原則提示Policy Tips

您可以協助防止貴組織的 Microsoft Outlook、 Outlook Web App (OWA) 和裝置的 OWA 電子郵件從不當所建立的資料遺失防護 (DLP) 原則包含原則提示通知傳送機密資訊的使用者郵件。類似於 Microsoft Exchange Server 2010 中所引進的寄件提醒、 原則提示通知郵件會顯示在 Outlook 中的使用者他們所撰寫的電子郵件時。原則提示通知郵件只顯示如果寄件者的電子郵件訊息的相關的某個項目似乎違反您已經備妥的 DLP 原則及原則包含以符合您所建立的條件時通知寄件者的規則。觀賞此影片以深入了解。You can help to prevent your organization's Microsoft Outlook, Outlook Web App (OWA), and OWA for Devices email users from inappropriately sending sensitive information by creating data loss prevention (DLP) policies that include Policy Tip notification messages. Similar to MailTips that were introduced in Microsoft Exchange Server 2010, Policy Tip notification messages are displayed to users in Outlook while they are composing an email message. Policy Tip notification messages only show up if something about the sender's email message seems to violate a DLP policy that you have in place and that policy includes a rule to notify the sender when the conditions that you establish are met. Watch this video to learn more.

為您的電子郵件寄件者顯示原則提示,規則必須包含的通知寄件者以原則提示巨集指令。您可以新增此規則編輯器從 Exchange 系統管理中心中。如需詳細資訊,請參閱管理原則提示In order to show Policy Tips to your email senders, your rules must include the Notify the sender with a Policy Tip action. You can add this in the rules editor from the Exchange Administration Center. For more information, see Manage policy tips.

傳輸規則代理程式會強制 DLP 原則不會不區分電子郵件附件、 本文或主旨行時評估郵件與您的原則中的條件。例如,如果使用者建立的郵件內文中包含信用卡號,並嘗試郵件的地址給組織外部收件者的電子郵件,然後原則提示通知郵件可以顯示 Outlook 或 Ou 中的使用者tlook 提醒它們對這類資訊貴企業的期望的 Web 應用程式。不過,這種通知類型將僅顯示是否您已設定會限制所述; 範例動作的 DLP 原則在此例中將新增至信用卡資料訊息標頭的外部電子郵件別名。有極各種條件、 動作和可供選時建立 DLP 原則的例外狀況。此各種可讓您針對您的資料遺失防護努力量身設定符合您特定的組織需求的方式。The transport rule agent that enforces DLP policies does not differentiate between email message attachments, body text, or subject lines while evaluating messages and the conditions within your policies. For example, if a user creates an email message that includes a credit card number in the body of the message and then attempts to address the message to a recipient outside your organization, then a Policy Tip notification message can be shown to that user in Outlook or Outlook Web App reminding them of your enterprise's expectations for such information. However, this type of notification will only show up if you have configured a DLP policy that restricts the example actions described; in this case adding an external email alias to the header of a message with credit card data. There is a great variety of conditions, actions, and exceptions you can choose from while creating DLP policies. This variety allows you to tailor your data loss prevention efforts in a way that meets your specific organization's needs.

每當您使用 [通知寄件者] 動作或覆寫動作內規則] 中,我們建議您組織內也包含從傳送郵件的條件。您可以這麼做使用原則規則編輯器新增下列條件:寄件者位於...> 在組織內。深入了解變更現有的 DLP 原則在管理 DLP 原則。這是最佳作法是建議因為通知寄件者動作會套用您的公司訊息建立經驗的一部分。引用巨集指令的寄件者是公司內的訊息的作者。簡報者原則提示的使用者互動無法起的內送郵件使用者與寄件者位於您組織外部時將會被忽略。您可以套用至掃描內送郵件並採取的動作各種 DLP 原則,但當您這麼做,不要為首行新增 [通知寄件者] 動作。Any time you use either the notify sender action or an override action within a rule, we recommend that you also include the condition that the message was sent from within your organization. You can do this by using the policy rules editor to add the following condition: The sender is located… > inside the organization. Learn more about changing existing DLP policies at Manage DLP Policies. This is a best practice recommendation because the notify sender action is applied as part of your company's message creation experience. The senders referred to by the action are the authors of messages within your company. The user interaction presented by Policy Tips cannot be acted upon by your users for incoming messages and will be ignored when the sender is located outside your organization. You can apply DLP policies to scan incoming messages and take a variety of actions, but when you do this, don't add the notify sender action.

如果組織中正在進行撰寫郵件動作的寄件者透過原則提示通知即時注意到組織期望與標準,則較不會違反組織要強制的標準。If email senders in your organization who are in the act of composing a message are made aware of your organizational expectations and standards in real time through Policy Tip notifications, then they are less likely to violate standards that your organization wants to enforce.

注意

Exchange Online: DLP 功能 premium 所需的 Exchange Online 計劃 2 訂閱。如需詳細資訊,請參閱Exchange Online 授權。> Exchange 2013: DLP 功能 premium 需要 Exchange 企業用戶端存取授權 (CAL)。如需 Cal 和伺服器授權的詳細資訊,請參閱Exchange Server 授權。> 如果您的組織使用 Exchange 2013 SP1 或 Exchange Online、 原則祕訣從 Outlook 2013、 Outlook Web App 或 OWA for Devices 傳送郵件的人。不過,如果您的組織目前使用 Exchange 2013、 原則祕訣只可傳送電子郵件從 Outlook 2013 的人員。>Exchange Online: DLP is a premium feature that requires an Exchange Online Plan 2 subscription. For more information, see Exchange Online Licensing. > Exchange 2013: DLP is a premium feature that requires an Exchange Enterprise Client Access License (CAL). For more information about CALs and server licensing, see Exchange Server Licensing. > If your organization is using Exchange 2013 SP1 or Exchange Online, Policy Tips are available to people sending mail from Outlook 2013, Outlook Web App, or OWA for Devices. However, if your organization is currently using Exchange 2013, Policy Tips are only available to people sending email from Outlook 2013. >

原則提示及規則選項預設Default text for Policy Tips and rule options

您將寄件者通知規則新增至 DLP 原則有可能的選項的範圍。當您新增的規則來通知寄件者由通知寄件者以原則提示巨集指令中的 DLP 原則,您可以選擇要如何限制。下表中的通知選項可用。如需編輯原則的一般資訊,請參閱 <管理 DLP 原則。如需建立原則提示的特定資訊,請參閱管理原則提示You have a range of possible options when you add sender notification rules to DLP policies. When you add a rule to notify the sender by using the Notify the sender with a Policy Tip action within a DLP policy, you can choose how restrictive to be. The notification options in the following table are available. For general information about editing policies, see Manage DLP Policies. For specific information about creating Policy Tips, see Manage policy tips.

通知規則Notification rule 意義Meaning 預設原則提示通知郵件的 Outlook 使用者將看到Default Policy Tip notification message that Outlook users will see
僅通知Notify only
類似郵件提示,這會使資訊性原則提示通知郵件原則違規的相關。寄件者可以防止使用原則提示選項] 對話方塊可在 Outlook 中顯示這種類型的秘訣。Similar to MailTips, this causes an informative Policy Tip notification message about a policy violation. A sender can prevent this type of tip from showing up by using a Policy Tip options dialog box that can be accessed in Outlook.
此郵件可能包含敏感內容。所有收件者都必須被都授權接收此內容。This message may contain sensitive content. All recipients must be authorized to receive this content.
拒絕郵件Reject message
等到不再存在於條件將不會傳遞訊息。寄件者隨附以指出其電子郵件不包含機密內容的選項。這也稱為是誤判覆寫。如果寄件者會指出這個,Outlook 會允許保留寄件匣以便可能要稽核的使用者報告,但 Exchange 會封鎖來自所傳送的郵件訊息。The message will not be delivered until the condition is no longer present. The sender is provided with an option to indicate that their email message does not contain sensitive content. This is also known as a false-positive override. If the sender indicates this, then Outlook will allow the message to leave the outbox so that the user's report may be audited, but Exchange will block the message from being sent.
此訊息可能包含敏感內容。您的組織不允許此訊息可以傳送直到移除該內容。This message may contain sensitive content. Your organization won't allow this message to be sent until that content is removed.
除非誤判覆寫,否則拒絕Reject unless false positive override
此通知規則的結果與 [拒絕郵件]**** 通知規則類似。不過,若您選擇此規則,則 Exchange 將允許郵件傳送給預定的收件者,而不會封鎖郵件。The result with this notification rule is similar to the Reject message notification rule. However, if you select this then Exchange will allow the message to be sent to the intended recipient, instead of blocking the message.
寄件者會選取一個選項來覆寫之前: 此訊息可能包含敏感內容。您的組織不允許此訊息可以傳送直到移除該內容。Before the sender selects an option to override: This message may contain sensitive content. Your organization won't allow this message to be sent until that content is removed.
在寄件者選擇一個選項來覆寫後: 郵件傳送時將提交您的回覆給管理員。After the sender selects an option override: Your feedback will be submitted to your administrator when the message is sent.
除非無訊息覆寫,否則拒絕Reject unless silent override
直到不再出現此情況或寄件者表示覆寫後才會傳遞郵件。寄件者會提供選項以表示他們希望覆寫原則。The message will not be delivered until the condition is no longer present or the sender indicates an override. The sender is provided with an option to indicate that they wish to override the policy.
寄件者會選取一個選項來覆寫之前: 此訊息可能包含敏感內容。您的組織不允許此訊息可以傳送直到移除該內容。Before the sender selects an option to override: This message may contain sensitive content. Your organization won't allow this message to be sent until that content is removed.
寄件者選擇一個選項來覆寫後: 您已覆寫此郵件中的敏感內容的組織的原則。您的動作將稽核依您的組織。After the sender selects an option override: You have overridden your organization's policy for sensitive content in this message. Your action will be audited by your organization.
除非明確覆寫,否則拒絕Reject unless explicit override
此通知原則結果與 [除非無訊息覆寫,否則拒絕] **** 通知規則類似,除非此案例中寄件者嘗試覆寫原則,寄件者需要提供覆寫原則的論證。The result with this notification rule is similar to the Reject unless silent override notification rule, except that in this case when the sender attempts to override the policy, they are required to provide a justification for overriding the policy.
寄件者會選取一個選項來覆寫之前: 此訊息可能包含敏感內容。您的組織不允許此訊息可以傳送直到移除該內容。Before the sender selects an option to override: This message may contain sensitive content. Your organization won't allow this message to be sent until that content is removed.
寄件者選擇一個選項來覆寫後: 您已覆寫此郵件中的敏感內容的組織的原則。您的動作將稽核依您的組織。After the sender selects an option override: You have overridden your organization's policy for sensitive content in this message. Your action will be audited by your organization.

自訂原則提示通知郵件Customize your Policy Tip notification messages

若要自訂的電子郵件的寄件者查看其電子郵件程式中的 「 原則提示通知文字,選取 [資料外洩防護] 頁面上的管理原則提示。為了讓您自訂文字的任何出現,DLP 原則規則必須包含的通知寄件者以原則提示巨集指令。使用 DLP 規則編輯器中新增的規則動作。To customize the text of a Policy Tip notification that email senders see in their email program, select Manage Policy Tips on the Data Loss Prevention page. In order for any of your custom text to appear, a DLP policy rule must include the Notify the sender with a Policy Tip action. Add the action to a rule by using the DLP rules editor.

說明如何建立您自己的原則提示的程序,請參閱管理原則提示。您建立的自訂文字可以取代預設的文字上表所示。For procedures that explain how to create your own Policy Tips, see Manage policy tips. The custom text that you create can replace the default text shown in the previous table.

原則提示通知動作與設定Policy Tip Notification Actions and Settings 意義Meaning
通知寄件者Notify the sender
初始化通知寄件者,但允許他們傳送動作時,才會顯示您的文字。Your text only appears when a Notify the sender, but allow them to send action is initiated.
允許寄件者覆寫Allow the sender to override
下列動作會初始化時才會出現在文字:它設定為誤判封鎖郵件封鎖郵件,但允許寄件者覆寫及傳送Your text only appears when the following actions are initiated: Block the message unless it's a false positive, Block the message, but allow the sender to override and send.
封鎖郵件Block the message
初始化封鎖郵件動作時,才會顯示您的文字。Your text only appears when a Block the message action is initiated.
連結到規範 URLLink to compliance URL
規範 URL 是您可以在此說明在規範並覆寫原則的網頁連結。此連結將顯示原則提示] 中當使用者按一下 [更多詳細資料] 連結。The compliance URL is a link to a web page where you can explain your compliance and override policies. This link is displayed in the Policy Tip when a user clicks the More details link.

相關資訊For more information

資料外洩防護Data loss prevention

Manage DLP PoliciesManage DLP Policies

管理原則提示Manage policy tips