自動套用保留標籤以保留或刪除內容Automatically apply a retention label to retain or delete content

Microsoft 365 安全性與合規性的授權指引Microsoft 365 licensing guidance for security & compliance.

注意

法規記錄不支援此案例。This scenario is not supported for regulatory records.

保留標籤 最實用的功能之一,是將標籤自動套用至符合特定條件的內容。One of the most powerful features of retention labels is the ability to apply them automatically to content that matches specified conditions. 在此情況下,貴組織中的人員不必親自套用保留標籤。In this case, people in your organization don't need to apply the retention labels. Microsoft 365 會執行這些動作。Microsoft 365 does the work for them.

自動套用保留標籤很強大是因為:Auto-applying retention labels are powerful because:

  • 您不需要訓練您的使用者記下所有分類。You don't need to train your users on all of your classifications.

  • 您不需要仰賴使用者正確地將所有內容分類。You don't need to rely on users to classify all content correctly.

  • 使用者不再需要了解資料控管原則,他們可以專心工作。Users no longer need to know about data governance policies - they can focus on their work.

當內容包含敏感性資訊、關鍵字或可訓練分類器的相符項目時,您可以自動對該內容套用保留標籤。You can apply retention labels to content automatically when that content contains sensitive information, keywords or searchable properties, or a match for trainable classifiers.

提示

現在處於預覽階段,使用可搜尋的屬性來找出 Teams 會議錄製Now in preview, use searchable properties to identify Teams meeting recordings.

根據下列條件自動套用保留標籤的程式:The processes to automatically apply a retention label based on these conditions:

自動套用標籤的角色和工作圖

使用下列指示執行兩個系統管理員步驟。Use the following instructions for the two admin steps.

注意

自動原則會使用條件的服務端標籤來自動套用保留標籤。Auto-policies use service-side labeling with conditions to automatically apply retention labels. 當您執行下列動作時,您也可以使用標籤原則以自動套用保留標籤:You can also automatically apply a retention label with a label policy when you do the following:

  • 在 SharePoint Syntex 中套用保留標籤到文件瞭解模型Apply a retention label to a document understanding model in SharePoint Syntex
  • 為 SharePoint 和 Outlook 套用預設的保留標籤Apply a default retention label for SharePoint and Outlook
  • 使用 Outlook 規則將保留標籤套用至電子郵件Apply a retention label to email by using Outlook rules

在這些情況下,請參閱 在應用程式中建立集套用保留標籤For these scenarios, see Create and apply retention labels in apps.

開始之前Before you begin

您組織中的全域系統管理員擁有建立及管理保留標籤及其原則的完整權限。The global admin for your organization has full permissions to create and edit retention labels and their policies. 如果您未以全域系統管理員身分登入,請參閱建立和管理保留標籤所需權限If you aren't signing in as a global admin, see Permissions required to create and manage retention policies and retention labels.

如何自動套用保留標籤How to auto-apply a retention label

首先,建立您自己的保留標籤。First, create your retention label. 然後建立自動原則來套用該標籤。Then create an auto-policy to apply that label. 如果您已經建立保留標籤,請跳至 建立自動原則If you have already created your retention label, skip to creating an auto-policy.

瀏覽指示取決於您使用的是否是 記錄管理Navigation instructions depend on whether you're using records management or not. 以下提供這兩個案例的指示。Instructions are provided for both scenarios.

步驟1: 建立保留標籤。Step 1: Create a retention label

  1. Microsoft 365 合規性中心,瀏覽至下列其中一個位置:In the Microsoft 365 compliance center, navigate to one of the following locations:

    • 如果您使用記錄管理:If you are using records management:

      • [解決方案] > [記錄管理] > [檔案計劃] 索引標籤 > [+ 建立標籤] > [保留標籤]Solutions > Records management > File plan tab > + Create a label > Retention label
    • 如果您未使用記錄管理:If you are not using records management:

      • [解決方案] > [資訊控管] > [標籤] 索引標籤 > [+ 建立標籤]Solutions > Information governance > Labels tab > + Create a label

    沒有立即看到您的選項?Don't immediately see your option? 先選取 [顯示全部]。First select Show all.

  2. 遵循精靈中的提示進行。Follow the prompts in the wizard. 如果您使用記錄管理:If you are using records management:

  3. 建立標籤並看到發佈標籤、自動套用標籤或僅保存標籤的選項:選取 [自動將此標籤套用於特定類型的內容],然後選取 [完成] 以啟動 [建立自動標籤] 精靈,該精靈將直接帶您進入以下過程中的步驟 2。After you have created the label and you see the options to publish the label, auto-apply the label, or just save the label: Select Auto-apply this label to a specific type of content, and then select Done to start the Create auto-labeling wizard that takes you directly to step 2 in the following procedure.

若要編輯現有的標籤,請選取它,然後選取 [編輯標籤] 以啟動編輯保留精靈讓您變更標籤描述和步驟 2 的任何 合格設定To edit an existing label, select it, and then select the Edit label option to start the Edit retention wizard that lets you change the label descriptions and any eligible settings from step 2.

步驟2:建立自動套用原則Step 2: Create an auto-apply policy

當您建立自動套用原則時,會根據您指定的條件,選取要自動套用至內容的保留標籤。When you create an auto-apply policy, you select a retention label to automatically apply to content, based on the conditions that you specify.

  1. Microsoft 365 合規性中心,瀏覽至下列其中一個位置:In the Microsoft 365 compliance center, navigate to one of the following locations:

    • 如果您使用記錄管理:資訊控管If you are using records management: Information governance:

      • [解決方案] > [記錄管理] > [標籤原則] 索引標籤 > [自動套用標籤]Solutions > Records management > Label policies tab > Auto-apply a label
    • 如果您未使用記錄管理:If you are not using records management:

      • [解決方案] > [資訊控管] > [標籤原則] 索引標籤 > [自動套用標籤]Solutions > Information governance > Label policies tab > Auto-apply a label

    沒有立即看到您的選項?Don't immediately see your option? 先選取 [顯示全部]。First select Show all.

  2. 按照 [建立自動標籤精靈] 中的提示。Follow the prompts in the Create auto-labeling wizard.

    如需有關設定會自動套用保留標籤之條件的詳細資訊,請參閱此頁面上的設定自動套用保留標籤的條件一節。For information about configuring the conditions that automatically apply the retention label, see the Configuring conditions for auto-apply retention labels section on this page.

    如需保留標籤支援的位置詳細資訊,請參閱保留標籤和位置一節。For information about the locations supported by retention labels, see the Retention labels and locations section.

若要編輯現有的自動套用原則,請選取該原則以啟動可讓您變更所選取保留標籤和來自步驟 2 的任何合格設定的編輯保留原則精靈。To edit an existing auto-apply policy, select it to start the Edit retention policy wizard that lets you change the selected retention label and any eligible settings from step 2.

使用自動套用標籤原則為內容加上標籤之後,您無法透過變更內容或原則或使用新的自動套用標籤原則來自動移除或變更已套用的標籤。After content is labeled by using an auto-apply label policy, the applied label can't be automatically removed or changed by changing the content or the policy, or by a new auto-apply label policy. 如需詳細資訊,請參閱一次僅一個保留標籤For more information, see Only one retention label at a time.

設定自動套用保留標籤的條件Configuring conditions for auto-apply retention labels

您可以在內容包含以下資訊時,自動將保留標籤套用到內容:You can apply retention labels to content automatically when that content contains:

自動將標籤套用至包含特定類型敏感資訊的內容Auto-apply labels to content with specific types of sensitive information

警告

此設定目前有已知的限制,其中當您所選的敏感性資訊類型有相符的項目時,所有未標記的電子郵件都必須套用選取的保留標籤。This configuration currently has a known limitation where all unlabeled emails always have the selected retention label applied when there is a match for your chosen sensitive information types. 例如,即使您將自動套用原則限定為特定的使用者,或是選取 Exchange 原則以外的位置,但一旦有相符的項目時,標籤就會套用到未標記的電子郵件。For example, even if you scope your auto-apply policy to specific users, or select locations other than Exchange for the policy, the label is always applied to unlabeled emails when there is a match.

當您為敏感性資訊建立自動套用保留標籤原則時,系統會顯示與建立資料外洩防護 (DLP) 原則時相同的原則範本清單。When you create auto-apply retention label policies for sensitive information, you see the same list of policy templates as when you create a data loss prevention (DLP) policy. 每個範本預設會尋找特定類型的敏感性資訊。Each template is preconfigured to look for specific types of sensitive information. 例如,此處顯示的範本從 隱私權 類別中查找美國 ITIN、SSN 和護照號碼,以及 美國個人識別資訊 (PII) 資料 範本:For example, the template shown here looks for U.S. ITIN, SSN, and passport numbers from the Privacy category, and U.S Personally Identifiable Information (PII) Data template:

敏感資訊類型的原則範本

了解有關敏感性資訊類型的更多資訊,請參閱敏感性資訊類型實體定義To learn more about the sensitivity information types, see Sensitive information type entity definitions.

選取原則範本後,您可以新增或移除任何類型的機密資訊,也可以變更執行個體計數和比對精確度。After you select a policy template, you can add or remove any types of sensitive information, and you can change the instance count and match accuracy. 在下方顯示的示例螢幕擷取畫面中,只有在以下情况下才會自動套用保留標籤:In the example screenshot shown next, a retention label will be auto-applied only when:

  • 系統偵測到之機密資訊類型的比對精確度 (或信賴區間) 至少會有 75。The type of sensitive information that's detected has a match accuracy (or confidence level) of at least 75. 許多機密資訊類型是與多個合作夥伴所定義;比對精確度越高的模式需要更多證據 (例如關鍵字、日期或地址),比對精確度越低的模式則需要較少證據。Many sensitive information types are defined with multiple patterns, where a pattern with a higher match accuracy requires more evidence to be found (such as keywords, dates, or addresses), while a pattern with a lower match accuracy requires less evidence. 最小 比對精確度越低,內容就越容易與條件相符。The lower the min match accuracy, the easier it is for content to match the condition.

  • 內容包含 1 到 9 個以下三種機密資訊類型其中之一的執行個體。The content contains between 1 and 9 instances of any of these three sensitive information types. 您可以删除 to 值,使其更改為 任何You can delete the to value so that it changes to Any.

有關這些選項的更多資訊,請參閱 DLP 檔案中的以下指導方針調整規則以讓它們更容易更難符合For more information about these options, see the following guidance from the DLP documentation Tuning rules to make them easier or harder to match.

用於識別敏感性資訊類型的選項

在使用敏感性資訊類型以自動套用保留標籤時,請考慮下列事項:To consider when using sensitive information types to auto-apply retention labels:

  • 新增和修改的項目可自動貼上標籤。New and modified items can be auto-labeled.

自動將標籤套用至包含關鍵字或可搜尋屬性的內容Auto-apply labels to content with keywords or searchable properties

您可以使用包含特定字詞、片語或可搜尋屬性的查詢,自動將標籤套用至內容。您可以使用 AND、OR 和 NOT 等搜尋運算子來精簡查詢。You can auto-apply labels to content by using a query that contains specific words, phrases, or values of searchable properties. You can refine your query by using search operators such as AND, OR, and NOT.

查詢編輯器

如需使用關鍵字查詢語言 (KQL) 的查詢語法的詳細資訊,請參閱關鍵字查詢語言 (KQL) 語法參考For more information about the query syntax that uses Keyword Query Language (KQL), see Keyword Query Language (KQL) syntax reference.

查詢式自動套用原則使用與 eDiscovery 內容搜尋相同的搜尋索引來識別內容。Query-based auto-apply policies use the same search index as eDiscovery content search to identify content. 如需有關您可使用的可搜尋屬性詳細資訊,請參閱內容搜尋的關鍵字查詢和搜尋條件For more information about the searchable properties that you can use, see Keyword queries and search conditions for Content Search.

在使用關鍵字或可搜尋屬性以自動套用保留標籤時,請考慮下列事項:Some things to consider when using keywords or searchable properties to auto-apply retention labels:

  • SharePoint、OneDrive 和 Exchange 的新增、已修改及既有項目將會自動標示。New, modified, and existing items will be auto-labeled for SharePoint, OneDrive, and Exchange.

  • 針對 SharePoint,這些 KQL 查詢不支援編目屬性和自訂屬性,因此您必須僅使用預先定義的受管理屬性。For SharePoint, crawled properties and custom properties aren't supported for these KQL queries and you must use only predefined managed properties. 不過,您可以在租用戶等級使用對應,並使用預設啟用為精簡器的預先定義 Managed 屬性 (RefinableDate00-19, RefinableString00-99, RefinableInt00-49, RefinableDecimals00-09, and RefinableDouble00-09)。However, you can use mappings at the tenant level with the predefined managed properties that are enabled as refiners by default (RefinableDate00-19, RefinableString00-99, RefinableInt00-49, RefinableDecimals00-09, and RefinableDouble00-09). 如需詳細資訊,請參閱SharePoint 伺服器中的編目及受管理屬性概觀,及如需相關指示,請參閱 建立新的受管理屬性For more information, see Overview of crawled and managed properties in SharePoint Server, and for instructions, see Create a new managed property.

  • 如果您將自訂屬性對應到其中一個精簡器屬性,使用前請等候 24 小時,再在 KQL 查詢中使用該屬性來保留標籤。If you map a custom property to one of the refiner properties, wait 24 hours before you use it in your KQL query for a retention label.

  • 儘管可以使用別名來重新命名 SharePoint 管理屬性,但不要在你的標籤中使用這些名稱進行 KQL 查詢。Although SharePoint managed properties can be renamed by using aliases, don't use these for KQL queries in your labels. 一律指定受管理屬性的實際名稱,例如,"RefinableString01"。Always specify the actual name of the managed property, for example, "RefinableString01".

  • 若要搜尋含有空格或特殊字元的值,請使用雙引號 (" ") 括住片語;例如,subject:"Financial Statements"To search for values that contain spaces or special characters, use double quotation marks (" ") to contain the phrase; for example, subject:"Financial Statements".

  • 使用 DocumentLink 屬性取代 Path 並根據其 URL 比對項目。Use the DocumentLink property instead of Path to match an item based on its URL.

  • 不支援尾碼萬用字元搜尋 (像是 *cat) 或子字串萬用字元搜尋 (像是 *cat*)。Suffix wildcard searches ( such as *cat) or substring wildcard searches (such as *cat*) aren't supported. 不過,會支援前置萬用字元搜尋 (例如 cat*)。However, prefix wildcard searches (such as cat*) are supported.

  • 請注意,部分編製索引的項目可能是導致無法將您預期的項目進行標示、或在您使用 NOT 運算子時,將您預期排除標示的項目進行標示的原因。Be aware that partially indexed items can be responsible for not labeling items that you're expecting, or labeling items that you're expecting to be excluded from labeling when you use the NOT operator. 如需詳細資訊,請參閱 內容搜尋中的部分編製索引的項目For more information, see Partially indexed items in Content Search.

範例查詢:Examples queries:

工作負載Workload 範例Example
ExchangeExchange subject:"Financial Statements"
ExchangeExchange recipients:garthf@contoso.com
SharePointSharePoint contenttype:document
SharePointSharePoint site:https://contoso.sharepoint.com/sites/teams/procurement AND contenttype:document
Exchange 或 SharePointExchange or SharePoint "customer information" OR "private"

更多複雜的問題:More complex examples:

當 Word 文件或 Excel 試算表含有關鍵字 密碼密碼pw 時,下列 SharePoint 查詢可以識別出這些檔案:The following query for SharePoint identifies Word documents or Excel spreadsheets when those files contain the keywords password, passwords, or pw:

(password OR passwords OR pw) AND (filetype:doc* OR filetype:xls*)

當附加至電子郵件的 Word 文件或 PDF 中含有文字 保密合約 (nda) 或字詞 non disclosure agreement (保密合約) 時,下列 Exchange 查詢可以識別出這些檔案:The following query for Exchange identifies any Word document or PDF that contains the word nda or the phrase non disclosure agreement when those documents are attached to an email:

(nda OR "non disclosure agreement") AND (attachmentnames:.doc* OR attachmentnames:.pdf)

下列 SharePoint 查詢會識別含有信用卡號碼的檔案:The following query for SharePoint identifies documents that contain a credit card number:

sensitivetype:"credit card number"

下列查詢包含部分的一般關鍵字,以協助識別含有法律內容的文件或電子郵件:The following query contains some typical keywords to help identify documents or emails that contain legal content:

ACP OR (Attorney Client Privilege*) OR (AC Privilege)

下列查詢包含一般的關鍵字,以協助識別適用於人力資源的文件或電子郵件:The following query contains typical keywords to help identify documents or emails for human resources:

(resume AND staff AND employee AND salary AND recruitment AND candidate)

請注意,最後這個範例使用了最佳做法,即是在關鍵字之間一律包括運算子。Note that this final example uses the best practice of always including operators between keywords. 在兩個關鍵字 (或兩個 property:value 運算式) 之間使用空格,效果等同於使用 AND。A space between keywords (or two property:value expressions) is the same as using AND. 只要一律新增運算子,您就可以更輕鬆地查看這個範例查詢只會識別含有所有這些關鍵字的內容,而不是含有任何關鍵字的內容。By always adding operators, it's easier to see that this example query will identify only content that contains all these keywords, instead of content that contains any of the keywords. 如果您想要識別包含任何關鍵字的內容,請指定或 (OR),而不是和 (AND)。If your intention is to identify content that contains any of the keywords, specify OR instead of AND. 如這個範例所示,當您一律指定運算子時,更容易正確解讀查詢。As this example shows, when you always specify the operators, it's easier to correctly interpret the query.

Microsoft Teams 會議錄製Microsoft Teams meeting recordings

注意

保留及刪除 Teams 會議錄製的功能已在預覽版中,且必須將錄製儲存到 OneDrive 或 SharePoint,否則無法運作。The ability to retain and delete Teams meeting recordings is in preview and won't work before recordings are saved to OneDrive or SharePoint. 如需詳細資訊,請參閱使用 [商務用 OneDrive] 和 SharePoint Online 或 Stream 進行會議錄製For more information, see Use OneDrive for Business and SharePoint Online or Stream for meeting recordings.

若要識別儲存在使用者 OneDrive 帳戶或 SharePoint 中的 Microsoft Teams 會議錄製,請為 關鍵字查詢編輯器 指定下列項目:To identify Microsoft Teams meeting recordings that are stored in users' OneDrive accounts or in SharePoint, specify the following for the Keyword query editor:

ProgID:Media AND ProgID:Meeting

大多數時候,會議錄製會儲存到 OneDrive。Most of the time, meeting recordings are saved to OneDrive. 但頻道會議會儲存在 SharePoint 中。But for channel meetings, they are saved in SharePoint.

使用可訓練分類器自動將標籤套用至內容Auto-apply labels to content by using trainable classifiers

選擇用於可訓練分類器的選項時,可以選取其中一個內建分類器或自訂分類器。When you choose the option for a trainable classifier, you can select one of the built-in classifiers, or a custom classifier. 內建分類器包括 [履歷]、[原始程式碼]、[針對性騷擾]、[粗話] 和 [威脅]:The built-in classifiers include Resumes, SourceCode, Targeted Harassment, Profanity, and Threat:

選擇可訓練分類器

警告

我們正在淘汰 [粗穢言語] 內建分類器,因為這個分類器產生了大量的誤報。We are deprecating the Offensive Language built-in classifier because it has been producing a high number of false positives. 請不要使用這個內建分類器,如果您目前正在使用此分類器,請將您的商務流程移開。Don't use this built-in classifier and if you are currently using it, you should move your business processes off it. 建議您改用 [針對性騷擾]、[粗話] 和 [威脅] 內建分類器。We recommend using the Targeted Harassment, Profanity, and Threat built-in classifiers instead.

若要使用此選項自動套用標籤,SharePoint 網站和信箱必須有至少 10 MB 的資料。To automatically apply a label by using this option, SharePoint sites and mailboxes must have at least 10 MB of data.

如需可訓練分類器的詳細資訊,請參閱深入了解可訓練分類器For more information about trainable classifiers, see Learn about trainable classifiers.

提示

如果您使用的是 Exchange 版可訓練分類器,請參閱如何在內容總管中重新定型分類器 (預覽)If you use trainable classifiers for Exchange, see How to retrain a classifier in content explorer.

在使用可訓練分類器以自動套用保留標籤時,請考慮下列事項:To consider when using trainable classifiers to auto-apply retention labels:

  • 可自動標示新增和修改的項目,以及最近六個月的現有項目。New and modified items can be auto-labeled, and existing items from the last six months.

保留標籤要多久才會生效How long it takes for retention labels to take effect

當您自動套用保留標籤,可能需要最多 7 天,保留標籤才會套用至符合條件的所有現有內容。When you auto-apply retention labels, it can take up to seven days for the retention labels to be applied to all existing content that matches the conditions.

自動標籤生效時的圖表

如果預期的標籤在七天之後未顯示,請在合規性中心的 [標籤原則 ] 頁面中選取自動套用原則,以檢查其 [狀態 ]If the expected labels don't appear after seven days, check the Status of the auto-apply policy by selecting it from the Label policies page in the compliance center. 如果您看到 關閉 (錯誤) 狀態,且在位置的詳細資料中,看到訊息說明部署原則 (針對 SharePoint) 或嘗試重新部署原則 (針對 OneDrive) 所耗費的時間超過預期,請嘗試執行 Set-RetentionCompliancePolicy PowerShell 命令以重試原則發佈:If you see the status of Off (Error) and in the details for the locations see a message that it's taking longer than expected to deploy the policy (for SharePoint) or to try redeploying the policy (for OneDrive), try running the Set-RetentionCompliancePolicy PowerShell command to retry the policy distribution:

  1. 連線到安全性與合規性中心 PowerShellConnect to Security & Compliance Center PowerShell.

  2. 執行下列命令:Run the following command:

    Set-RetentionCompliancePolicy -Identity <policy name> -RetryDistribution
    

更新保留標籤及其原則Updating retention labels and their policies

當您編輯保留標籤或自動套用原則,且保留標籤已套用至內容時,除了新識別的內容以外,您更新的設定會自動套用到此內容。When you edit a retention label or auto-apply policy, and the retention label is already applied to content, your updated settings will automatically be applied to this content in addition to content that's newly identified.

在建立及儲存標籤或原則之後,部分設定無法變更,其中包括:Some settings can't be changed after the label or policy is created and saved, which include:

  • 保留標籤和原則名稱,以及保留期間以外的保留設定。The retention label and policy name, and the retention settings except the retention period. 不過,當保留期間是以項目標記的時間為根據時,您就無法變更保留期間。However, you can't change the retention period when the retention period is based on when items were labeled.
  • 將項目標記為記錄的選項。The option to mark items as a record.

刪除保留標籤Deleting retention labels

您可以刪除目前未包含在任何保留標籤原則中、未針對事件型保留所設定的保留標籤,或將項目標示為法規記錄。You can delete retention labels that aren't currently included in any retention label policies, that aren't configured for event-based retention, or mark items as regulatory records. 刪除將項目標記為記錄的保留標籤功能目前正在預覽版中推出。The ability to delete retention labels that mark items as records is currently rolling out in preview.

針對您可以刪除的保留標籤,如果該標籤已套用至項目中,則會刪除失敗,而且您會看到一個連線至內容瀏覽器的連結,以識別已標籤的項目。For retention labels that you can delete, if they have been applied to items, the deletion fails and you see a link to content explorer to identify the labeled items.

不過,內容瀏覽器最多可能需要兩天才能顯示已標籤的項目。However, it can take up to two days for content explorer to show the items that are labeled. 在此情況中,保留標籤可能會被刪除,而不會向您顯示連線至內容瀏覽器的連結。In this scenario, the retention label might be deleted without showing you the link to content explorer.

鎖定原則以防止變更Locking the policy to prevent changes

如果您需要確保沒有人可以關閉原則、刪除原則或放寬限制,請參閱使用「保留鎖定」來限制變更保留原則和保留標籤原則If you need to ensure that no one can turn off the policy, delete the policy, or make it less restrictive, see Use Preservation Lock to restrict changes to retention policies and retention label policies.

後續步驟Next steps

請參閱 使用保留標籤來管理儲存在 SharePoint 中的文件週期,例如,在 SharePoint 中使用自動套用保留標籤原則和受管理的屬性,以及以事件為基礎的保留原則,開始保留期間。See Use retention labels to manage the lifecycle of documents stored in SharePoint for an example scenario that uses an auto-apply retention label policy with managed properties in SharePoint, and event-based retention to start the retention period.