Azure 資訊保護中的保護功能可向現有承租人推出Protection features in Azure Information Protection rolling out to existing tenants


改良的 Microsoft 365 安全性中心現在可供公開預覽。The improved Microsoft 365 security center is now available in public preview. 這個新的體驗會將適用於端點的 Defender、適用於 Office 365 的 Defender、Microsoft 365 Defender 和更多功能帶到 Microsoft 365 安全性中心。This new experience brings Defender for Endpoint, Defender for Office 365, Microsoft 365 Defender, and more into the Microsoft 365 security center. 了解新功能Learn what's new. 本主題僅適合適用於 Office 365 的 Microsoft Defender 和 Microsoft 365 Defender。This topic might apply to both Microsoft Defender for Office 365 and Microsoft 365 Defender. 請參閱 適用於 區段,並且尋找此文章中可能有所不同的特定圖說文字。Refer to the Applies To section and look for specific call-outs in this article where there might be differences.

適用於Applies to

若要協助您保護資訊的初始步驟,請從2018年7月開始,所有 Azure 資訊保護合格的承租人都會有預設開啟 Azure 資訊保護中的保護功能。To help with the initial step in protecting your information, starting July 2018 all Azure Information Protection eligible tenants will have the protection features in Azure Information Protection turned on by default. Azure 資訊保護中的保護功能先前在 Office 365 中稱為 Rights Management 或 Azure RMS。The protection features in Azure Information Protection were formerly known in Office 365 as Rights Management or Azure RMS. 如果您的組織有 Office E3 服務方案或較高的服務方案,您現在可以在推出這些功能時,透過 Azure 資訊保護來開始保護資訊。If your organization has an Office E3 service plan or a higher service plan you will now get a head start protecting information through Azure Information Protection when we roll out these features.

從2018年7月1日開始的變更Changes beginning July 1, 2018

從2018年7月1日開始,Microsoft 會針對具有下列其中一個訂閱計畫的所有組織,啟用 Azure 資訊保護中的保護功能:Starting July 1, 2018, Microsoft will enable the protection capability in Azure Information Protection for all organizations with one of the following subscription plans:

  • Office 365 郵件加密是以 Office 365 E3 和 E5、Microsoft E3 和 E5、Office 365 A1、365 A3 和 G5 的一部分提供。Office 365 Message Encryption is offered as part of Office 365 E3 and E5, Microsoft E3 and E5, Office 365 A1, A3, and A5, and Office 365 G3 and G5. 您不需要其他授權,即可接收 Azure 資訊保護所支援的新保護功能。You do not need additional licenses to receive the new protection capabilities powered by Azure Information Protection.

  • 您也可以將 Azure 資訊保護方案1新增至下列方案,以接收新的 Office 365 郵件加密功能: Exchange Online Plan 1、Exchange Online Plan 2、Office 365 F1、Microsoft 365 Business Basic、Microsoft 365 Business Standard 或 Office 365 Enterprise E1。You can also add Azure Information Protection Plan 1 to the following plans to receive the new Office 365 Message Encryption capabilities: Exchange Online Plan 1, Exchange Online Plan 2, Office 365 F1, Microsoft 365 Business Basic, Microsoft 365 Business Standard, or Office 365 Enterprise E1.

  • 每個使用者從 Office 365 郵件加密中所受益的使用者,都必須經過授權才能享受功能。Each user benefiting from Office 365 Message Encryption needs to be licensed to be covered by the feature.

  • 如需完整清單,請參閱 Office 365 郵件加密的 Exchange Online 服務說明For the full list, see the Exchange Online service descriptions for Office 365 Message Encryption.

租使用者管理員可以在 Office 365 管理員入口網站中檢查保護狀態。Tenant administrators can check the protection status in the Office 365 administrator portal.

顯示 Office 365 中的版權管理已啟用的螢幕擷取畫面。

為什麼要進行此變更?Why are we making this change?

Office 365 郵件加密會利用 Azure 資訊保護中的保護功能。Office 365 Message Encryption leverages the protection capabilities in Azure Information Protection. 在最新的 Office 365 訊息加密改進功能和對 Microsoft 365 中資訊保護的廣泛投資的核心,我們為組織開啟和使用保護功能變得更容易,但在過去,加密技術很難設定。At the heart of the recent improvements to Office 365 Message Encryption and our broader investments to information protection in Microsoft 365, we are making it easier for organizations to turn on and use our protection capabilities, as historically, encryption technologies have been difficult to set up. 透過依預設開啟 Azure 資訊保護中的保護功能,您可以快速開始保護您的機密資料。By turning on the protection features in Azure Information Protection by default, you can quickly get started to protect your sensitive data.

這對我有何影響?Does this impact me?

如果您的組織已購買合格的 Office 365 授權,則您的租使用者將會受到此變更的影響。If your organization has purchased an eligible Office 365 license, then your tenant will be impacted by this change.


如果您在內部部署環境中使用 Active Directory Rights Management Services (AD RMS) ,您必須立即自願退出這項變更或遷移至 Azure 資訊保護,然後才會在今後30天內推出這項變更。If you're using Active Directory Rights Management Services (AD RMS) in your on-premises environment, you must either opt-out of this change immediately or migrate to Azure Information Protection before we roll out this change within the next 30 days. 如需如何自願退出的資訊,請參閱「我使用 AD RMS,如何退出宣告?」For information on how to opt-out, see "I use AD RMS, how do I opt out?" 本文稍後。later in this article. 如果您想要遷移,請參閱 從 AD RMS 遷移到 Azure 資訊保護。If you prefer to migrate, see Migrating from AD RMS to Azure Information Protection..

使用 Azure 資訊保護,是否可以使用 Active Directory Rights Management Services (AD RMS) ?Can I use Azure Information Protection with Active Directory Rights Management Services (AD RMS)?

否。No. 這不是支援的部署案例。This is not a supported deployment scenario. 若未採取其他自願取消的步驟,有些電腦可能會自動開始使用 Azure Rights Management 服務,而且也會連線到您的 AD RMS 叢集。Without taking the additional opt-out steps, some computers might automatically start using the Azure Rights Management service and also connect to your AD RMS cluster. 此案例不受支援,且結果不可靠,所以請務必在今後30天內選擇此變更,再進行這些新功能。This scenario isn't supported and has unreliable results, so it's important that you opt out of this change within the next 30 days before we roll out these new features. 如需如何自願退出的資訊,請參閱「我使用 AD RMS,如何退出宣告?」For information on how to opt-out, see "I use AD RMS, how do I opt out?" 本文稍後。later in this article. 如果您想要遷移,請參閱 從 AD RMS 遷移至 Azure 資訊保護。If you prefer to migrate, see Migrating from AD RMS to Azure Information Protection.

如何知道我使用的是 AD RMS?How do I know if I'm using AD RMS?

當您也有 Active Directory Rights Management Services (AD rms) 以檢查是否已部署 ad rms 時,請使用下列指示來準備 Azure 環境進行 Azure 版權管理:Use these instructions from Preparing the environment for Azure Rights Management when you also have Active Directory Rights Management Services (AD RMS) to check if you have deployed AD RMS:

  1. 雖然選用,大部分的 AD RMS 部署也會發佈服務連線點 (SCP) Active Directory,讓網域電腦能夠探索 AD RMS 叢集。Although optional, most AD RMS deployments publish the service connection point (SCP) to Active Directory so that domain computers can discover the AD RMS cluster.

    使用 ADSI Edit,查看您是否已在 Active Directory 中發佈 SCP: CN=Configuration [server name],CN=Services,CN = RightsManagementServices,CN = SCPUse ADSI Edit to see whether you have an SCP published in Active Directory: CN=Configuration [server name], CN=Services, CN=RightsManagementServices, CN=SCP

  2. 如果您不是使用 SCP,則必須使用 Windows 登錄為用戶端服務探索或授權重新導向,設定連線至 AD RMS 叢集的 Windows 電腦: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSIPC\ServiceLocation or HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\MSIPC\ServiceLocationIf you are not using an SCP, Windows computers that connect to an AD RMS cluster must be configured for client-side service discovery or licensing redirection by using the Windows registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSIPC\ServiceLocation or HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\MSIPC\ServiceLocation.

如需這些登錄設定的詳細資訊,請參閱使用 Windows 登錄和重新導向授權伺服器流量啟用用戶端服務探索For more information about these registry configurations, see Enabling client-side service discovery by using the Windows registry and Redirecting licensing server traffic.

我使用 AD RMS,我該如何退出宣告?I use AD RMS, how do I opt out?

若要退出宣告即將進行的變更,請完成下列步驟:To opt out of the upcoming change, complete these steps:

  1. 使用組織中具有全域系統管理員許可權的公司或學校帳戶,啟動 Windows PowerShell 會話,並聯機至 Exchange Online。Using a work or school account that has global administrator permissions in your organization, start a Windows PowerShell session and connect to Exchange Online. 如需詳細指示,請參閱連線到 Exchange Online PowerShellFor instructions, see Connect to Exchange Online PowerShell.

  2. 使用下列語法執行 Set-IRMConfiguration Cmdlet:Run the Set-IRMConfiguration cmdlet using the following syntax:

Set-IRMConfiguration -AutomaticServiceUpdateEnabled $false

進行此變更之後,我可以預期什麼?What can I expect after this change has been made?

一旦啟用這項功能,只要您未選擇,您就可以開始使用 Microsoft Ignite 2017 中所宣告的新版本的 Office 365 郵件加密,並利用 Azure 資訊保護的加密和保護功能。Once this is enabled, provided you haven't opted out, you can start using the new version of Office 365 Message Encryption which was announced at Microsoft Ignite 2017 and leverages the encryption and protection capabilities of Azure Information Protection.

螢幕擷取畫面顯示 Outlook 網頁版中的 OME 受保護的郵件。

如需新增強功能的相關資訊,請參閱 Office 365 Message EncryptionFor more information about the new enhancements, see Office 365 Message Encryption.