Azure 信息保护审核日志参考(公共预览版)Azure Information Protection audit log reference (public preview)

适用范围:Azure 信息保护Office 365*Applies to: Azure Information Protection, Office 365*

相关内容:AIP 统一标记客户端和经典客户端Relevant for: AIP unified labeling client and classic client*

备注

为了提供统一、简化的客户体验,Azure 门户中的 Azure 信息保护经典客户端和标签管理将于 2021 年 3 月 31 日弃用 。To provide a unified and streamlined customer experience, Azure Information Protection classic client and Label Management in the Azure Portal are being deprecated as of March 31, 2021. 在此时间框架内,所有 Azure 信息保护客户都可以使用 Microsoft 信息保护统一标记平台转换到我们的统一标记解决方案。This time-frame allows all current Azure Information Protection customers to transition to our unified labeling solution using the Microsoft Information Protection Unified Labeling platform. 有关详细信息,请参阅官方弃用通知Learn more in the official deprecation notice.

Azure 信息保护审核日志功能目前以预览版提供。The Azure Information Protection audit log feature is currently in PREVIEW. Azure 预览版补充条款包含适用于 beta 版、预览版或其他尚未正式发布的 Azure 功能的其他法律条款。The Azure Preview Supplemental Terms include additional legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.

Microsoft Azure 信息保护在以下活动事件中生成审核日志:Microsoft Azure Information Protection generates audit logs at the following activity events:

访问审核日志Access audit logs

将为以下活动生成“访问”审核日志:Access audit logs are generated for the following activities:

报告者Reported by 平台Platform 应用程序Application 操作/说明Action / Description
Azure 信息保护:仅限经典客户端Azure Information Protection: Classic client only WindowsWindows OfficeOffice 在每个会话中第一次保存带标签的或受保护的文件时生成。Generated for the first time in each session that a labeled or protected file is saved.
该日志包含所有信息类型匹配项。The log includes any information type matches.
Azure 信息保护:仅限经典客户端Azure Information Protection: Classic client only WindowsWindows OfficeOffice 每次创建带标签的或受保护的文件时生成。Generated each time a labeled or protected file is created.
Azure 信息保护:Azure Information Protection:
- 经典客户端- Classic client
- 统一标记客户端- Unified labeling client
Windows、SharePoint、OneDriveWindows, SharePoint, OneDrive OfficeOffice 每次打开带标签的或受保护的文件时生成。Generated each time a labeled or protected file is opened.

注意:对于受保护的文件,只有当文件被打开并且内容被成功解密并向用户公开时,才会生成访问审核日志。Note: For protected files, Access audit logs are generated only when the file is opened and the content is successfully decrypted and exposed to the user.
对于 Outlook 中的受保护电子邮件,每当用户尝试打开加密的电子邮件时,也会生成访问审核日志,即使由于用户缺少权限而导致解密被阻止。For protected emails in Outlook, Access audit logs are also generated each time the user attempts to open an encrypted email, even if the decryption is blocked due to a lack of permissions.
Microsoft 信息保护 (MIP) SDKMicrosoft Information Protection (MIP) SDK 任意Any 第三方应用程序Third-party applications 每次通过支持带标签的或受保护的文件的第三方应用程序访问该文件时生成。Generated each time a labeled or protected file is accessed by a third-party application that supports it.
RMS 服务RMS service WindowsWindows OfficeOffice 每次访问带标签的或受保护的文档时生成。Generated each time a labeled or protected document is accessed.

“访问被拒绝”审核日志Access denied audit logs

将为以下活动生成“访问被拒绝”审核日志:Access denied audit logs are generated for the following activities:

报告者Reported by 平台Platform 应用程序Application 操作/说明Action / Description
RMS 服务RMS service WindowsWindows OfficeOffice 在用户每次尝试访问其无权访问的受保护文档时生成。Generated each time a user attempts to access a protected document for which they have no permissions.

“更改保护”审核日志Change protection audit logs

将为以下活动生成“更改保护”审核日志:Change protection audit logs are generated for the following activities:

报告者Reported by 平台Platform 应用程序Application 操作/说明Action / Description
Azure 信息保护:Azure Information Protection:
- 经典客户端- Classic client
- 统一标记客户端- Unified labeling client
Windows、SharePoint、OneDriveWindows, SharePoint, OneDrive OfficeOffice 每次手动更改无标签文档的保护时生成。Generated each time the protection on an unlabeled document is changed manually.
Microsoft 信息保护 (MIP) SDKMicrosoft Information Protection (MIP) SDK 任意Any 第三方应用程序Third-party applications 每次手动更改无标签文档的保护时生成。Generated each time the protection on an unlabeled document is changed manually.
只有在得到第三方应用程序支持的情况下才会生成。Generated only if supported by the third-party application.

“发现”审核日志Discover audit logs

将为以下活动生成“发现”审核日志:Discover audit logs are generated for the following activities:

报告者Reported by 平台Platform 应用程序Application 操作/说明Action / Description
Azure 信息保护:Azure Information Protection:
- 经典扫描程序- Classic scanner
- 统一标记扫描程序- Unified labeling scanner
WindowsWindows OfficeOffice 在文件每次被 AIP 扫描程序扫描时生成。Generated each time a file is scanned by the AIP scanner.
该日志包含以下详细信息:The log includes the following details:
- 匹配的信息类型- Matched information types
- 标签- Labels
Microsoft 信息保护 (MIP) SDKMicrosoft Information Protection (MIP) SDK 任意Any 第三方应用程序Third-party applications 在文件每次被支持该文件的第三方应用程序扫描时生成。Generated each time a file is scanned by a third-party application that supports it.
该日志包含以下详细信息:The log includes the following details:
- 匹配的信息类型- Matched information types
- 标签- Labels
Azure 信息保护统一标记查看器Azure Information Protection unified labeling viewer WindowsWindows AIP 统一标记查看器AIP Unified Labeling Viewer 每次打开带标签的或受保护的文件时生成。Generated each time a labeled or protected file is opened.

“降级标签”审核日志Downgrade label audit logs

将为以下活动生成“降级标签”审核日志:Downgrade label audit logs are generated for the following activities:

报告者Reported by 平台Platform 应用程序Application 操作/说明Action / Description
Azure 信息保护:Azure Information Protection:
- 经典扫描程序和客户端- Classic scanner and client
- 统一标记扫描程序和客户端- Unified labeling scanner and client
Windows、SharePoint、One DriveWindows, SharePoint, One Drive OfficeOffice 每次使用敏感度更低的标签更新文档标签时生成。Generated each time a document label is updated with a less sensitive label.
Microsoft Defender ATPMicrosoft Defender ATP WindowsWindows (OS)OS 每次使用敏感度更低的标签更新文档标签时生成。Generated each time a document label is updated with a less sensitive label.
Microsoft 信息保护 (MIP) SDKMicrosoft Information Protection (MIP) SDK 任意Any 第三方应用程序Third-party applications 每次使用敏感度更低的标签更新文档标签时生成。Generated each time a document label is updated with a less sensitive label.
只有在得到第三方应用程序支持的情况下才会生成。Generated only if supported by the third-party application.

“文件被删除”审核日志File removed audit logs

备注

只有 Azure 信息保护扫描程序 2.7.96.0 及更高版本支持“文件被删除”审核日志。File removed audit logs are supported only in Azure Information Protection scanner version 2.7.96.0 and later.

将为以下活动生成“文件被删除”审核日志:File removed audit logs are generated for the following activities:

报告者Reported by 平台Platform 应用程序Application 操作/说明Action / Description
Azure 信息保护扫描程序、统一标记客户端Azure Information Protection scanner, Unified labeling client WindowsWindows Office 和受支持的文件类型Office and supported file types 在 AIP 扫描程序每次检测到先前扫描的文件已被删除时生成。Generated each time the AIP scanner detects that a previously scanned file has been removed.

“新标签”审核日志New label audit logs

将为以下活动生成“新标签”审核日志:New label audit logs are generated for the following activities:

报告者Reported by 平台Platform 应用程序Application 操作/说明Action / Description
Azure 信息保护:Azure Information Protection:
- 经典扫描程序和客户端- Classic scanner and client
- 统一标记扫描程序和客户端- Unified labeling scanner and client
Windows、SharePoint、One DriveWindows, SharePoint, One Drive OfficeOffice 每次应用新标签时生成。Generated each time new label is applied.
Microsoft Defender ATPMicrosoft Defender ATP WindowsWindows (OS)OS 每次应用新文档标签时生成。Generated each time a new document label is applied.
Microsoft 信息保护 (MIP) SDKMicrosoft Information Protection (MIP) SDK 任意Any 第三方应用程序Third-party applications 每次应用新文档标签时生成。Generated each time a new document label is applied.
只有在受第三方应用程序支持时生成。Generated only when supported by the third-party application.

“新建保护”审核日志New protection audit logs

将为以下活动生成“新建保护”审核日志:New protection audit logs are generated for the following activities:

报告者Reported by 平台Platform 应用程序Application 操作/说明Action / Description
Azure 信息保护:Azure Information Protection:
- 经典客户端- Classic client
- 统一标记客户端- Unified labeling client
Windows、SharePoint、One DriveWindows, SharePoint, One Drive OfficeOffice 每次手动添加新的无标签的保护时生成。Generated each time protection is newly added manually, without a label.
Microsoft 信息保护 (MIP) SDKMicrosoft Information Protection (MIP) SDK 任意Any 第三方应用程序Third-party applications 每次手动添加新的无标签的保护时生成。Generated each time protection is newly added manually, without a label.
只有在受第三方应用程序支持时生成。Generated only when supported by the third-party application.

“删除标签”审核日志Remove label audit logs

将为以下活动生成“删除标签”审核日志:Remove label audit logs are generated for the following activities:

报告者Reported by 平台Platform 应用程序Application 操作/说明Action / Description
Azure 信息保护:Azure Information Protection:
- 经典扫描程序和客户端- Classic scanner and client
- 统一标记扫描程序和客户端- Unified labeling scanner and client
Windows、SharePoint、One DriveWindows, SharePoint, One Drive OfficeOffice 每次删除标签时生成。Generated each time a label is removed.
Microsoft Defender ATPMicrosoft Defender ATP WindowsWindows (OS)OS 每次删除标签时生成。Generated each time a label is removed.
Microsoft 信息保护 (MIP) SDKMicrosoft Information Protection (MIP) SDK 任意Any 第三方应用程序Third-party applications 每次删除标签时生成。Generated each time a label is removed.
只有在受第三方应用程序支持时生成。Generated only when supported by the third-party application.

“删除保护”审核日志Remove protection audit logs

将为以下活动生成“删除保护”审核日志:Remove protection audit logs are generated for the following activities:

报告者Reported by 平台Platform 应用程序Application 操作/说明Action / Description
Azure 信息保护:Azure Information Protection:
- 经典客户端- Classic client
- 统一标记客户端- Unified labeling client
Windows、SharePoint、One DriveWindows, SharePoint, One Drive OfficeOffice 每次手动删除无标签的保护时生成。Generated each time protection is manually removed, without a label.
Microsoft 信息保护 (MIP) SDKMicrosoft Information Protection (MIP) SDK 任意Any 第三方应用程序Third-party applications 每次手动删除无标签的保护时生成。Generated each time protection is manually removed, without a label.
只有在受第三方应用程序支持时生成。Generated only when supported by the third-party application.

“升级标签”审核日志Upgrade label audit logs

将为以下活动生成“升级标签”审核日志:Upgrade label audit logs are generated for the following activities:

报告者Reported by 平台Platform 应用程序Application 操作/说明Action / Description
Azure 信息保护:Azure Information Protection:
- 经典扫描程序和客户端- Classic scanner and client
- 统一标记扫描程序和客户端- Unified labeling scanner and client
Windows、SharePoint、One DriveWindows, SharePoint, One Drive OfficeOffice 每次使用敏感度更高的标签更新文档标签时生成。Generated each time a document label is updated with a more sensitive label.
Microsoft Defender ATPMicrosoft Defender ATP WindowsWindows (OS)OS 每次使用敏感度更高的标签更新文档标签时生成。Generated each time a document label is updated with a more sensitive label.
Microsoft 信息保护 (MIP) SDKMicrosoft Information Protection (MIP) SDK 任意Any 第三方应用程序Third-party applications 每次使用敏感度更高的标签更新文档标签时生成。Generated each time a document label is updated with a more sensitive label.
只有在受第三方应用程序支持时生成。Generated only when supported by the third-party application.

后续步骤Next steps

AIP 审核日志还将发送到 Microsoft 365 活动资源管理器中,在其中可能会以不同的名称显示。AIP audit logs are also sent to the Microsoft 365 Activity Explorer, where they may be displayed with different names.

有关详情,请参阅:For more information, see: