資料外洩防護 (DLP) 原則Data loss prevention (DLP) policies

組織的資料是其成功與否的關鍵。An organization's data is critical to its success. 組織做決策時,其資料必須隨時就緒、可供使用。不過,同時也要保護這些資料,才不會把資料共用給不應存取的對象。Its data needs to be readily available for decision-making but it needs to be protected so that it isn't shared with audiences that should not have access to it. 若要保護此資料,Microsoft PowerApps (PowerApps) 為您提供建立和強制執行原則的能力,定義可以共用商務資料的服務/連接器。To protect this data, Microsoft PowerApps (PowerApps) provides you with the ability to create and enforce policies that define which consumer services/connectors specific business data can be shared with. 這些定義共用資料方式的原則,稱為資料外洩防護 (DLP) 原則 。These policies that define how data can be shared are referred to as data loss prevention (DLP) policies.

為什麼要建立 DLP 原則?Why create a DLP policy?

建立 DLP 原則,能夠讓您清楚定義可以共用商務資料的客戶服務。You would create DLP policy to clearly define which consumer services business data may be shared with. 例如,使用 PowerApps 的組織可能不想將儲存在 SharePoint 的商務資料自動發佈至其 Twitter 摘要。For example, an organization that uses PowerApps may not want its business data that's stored in SharePoint to be automatically published to its Twitter feed. 若要避免這個問題,您可以建立 DLP 原則,封鎖 SharePoint 資料,避免成為推文的來源。To prevent this, you can create a DLP policy that blocks SharePoint data from being used as the source for tweets.

DLP 原則的好處:Benefits of a DLP policy :

  • 確保組織以一致的方式管理資料Ensures that data is managed in a uniform manner across the organization
  • 防止重要商務資料意外發佈至社交媒體網站等服務。Prevents important business data from being accidentally published to services such as social media sites.

管理 DLP 原則Managing DLP policies

必要條件Prerequisites

若要建立、 編輯或刪除 DLP 原則,需要下列項目︰In order to create, edit, or delete DLP policies, the following items are required:

  • 環境管理員或租用戶管理權限。Either environment admin or tenant admin permissions. 您可以參閱環境主題以進一步了解權限You can learn more about permissions in the environments topic

建立 DLP 原則Create a DLP policy

若要建立 DLP 原則,您必須擁有至少一個環境的權限。In order to create a DLP policy, you must have permissions to at least one environment.

請遵循下列步驟建立 DLP 原則,避免儲存在 SharePoint 資料庫的資料遭發佈到 Twitter:Follow these steps to create a DLP policy that prevents data that is stored in your SharePoint database from being published to Twitter:

  1. 在 [資料原則] 索引標籤中,選取 [新增原則] 連結︰While on the Data Policies tab, select the New policy link:
    登入Sign in
  2. 輸入 DLP 原則的名稱,做為頁面頂端 [資料原則名稱] 標籤中的 [Contoso 的安全資料存取],以開啟︰Enter the name of the DLP policy as Secure Data Access for Contoso in the Data Policy Name label at the top of the page that opens:
    登入Sign in
  3. 選取 [套用至] 索引標籤中的 [環境]Select the environment on the Applies to tab.
    登入Sign in
  4. 選取 [資料群組] 索引標籤︰Select the Data groups tab:
    登入Sign in
  5. 選取 [只限商務資料] 群組方塊中的 [+ 新增] 連結︰Select the + Add link located inside the Business data only group box:
    登入Sign in
  6. [新增服務] 頁面選取 [SharePoint][Salesforce] 服務︰Select the SharePoint and Salesforce services from the Add services page:
    登入Sign in
  7. 選取 [新增服務] 按鈕,將您選擇的服務新增至允許共用商務資料的服務清單:Select the Add services button to add the services you selected to the list of services that are allowed to share business data:
    登入Sign in
  8. 選取 [儲存原則]Select Save Policy:
    登入Sign in
  9. 幾分鐘後,新的 DLP 原則將會顯示在資料外洩防護原則清單︰After a few moments, your new DLP policy will be displayed in the data loss prevention policies list:
    登入
  10. 選擇性傳送電子郵件或其他通訊至您的小組,通知他們新的 DLP 原則已啟用。Optional Send an email or other communication to your team, alerting them that a new DLP policy is now available.

恭喜,您現在已經建立 DLP 原則,可讓應用程式共用 SharePoint 和 Salesforce 之間的資料,並封鎖任何其他服務共用資料。Congratulations, you have now created a DLP policy that allows app to share data between SharePoint and Salesforce and blocks the sharing of data with any other services.

尋找 DLP 原則Find a DLP policy

管理員Admins

管理員可以從管理中心使用搜尋功能來尋找特定的 DLP 原則。Admins can use the search feature from the Admin center to find specific DLP policies.

注意

管理員應發佈所有 DLP 原則,讓組織中的使用者可在建立 PowerApps 之前先了解原則。Admins should publish all DLP policies so that users in the organization are aware of the policies prior to creating PowerApps.

製作者Makers

如果您沒有管理員權限,而您想要深入了解您組織的 DLP 原則,請連絡您的管理員。If you don't have admin permissions and you wish to learn more about the DLP policies in your organization, contact your administrator. 您也可以在製作者環境主題了解更多資訊You can also learn more from the maker environments topic

注意

只有管理員可以編輯或刪除 DLP 原則。Only admins can edit or delete DLP policies.

編輯 DLP 原則Edit a DLP policy

  1. 請瀏覽 https://admin.powerapps.com 啟動管理中心。Launch the Admin center by browsing to https://admin.powerapps.com.
  2. 在啟動的管理中心中,選取左側的 [資料原則] 連結。In the Admin center that launches, select the Data polices link on the left side.
    登入Sign in
  3. 搜尋現有 DLP 原則的清單,然後選取您想要編輯的原則旁邊的編輯連結︰Search the list of existing DLP policies and select the edit link next to the policy you intend to edit:
    登入
  4. 進行您想要的變更。Make the changes you wish to make. 例如,您可以修改資料群組中的環境或服務。You can modify the environment or the services in the data groups, for example.
  5. 選取 [儲存原則] 以儲存變更。Select Save Policy to save your changes:
    登入Sign in

您的原則已更新。Your policy has now been updated. 您可以在資料外洩防護原則清單中尋找您變更的原則,並檢視其屬性,以確認變更已經完成。You can confirm that the changes have been made to your policy by finding it in the data loss prevention policies list and reviewing its properties.

刪除 DLP 原則Delete a DLP policy

  1. 請瀏覽 https://admin.powerapps.com 啟動系統管理中心Launch the Admin center by browsing to https://admin.powerapps.com
  2. 在啟動的管理中心中,選取左側的 [資料原則] 連結。In the Admin center that launches, select the Data polices link on the left side.
    登入Sign in
  3. 搜尋現有 DLP 原則的清單,然後選取您想要刪除的原則旁邊的刪除連結︰Search the list of existing DLP policies and select the delete link next to the policy you intend to delete:
    登入
  4. 選取 [刪除] 按鈕,確認您真的想要刪除該原則︰Confirm that you really want to delete the policy by selecting the Delete button:
    登入Sign in

您的原則已刪除。Your policy has now been deleted. 您可以選取左側的 [資料原則] 連結,檢視原則清單,以確認該原則已不在資料外洩防護原則清單中。You can confirm that the policy is no longer listed in the data loss prevention policies list by selecting the Data Policies link on the left and reviewing the list of policies.

DLP 原則權限DLP policy permissions

只有租用戶和環境的管理員可以建立及修改 DLP 原則。Only tenant and environment admins can create and modify DLP policies. 您可以在環境主題進一步了解權限。Learn more about permissions in the environments topic.

後續步驟Next steps