm

    .vssx.vssx

    .vstx.vstx

    .xls.xls

    .xlsb.xlsb

    .xlt.xlt

    .xlsm.xlsm

    .xlsx.xlsx

    .xltm.xltm

    .xltx.xltx

其他檔案類型在受保護同時也支援分類。Additional file types support classification when they are also protected. 如需這些檔案類型,請參閱支援分類及保護的檔案類型一節。For these file types, see the Supported file types for classification and protection section.

範例:Examples:

  • 如果 [ 一般 敏感度] 標籤會套用分類,但不會套用保護:您可以將 [一般 ] 標籤套用至名為 sales.pdf 的檔案,但您無法將此標籤套用至名為 sales.txt 的檔案。If the General sensitivity label applies classification and does not apply protection: You could apply the General label to a file named sales.pdf but you could not apply this label to a file named sales.txt.

  • 如果 [ 機密 \ 所有員工 敏感度] 標籤會套用分類和保護:您可以將此標籤套用至名為 sales.pdf 的檔案,以及名為 sales.txt 的檔案。If the Confidential \ All Employees sensitivity label applies classification and protection: You could apply this label to a file named sales.pdf and a file named sales.txt. 您也可以只將保護套用至這些檔案,而不進行分類。You could also apply just protection to these files, without classification.

支援保護的檔案類型File types supported for protection

Azure 資訊保護統一標籤用戶端支援兩種不同層級的保護,如下表所述。The Azure Information Protection unified labeling client supports protection at two different levels, as described in the following table.

保護類型Type of protection 原生Native 泛型Generic
描述Description 針對文字、影像、Microsoft Office (Word、Excel、PowerPoint) 檔案、.pdf 檔案與其他支援 Rights Management 服務的應用程式檔案類型,原生保護提供了包含加密和強制執行權限的強力層級保護。For text, image, Microsoft Office (Word, Excel, PowerPoint) files, .pdf files, and other application file types that support a Rights Management service, native protection provides a strong level of protection that includes both encryption and enforcement of rights (permissions). 對於其他支援的檔案類型,一般保護提供一種保護層級,其中包括使用 .pfile 檔案類型的檔案封裝,以及驗證是否授權使用者開啟檔案。For other supported file types, generic protection provides a level of protection that includes both file encapsulation using the .pfile file type and authentication to verify if a user is authorized to open the file.
保護Protection 檔案保護的強制執行方式如下:Files protection is enforced in the following ways:

受保護的內容轉譯之前,透過電子郵件收到檔案或是透過檔案或共用權限存取檔案的人,必須成功通過驗證。- Before protected content is rendered, successful authentication must occur for those who receive the file through email or are given access to it through file or share permissions.

- 此外,當檔案受到保護時,若要在 Azure 資訊保護檢視器中 (對於受保護的文字與影像檔) 或已建立關聯的應用程式中 (對於所有其他支援的檔案類型) 轉譯內容時,將強制執行內容擁有者所設定的使用權限與原則。- Additionally, usage rights and policy that were set by the content owner when the files were protected are enforced when the content is rendered in either the Azure Information Protection viewer (for protected text and image files) or the associated application (for all other supported file types).
檔案保護會以下列方式強制執行:File protection is enforced in the following ways:

- 受保護的內容在轉譯之前,獲得開啟檔案授權和獲得檔案存取權的人員,必須成功通過驗證。- Before protected content is rendered, successful authentication must occur for people who are authorized to open the file and given access to it. 如果授權失敗,則檔案無法開啟。If authorization fails, the file does not open.

系統會顯示內容擁有者所設定的使用權限與原則,以通知授權使用者其預定使用原則。- Usage rights and policy set by the content owner are displayed to inform authorized users of the intended usage policy.

- 授權使用者開啟及存取檔案時,即進行稽核記錄。- Audit logging of authorized users opening and accessing files occurs. 不過,不會強制使用權限。However, usage rights are not enforced.
檔案類型的預設值Default for file types 這是下列檔案類型的預設保護層級:This is the default level of protection for the following file types:

- 文字和影像檔案- Text and image files

- Microsoft Office (Word、Excel、PowerPoint) 檔案- Microsoft Office (Word, Excel, PowerPoint) files

- 可攜式文件格式 (.pdf)- Portable document format (.pdf)

如需詳細資訊,請參閱下一節支援分類及保護的檔案類型For more information, see the following section, Supported file types for classification and protection.
這是為原生保護不支援的其他所有檔案類型 (如 .vsdx、.rtf 等等) 而提供的預設保護。This is the default protection for all other file types (such as .vsdx, .rtf, and so on) that are not supported by native protection.

您無法變更 Azure 資訊保護統一標籤用戶端或掃描器適用的預設保護層級。You cannot change the default protection level that the Azure Information Protection unified labeling client or the scanner applies. 不過,您可以變更受保護的檔案類型。However, you can change which file types are protected. 如需詳細資訊,請參閱 變更要保護的檔案類型For more information, see Change which file types to protect.

當使用者選取系統管理員已設定的敏感度標籤,或使用者可以使用 許可權等級來指定自己的自訂保護設定時,就可以自動套用保護。The protection can be applied automatically when a user selects a sensitivity label that an administrator has configured, or users can specify their own custom protection settings by using permission levels.

支援保護的檔案大小File sizes supported for protection

Azure 資訊保護統一標籤用戶端支援保護的檔案大小上限。There are maximum file sizes that the Azure Information Protection unified labeling client supports for protection.

針對 Office 檔案:For Office files:

Office 應用程式Office application 支援的檔案大小上限Maximum file size supported
Word 2010Word 2010

Word 2013Word 2013

Word 2016Word 2016
32 位元:512 MB32-bit: 512 MB

64 位元:512 MB64-bit: 512 MB
Excel 2010Excel 2010

Excel 2013Excel 2013

Excel 2016Excel 2016
32 位元:2 GB32-bit: 2 GB

64 位元:只受限於可用磁碟空間和記憶體64-bit: Limited only by available disk space and memory
PowerPoint 2010PowerPoint 2010

PowerPoint 2013PowerPoint 2013

PowerPoint 2016PowerPoint 2016
32 位元:只受限於可用磁碟空間和記憶體32-bit: Limited only by available disk space and memory

64 位元:只受限於可用磁碟空間和記憶體64-bit: Limited only by available disk space and memory

重要

Office 2010 延伸支援已于2020年10月13日結束。Office 2010 extended support ended on October 13, 2020. 如需詳細資訊,請參閱 AIP 和舊版 Windows 和 Office 版本For more information, see AIP and legacy Windows and Office versions.

對於所有其他檔案For all other files:

  • 若要保護其他檔案類型,並在 Azure 資訊保護檢視器中開啟這些檔案類型:檔案大小上限僅受限於可用磁碟空間和記憶體。To protect other file types, and to open these file types in the Azure Information Protection viewer: The maximum file size is limited only by available disk space and memory.

  • 若要 使用 RMSFile 指令程式 解除保護檔案: .pst 檔案支援的檔案大小上限為 5 GB。To unprotect files by using the Unprotect-RMSFile cmdlet: The maximum file size supported for .pst files is 5 GB. 其他檔案類型只受限於可用磁碟空間與記憶體Other file types are limited only by available disk space and memory

提示

若要在大型 .pst 檔案中搜尋或復原受保護的專案,請參閱 使用電子檔探索 Unprotect-RMSFile 的指引。To search or recover protected items in large .pst files, see the Guidance for using Unprotect-RMSFile for eDiscovery.

支援分類及保護的檔案類型Supported file types for classification and protection

下表列出 Azure 資訊保護統一標籤用戶端支援原生保護的檔案類型子集,而且也可以進行分類。The following table lists a subset of file types that support native protection by the Azure Information Protection unified labeling client, and that can also be classified.

由於這些檔案類型在受原生保護時,原始副檔名會變更,而這些檔案會變成唯讀,因此類型會分別識別。These file types are identified separately because when they are natively protected, the original file name extension is changed, and these files become read-only. 請注意,當檔案受到一般保護時,原始副檔名一律會變更為 .pfile。Note that when files are generically protected, the original file name extension is always changed to .pfile.

警告

如果您有防火牆、Web proxy 或會檢查並根據副檔名採取動作的安全性軟體,可能需要重新設定這些網路裝置及軟體以支援這些新的副檔名。If you have firewalls, web proxies, or security software that inspect and take action according to file name extensions, you might need to reconfigure these network devices and software to support these new file name extensions.

原始副檔名Original file name extension 受保護的副檔名Protected file name extension
.txt.txt .ptxt.ptxt
.xml.xml .pxml.pxml
.jpg.jpg .pjpg.pjpg
.jpeg.jpeg .pjpeg.pjpeg
.png.png .ppng.ppng
.tif.tif .ptif.ptif
.tiff.tiff .ptiff.ptiff
.bmp.bmp .pbmp.pbmp
.gif.gif .pgif.pgif
.jpe.jpe .pjpe.pjpe
.jfif.jfif .pjfif.pjfif
.jt.jt .pjt.pjt

下表列出 Azure 資訊保護統一標籤用戶端支援原生保護的其他檔案類型,而且也可以進行分類。The next table lists the remaining file types that support native protection by the Azure Information Protection unified labeling client, and that can also be classified. 您會發現這些檔案類型用於 Microsoft Office 應用程式。You will recognize these as file types for Microsoft Office apps. 針對這些檔案類型支援的檔案格式為下列 Office 程式的 97-2003 檔案格式與 Office Open XML 格式:Word、Excel 與 PowerPoint。The supported file formats for these file types are the 97-2003 file formats and Office Open XML formats for the following Office programs: Word, Excel, and PowerPoint.

這些檔案受 Rights Management Service 保護後副檔名維持不變。For these files, the file name extension remains the same after the file is protected by a Rights Management service.

Office 支援的檔案類型File types supported by Office Office 支援的檔案類型File types supported by Office
.doc.doc

.docm.docm

.docx.docx

.dot.dot

.dotm.dotm

.dotx.dotx

.potm.potm

.potx.potx

.pps.pps

.ppsm.ppsm

.ppsx.ppsx

.ppt.ppt

.pptm.pptm

.pptx.pptx

.vsdm.vsdm
.vsdx.vsdx

.vssm.vssm

.vssx.vssx

.vstm.vstm

.vstx.vstx

.xla.xla

.xlam.xlam

.xls.xls

.xlsb.xlsb

.xlt.xlt

.xlsm.xlsm

.xlsx.xlsx

.xltm.xltm

.xltx.xltx

.xps.xps

從分類和保護中排除的檔案類型File types that are excluded from classification and protection

為了協助防止使用者變更對電腦作業而言非常重要的檔案,系統會自動將某些檔案類型和資料夾從分類和保護中排除。To help prevent users from changing files that are critical for computer operations, some file types and folders are automatically excluded from classification and protection. 如果使用者嘗試使用 Azure 資訊保護統一標籤用戶端來分類或保護這些檔案,他們會看到一則訊息,指出已排除這些檔案。If users try to classify or protect these files by using the Azure Information Protection unified labeling client, they see a message that they are excluded.

  • 已排除的檔案類型:.lnk、.exe、.com、.cmd、.bat、.dll、.ini、.pst、.sca、.drm、.sys、.cpl、.inf、.drv、.dat、.tmp、.msp、.msi、.pdb、.jarExcluded file types: .lnk, .exe, .com, .cmd, .bat, .dll, .ini, .pst, .sca, .drm, .sys, .cpl, .inf, .drv, .dat, .tmp, .msp, .msi, .pdb, .jar

  • 已排除的資料夾Excluded folders:

    • WindowsWindows
    • Program Files (\Program Files 和 \Program Files (x86))Program Files (\Program Files and \Program Files (x86))
    • \ProgramData\ProgramData
    • \AppData (對於所有使用者)\AppData (for all users)

從 Azure 資訊保護掃描器的分類和保護中排除的檔案類型File types that are excluded from classification and protection by the Azure Information Protection scanner

根據預設,掃描器也會排除與 Azure 資訊保護統一標籤用戶端相同的檔案類型,但有下列例外狀況:By default, the scanner also excludes the same file types as the Azure Information Protection unified labeling client with the following exceptions:

  • 也會排除 .msg、.rtf 和 rar.msg, .rtf, and .rar, are also excluded

您可以變更掃描器進行檔案檢查時所包含或排除的檔案類型:You can change the file types included or excluded for file inspection by the scanner:

  • 使用 Azure 入口網站,在掃描器設定檔中設定 要掃描的檔案類型Configure File types to scan in the scanner profile, by using the Azure portal.

    注意

    如果您包含 .rtf 檔案以進行掃描,請小心監視掃描器。If you include .rtf files for scanning, carefully monitor the scanner. 掃描器無法成功檢查某些 .rtf 檔案,對於這些檔案來說,檢查並未完成,因此必須重新啟動服務。Some .rtf files cannot be successfully inspected by the scanner and for these files, the inspection doesn't complete and the service must be restarted.

根據預設,掃描器只會保護 Office 檔案類型,以及使用 ISO 標準進行 PDF 加密而受到保護的 PDF 檔案。By default, the scanner protects only Office file types, and PDF files when they are protected by using the ISO standard for PDF encryption. 若要變更掃描器的這種行為,請使用 PowerShell advanced 設定 PFileSupportedExtensionsTo change this behavior for the scanner, use the PowerShell advanced setting, PFileSupportedExtensions. 如需詳細資訊,請參閱使用 PowerShell 變更掃描器部署指示中 所保護的檔案類型For more information, see Use PowerShell to change which file types are protected from the scanner deployment instructions.

檔案依預設不受保護Files that cannot be protected by default

受密碼保護的任何檔案都不會受到 Azure 資訊保護統一標籤用戶端的原生保護,除非檔案目前已在套用保護的應用程式中開啟。Any file that is password-protected cannot be natively protected by the Azure Information Protection unified labeling client unless the file is currently open in the application that applies the protection. 您最常看到的是受密碼保護的 PDF 檔案,但其他應用程式,例如 Office 應用程式,也提供這項功能。You most often see PDF files that are password-protected but other applications, such as Office apps, also offer this functionality.

容器檔案的限制 (例如 .zip 檔案)Limitations for container files, such as .zip files

如需詳細資訊,請參閱 Azure 資訊保護已知問題For more information, see the Azure Information Protection known issues.

支援檢查的檔案類型File types supported for inspection

如果沒有任何額外的設定,Azure 資訊保護統一標籤用戶端就會使用 Windows IFilter 來檢查檔的內容。Without any additional configuration, the Azure Information Protection unified labeling client uses Windows IFilter to inspect the contents of documents. Windows Search 會使用 Windows IFilter 編製索引。Windows IFilter is used by Windows Search for indexing. 因此,當您使用 Set-aipfileclassification PowerShell 命令時,可以檢查下列檔案類型。As a result, the following file types can be inspected when you use the Set-AIPFileClassification PowerShell command.

應用程式類型Application type 檔案類型File type
WordWord 合適.docx;. docm;..... dotx.doc; docx; .docm; .dot; .dotm; .dotx
ExcelExcel .xls; .xlt; .xlsx; .xltx; .xltm; .xlsm; .xlsb.xls; .xlt; .xlsx; .xltx; .xltm; .xlsm; .xlsb
PowerPointPowerPoint .ppt; .pps; .pot; .pptx; .ppsx; .pptm; .ppsm; .potx; .potm.ppt; .pps; .pot; .pptx; .ppsx; .pptm; .ppsm; .potx; .potm
PDFPDF .pdf.pdf
TextText .txt; .xml; .csv.txt; .xml; .csv

進行其他設定後,即可檢查其他檔案類型。With additional configuration, other file types can also be inspected. 例如,您可登錄自訂副檔名,以對文字檔使用現有的 Windows 篩選處理常式,也可以安裝軟體廠商提供的其他篩選。For example, you can register a custom file name extension to use the existing Windows filter handler for text files, and you can install additional filters from software vendors.

若要檢查安裝了哪些篩選,請參閱 Windows Search 開發人員指南的 Finding a Filter Handler for a Given File Extension (尋找指定副檔名的篩選處理常式) 一節。To check what filters are installed, see the Finding a Filter Handler for a Given File Extension section from the Windows Search Developer's Guide.

以下章節有檢查 .zip 檔案及 .tiff 檔案的設定指示。The following sections have configuration instructions to inspect .zip files, and .tiff files.

檢查 .zip 檔案To inspect .zip files

當您遵循以下指示時,Azure 資訊保護掃描器及 Set-AIPFileClassification PowerShell 命令就可以檢查 .zip 檔案:The Azure Information Protection scanner and the Set-AIPFileClassification PowerShell command can inspect .zip files when you follow these instructions:

  1. 若為執行掃描器或 PowerShell 工作階段的電腦,請安裝 Office 2010 Filter Pack SP2For the computer running the scanner or the PowerShell session, install the Office 2010 Filter Pack SP2.

  2. 針對掃描器:尋找敏感性資訊之後,如果應該使用標籤來分類 .zip 檔案並加以保護,請使用 PowerShell advanced 設定 PFileSupportedExtensions 指定 .zip 副檔名,如 使用 powershell 變更哪些檔案類型受 掃描器的部署指示所述。For the scanner: After finding sensitive information, if the .zip file should be classified and protected with a label, specify the .zip file name extension with the PowerShell advanced setting, PFileSupportedExtensions, as described in Use PowerShell to change which file types are protected from the scanner deployment instructions.

執行這些步驟後的範例案例:Example scenario after doing these steps:

名為 accounts.zip 的檔案包含內有信用卡號碼的 Excel 試算表。A file named accounts.zip contains Excel spreadsheets with credit card numbers. 您有一個名為 [ 機密 \ 財務] 的敏感度標籤,其設定為探索信用卡號碼,並自動套用具有保護的標籤,以限制存取財務群組。You have a sensitivity label named Confidential \ Finance, which is configured to discover credit card numbers and automatically apply the label with protection that restricts access to the Finance group.

檢查檔案之後,來自您 PowerShell 會話的統一標籤用戶端會將此檔案分類為 機密 \ 財務、將一般保護套用至檔案,如此一來,只有財務群組的成員才能將它解壓縮,並將檔案重新命名 accounts.zip .pfileAfter inspecting the file, the unified labeling client from your PowerShell session classifies this file as Confidential \ Finance, applies generic protection to the file so that only members of the Finance groups can unzip it, and renames the file accounts.zip.pfile.

使用 OCR 檢查 .tiff 檔案To inspect .tiff files by using OCR

當您安裝 Windows TIFF IFilter 功能時, >set-aipfileclassiciation PowerShell 命令可使用光學字元辨識 (OCR) 來檢查具有 tiff 副檔名的 tiff 影像,然後在執行 PowerShell 會話的電腦上設定 Windows tiff ifilter 設定The Set-AIPFileClassiciation PowerShell command can use optical character recognition (OCR) to inspect TIFF images with a .tiff file name extension when you install the Windows TIFF IFilter feature, and then configure Windows TIFF IFilter Settings on the computer running the PowerShell session.

針對掃描器:尋找敏感性資訊之後,如果應該使用標籤來分類 tiff 檔案並加以保護,請使用 PowerShell advanced 設定 PFileSupportedExtensions 指定此副檔名,如使用 powershell 來變更掃描器部署指示中所 保護的檔案類型For the scanner: After finding sensitive information, if the .tiff file should be classified and protected with a label, specify this file name extension with the PowerShell advanced setting, PFileSupportedExtensions, as described in Use PowerShell to change which file types are protected from the scanner deployment instructions.

後續步驟Next steps

既然您已找出 Azure 資訊保護統一標籤用戶端所支援的檔案類型,請參閱下列資源,以取得支援此用戶端可能需要的其他資訊:Now that you've identified the file types supported by the Azure Information Protection unified labeling client, see the following resources for additional information that you might need to support this client: