Configuration Manager 中 Asset Intelligence 的安全性與隱私權Security and privacy for Asset Intelligence in Configuration Manager

適用於: Configuration Manager (最新分支)Applies to: Configuration Manager (current branch)

本主題包含 Configuration Manager 中 Asset Intelligence 的安全性與隱私權資訊。This topic contains security and privacy information for Asset Intelligence in Configuration Manager.

Asset Intelligence 的安全性最佳作法Security best practices for Asset Intelligence

使用 Asset Intelligence 時,請使用下列安全性最佳作法。Use the following security best practices for when you use Asset Intelligence.

安全性最佳做法Security best practice 更多資訊More information
當您匯入授權檔案 (Microsoft 大量授權檔案或一般授權聲明檔案) 時,請保護檔案和通訊通道的安全。When you import a license file (Microsoft Volume Licensing file or a General License Statement file), secure the file and communication channel. 使用 NTFS 檔案系統權限,確保只有授權的使用者才能存取授權檔,以及使用伺服器訊息區 (SMB) 簽署,確保匯入程序期間傳送到站台伺服器時的資料完整性。Use NTFS file system permissions to ensure that only authorized users can access the license files and use Server Message Block (SMB) signing to ensure the integrity of the data when it is transferred to the site server during the import process.
使用最低權限的原則來匯入授權檔案。Use the principle of least permissions to import the license files. 使用以角色為基礎的系統管理,將 [管理 Asset Intelligence] 權限授與匯入授權檔案的系統管理使用者。Use role-based administration to grant the Manage Asset Intelligence permission to the administrative user who imports license files. 內建角色 [資產管理員] 包含這個權限。The built-in role of Asset Manager includes this permission.

Asset Intelligence 的隱私權資訊Privacy information for Asset Intelligence

Asset Intelligence 可擴充 Configuration Manager 的清查功能,以提供企業中更高層級的資產可見性。Asset Intelligence extends the inventory capabilities of Configuration Manager to provide a higher level of asset visibility in the enterprise. 不會自動啟用 Asset Intelligence 資訊收集。Asset Intelligence information collection is not automatically enabled. 您可以修改透過啟用硬體清查報告類別所收集的資訊類型。You can modify the type of information collected by enabling hardware inventory reporting classes. 如需詳細資訊,請參閱設定 Asset IntelligenceFor more information, see Configuring Asset Intelligence.

Asset Intelligence 資訊儲存在 Configuration Manager 資料庫的方式,與清查資訊相同。Asset Intelligence information is stored in the Configuration Manager database in the same manner as inventory information. 用戶端使用 HTTPS 來連線至管理點時,一律會在傳送至管理點期間加密資料。When clients connect to management points by using HTTPS, the data is always encrypted during transfer to the management point. 用戶端使用 HTTP 連線時,您可以設定要簽署和加密的清查資料傳送。When clients connect by using HTTP, you can configure the inventory data transfer to be signed and encrypted. 清查資料不會以加密格式儲存在資料庫中。Inventory data is not stored in encrypted format in the database. 資訊會保留在資料庫中,直到以每 90 天的間隔由站台維護工作 [刪除過時清查歷程記錄] 將它刪除為止。Information is retained in the database, until the site maintenance task Delete Aged Inventory History deletes it in intervals of every 90 days. 您可以設定刪除間隔。You can configure the deletion interval.

Asset Intelligence 不會傳送有關使用者和電腦或授權使用的資訊給 Microsoft。Asset Intelligence does not send information about users and computers or license usage to Microsoft. 您可以選擇傳送 System Center Online 要求進行分類,這表示您可以標記未分類的一個或多個軟體項目,並將其傳送給 System Center Online 進行研究和分類。You can choose to send System Center Online requests for categorization, which means that you can tag one or more software titles that are uncategorized and send them to System Center Online for research and categorization. 在上傳軟體項目之後,Microsoft 研究人員會進行識別、分類,然後將該知識提供給所有使用線上服務的客戶。After a software title is uploaded, Microsoft researchers identify, categorize, and then make that knowledge available to all customers who use the on-line service. 您應該注意將資訊提交給 System Center Online 的下列隱私權含意:You should be aware of the following privacy implications of submitting information to System Center Online:

  • 上傳僅適用於您選擇要傳送至 System Center Online 的一般軟體項目資訊 (名稱、發行者等)。Upload applies only to generic software title information (name, publisher, and so on) that you choose to send to System Center Online. 清查資訊不會使用上傳進行傳送。Inventory information is not sent with an upload.

  • 上傳絕不會自動發生,系統並沒有設計成自動完成此工作。Upload never occurs automatically, and the system is not designed for this task to be automated. 您必須手動選取以及核准各個軟體標題的上傳。You must manually select and approve the upload of each software title.

  • 上傳程序之前,會有對話方塊確實顯示要上傳的資料。A dialog box shows you exactly what data is going to be uploaded, before the upload process starts.

  • 不會將授權資訊傳送給 Microsoft。License information is not sent to Microsoft. 授權資訊會儲存在 Configuration Manager 資料庫的不同區域中,而且不會傳送給 Microsoft。The license information is stored in a separate area of the Configuration Manager database, and it cannot be sent to Microsoft.

  • 任何上傳的軟體項目皆會公開,因此提供的應用程式與其分類會成為 System Center Online Asset Intelligence 類別目錄的一部分,然後可供類別目錄的其他客戶下載。Any software title that is uploaded becomes public, in the sense that the knowledge of that given application and its categorization become part of the System Center Online Asset Intelligence catalog, and then is downloaded to other consumers of the catalog.

  • 軟體項目的來源不會記錄在 Asset Intelligence 類別目錄中,並且不供其他客戶使用。The source of the software title is not recorded in the Asset Intelligence catalog, and it is not made available to other customers. 不過,您仍然必須確認未載入任何包含任何私人資訊的應用程式標題。However, you must still verify that you do not load any application titles that contain any private information.

  • 資料一旦上傳就無法取回。Uploaded data cannot be recalled.

    在您設定 Asset Intelligence 資料收集並且決定是否將資訊提交給 System Center Online 之前,請考慮貴組織的隱私權需求。Before you configure Asset Intelligence data collection and decide whether to submit information to System Center Online, consider the privacy requirements of your organization.