深入了解資料群組Learn all about data groups

資料群組是什麼?What is a data group?

資料群組是在資料外洩防護 (DLP) 原則中分類服務的簡單方式。Data groups are a simple way to categorize services within a data loss prevention (DLP) policy. 可用的兩個資料群組是只限商務資料群組和不允許任何商務資料群組。The two data groups available are the Business data only group and the No business data allowed group. 組織可自行決定哪個服務將放入特定的資料群組。Organizations are free to determine which services are placed into a particular data group. 分類服務的好方法之一,是根據組織的影響將它們放在群組中。A good way to categorize services is to place them in groups, based on the impact to the organization. 預設情況下,所有服務都放在不允許任何商業資料資料群組。By default, all services are placed into the No business data allowed data group. 當您從系統管理中心建立或修改 DLP 原則的內容,便可以管理資料群組中的服務。You manage the services in a data group when you create or modify the properties of a DLP policy from the admin center.

資料群組之間共用資料的方式How data is shared between data groups

資料無法在位於不同群組的服務之間共用。Data cannot be shared among services located in different groups. 例如,如果您將 SharePoint 和 Salesforce 放在只限商務資料群組,而 Facebook 和 Twitter 則放在不允許任何商業資料群組,您將無法建立在 SharePoint 和 Facebook 之間移動資料的 PowerApp。For example, if you place SharePoint and Salesforce in the Business data only group and you place Facebook and Twitter in the No business data allowed group, you cannot create a PowerApp that moves data between SharePoint and Facebook. 雖然資料無法在不同群組的服務之間共用,您可以在特定群組內的服務之間共用資料。While data cannot be shared among services in different groups, you can share data among the services within a specific group. 因此,回到之前的範例,因為 SharePoint 和 Salesforce 放在相同的資料群組,終端使用者建立的 PowerApps 可以在 SharePoint 和 Salesforce 之間共用資料。So, going back to the earlier example, since SharePoint and Salesforce were placed in the same data group, PowerApps that your end users create can share data between SharePoint and Salesforce. 重點是在特定群組內的服務可以共用資料,而不同群組的服務不能共用資料。The key point is that services in a specific group can share data, while services in different groups cannot share data.

此外,您必須指定一個資料群組為預設群組。Additionally, one data group must be designated as the default group. 一開始,不允許任何商業資料群組是預設群組,所有服務都位於此資料群組。Initially, the No business data allowed group is the default group and all services are in the data group. 管理員可以將預設的資料群組變更為只限商務資料資料群組。An administrator can change the default data group to the business data only data group. 請注意,任何新增到 PowerApps 的新服務將會放在指定的預設群組。Note any new services that are added to PowerApps will be placed in the designated default group. 基於這個理由,建議您保留不允許任何商業資料做為預設群組。當貴組織已經評估將商務資料與新服務共用的影響後,再手動將服務新增到只限商務資料群組。For this reason, we recommend you keep the No business data allowed as the default group and manually add services into the Business data only group after your organization has evaluated the impact of allowing business data to be shared with the new service.

將服務新增至資料群組Add services to a data group

在此逐步解說中,我們將 SharePoint 和 Salesforce 新增至資料外洩防護 (DLP) 原則的只限商務資料資料群組。In this walk-through, we'll add SharePoint and Salesforce to the business data only data group of a data loss prevention (DLP) policy.

  1. 選取 DLP 原則 [只限商務資料] 群組方塊中的 [+ 新增] 連結︰Select the + Add link located inside the Business data only group box of a DLP policy:
    新增影像Add image
  2. 選取 SharePoint 和 Salesforce,然後選取 [新增服務],將這兩項服務新增到只限商務資料群組:Select SharePoint and Salesforce then select Add services to add both to the business data only group:
    新增服務影像Add services image
  3. 選取頂端功能表的 [儲存原則]Select Save Policy from the menu at the top:
    儲存原則Save policy
  4. 請注意,SharePoint 和 Salesforce 現在位於只限商務資料群組︰Notice that both SharePoint and Salesforce are now in the business data only group:
    更新商務資料群組

在此逐步解說中,您已經將 SharePoint 和 Salesforce 新增至資料外洩防護 (DLP) 原則的只限商務資料資料群組。In this walk-through, you've added SharePoint and Salesforce to the business data only data group of a DLP policy. 如果 DLP 原則環境的成員建立的應用程式在 SharePoint 或 Salesforce 與不允許任何商業資料資料群組中的任何服務共用資料,該應用程式將無法執行。If one of the person who is part of the DLP policy's environment create an app shares data between SharePoint or Salesforce and any service in the No business data allowed data group, the app will not be allowed to run.

從資料群組中移除服務Remove services from a data group

因為所有的服務都必須放在可用的資料群組,若要從特定群組中移除服務,只要將該服務新增到另一個群組,然後儲存原則。Since all services must be in one of the available data groups, to remove a service from a specific group, simply add the service to another group then save the policy.

變更預設的資料群組Change the default data group

在此逐步解說中,我們將變更預設的資料群組,從不允許任何商業資料資料群組改為只限商務資料資料群組。In this walk-through, we will change the default data group from the no business data allowed data group to the business data only data group.

重要:任何新增到 PowerApps 的新服務將會放在指定的預設群組。Important any new services that are added to PowerApps will be placed in the designated default group. 基於這個理由,建議您保留不允許任何商業資料做為預設群組,並手動新增服務到只限商務資料群組。For this reason, we recommend you keep the No business data allowed as the default group and manually add services into the Business data only group.

  1. 選取您想要指定為預設資料群組的資料群組右上角的Select the ... located at the top right corner of the data group you wish to designate as the default data group:
    變更預設群組change default group
  2. 選取 [設為預設群組]Select Set as default group:
    變更預設群組change default group
  3. 選取頂端功能表的 [儲存原則]Select Save Policy from the menu at the top:
    變更預設群組change default group
  4. 請注意,該資料群組現在已指定為預設的資料群組︰Notice the data group is now designated as the default data group:
    變更預設群組

後續步驟Next steps