记录和分析 Azure 信息保护中的保护服务使用情况Logging and analyzing the protection usage from Azure Information Protection

适用范围:Azure 信息保护Office 365*Applies to: Azure Information Protection, Office 365*

相关内容:AIP 统一标记客户端和经典客户端Relevant for: AIP unified labeling client and classic client*

备注

为了提供统一、简化的客户体验,Azure 门户中的 Azure 信息保护经典客户端和标签管理将于 2021 年 3 月 31 日弃用 。To provide a unified and streamlined customer experience, Azure Information Protection classic client and Label Management in the Azure Portal are being deprecated as of March 31, 2021. 在此时间框架内,所有 Azure 信息保护客户都可以使用 Microsoft 信息保护统一标记平台转换到我们的统一标记解决方案。This time-frame allows all current Azure Information Protection customers to transition to our unified labeling solution using the Microsoft Information Protection Unified Labeling platform. 有关详细信息,请参阅官方弃用通知Learn more in the official deprecation notice.

使用此信息来帮助你了解如何使用 Azure 信息保护中的保护服务(Azure Rights Management) 的使用情况日志记录。Use this information to help you understand how you can use usage logging for the protection service (Azure Rights Management) from Azure Information Protection. 此保护服务为你的组织的文档和电子邮件提供数据保护,并可以记录针对这些数据的每个请求。This protection service provides the data protection for your organization's documents and emails and it can log every request to it. 这些请求包括在用户保护文档和电子邮件以及使用此内容时,管理员为该服务执行的操作,以及 Microsoft 操作员为了支持 Azure 信息保护部署而执行的操作。These requests include when users protect documents and email and also consume this content, actions performed by your administrators for this service, and actions performed by Microsoft operators to support your Azure Information Protection deployment.

然后,你可以使用这些保护服务使用情况日志来支持以下业务方案:You can then use these protection usage logs to support the following business scenarios:

  • 分析信息以获得业务见解Analyze for business insights

    可将保护服务生成的日志导入到选择的存储库(例如数据库、联机分析处理 (OLAP) 系统或 map-reduce 系统),以便分析信息并生成报告。The logs generated by the protection service can be imported into a repository of your choice (such as a database, an online analytical processing (OLAP) system, or a map-reduce system) to analyze the information and produce reports. 例如,可以看出谁在访问受保护的数据。As an example, you could identify who is accessing your protected data. 还可以确定用户访问了哪些受保护的数据、从哪些设备访问、从何处访问。You can determine what protected data people are accessing, and from what devices and from where. 你可以了解用户是否能够成功读取受保护内容。You can find out whether people can successfully read protected content. 你还可以看出哪些用户阅读了某个受保护的重要文档。You can also identify which people have read an important document that was protected.

  • 监控滥用行为Monitor for abuse

    可以近乎实时地访问有关保护服务使用情况的日志记录信息,从而持续监控公司使用保护服务的情况。Logging information about the protection use is available to you in near-real time, so that you can continuously monitor your company’s use of the protection service. 99.9% 的日志可在对服务启动操作后 15 分钟之内访问。99.9% of logs are available within 15 minutes of an initiated action to the service.

    例如,如果在正常工作时间之外读取受保护数据的用户迅猛增加,可能意味着恶意用户正在收集信息并企图售卖给你的竞争对手,你希望在出现这种情况时收到警报。For example, you might want to be alerted if there is a sudden increase of people reading protected data outside standard working hours, which could indicate that a malicious user is collecting information to sell to competitors. 或者,如果同一用户在很短时间内显然是从两个不同 IP 地址访问数据,则可能意味着该用户帐户已泄漏。Or, if the same user apparently accesses data from two different IP addresses within a short time frame, which could indicate that a user account has been compromised.

  • 执行取证分析Perform forensic analysis

    如果遇到信息泄露,安全人员很可能向你询问最近谁访问了特定文档,以及可疑人员最近访问了哪些信息。If you have an information leak, you are likely to be asked who recently accessed specific documents and what information did a suspected person access recently. 使用该日志记录时可以回答这些类型的问题,因为使用受保护内容的用户始终必须获取 Rights Management 许可证才能打开由 Azure 信息保护提供保护的文档和图片,即便这些文件已通过电子邮件移动或复制到 U 盘/其他存储设备。You can answer these types of questions when you use this logging because people who use protected content must always get a Rights Management license to open documents and pictures that are protected by Azure Information Protection, even if these files are moved by email or copied to USB drives or other storage devices. 这意味着在使用 Azure 信息保护来保护数据时,你可以使用这些日志作为确定性信息源进行取证分析。This means that you can use these logs as a definitive source of information for forensic analysis when you protect your data by using Azure Information Protection.

除了此使用日志记录之外,还可以使用以下日志记录选项:In addition to this usage logging, you also have the following logging options:

日志记录选项Logging option 说明Description
管理员日志Admin log 记录针对保护服务的管理任务。Logs administrative tasks for the protection service. 例如,在停用服务的情况下,启用超级用户功能时,以及向用户委派服务的管理员权限时。For example, if the service is deactivated, when the super user feature is enabled, and when users are delegated admin permissions to the service.

有关详细信息,请参阅 PowerShell cmdlet Get-AipServiceAdminLogFor more information, see the PowerShell cmdlet, Get-AipServiceAdminLog.
文档跟踪Document tracking 允许用户跟踪和撤消其使用 Azure 信息保护客户端跟踪的文档。Lets users track and revoke their documents that they have tracked with the Azure Information Protection client. 全局管理员也可以代表用户跟踪这些文档。Global administrators can also track these documents on behalf of users.

有关详细信息,请参阅配置和使用 Azure 信息保护的文档跟踪For more information, see Configuring and using document tracking for Azure Information Protection.
客户端事件日志Client event logs Azure 信息保护客户端的使用活动记录在本地 Windows“应用程序和服务”事件日志和“Azure 信息保护”中。Usage activity for the Azure Information Protection client, logged in the local Windows Applications and Services event log, Azure Information Protection.

有关详细信息,请参阅 Azure 信息保护客户端的使用日志记录For more information, see Usage logging for the Azure Information Protection client.
客户端日志文件Client log files 有关 Azure 信息保护客户端的疑难解答日志,位于 %localappdata%\Microsoft\MSIP 中。Troubleshooting logs for the Azure Information Protection client, located in %localappdata%\Microsoft\MSIP.

这些文件专门设计供 Microsoft 支持部门使用。These files are designed for Microsoft Support.

此外,会收集并聚合 Azure 信息保护客户端使用情况日志和 Azure 信息保护扫描程序中的信息以在 Azure 门户中创建报表。In addition, information from the Azure Information Protection client usage logs and the Azure Information Protection scanner is collected and aggregated to create reports in the Azure portal. 有关详细信息,请参阅 Azure 信息保护报表For more information, see Reporting for Azure Information Protection.

有关保护服务使用情况日志记录的详细信息,请参阅以下部分。Use the following sections for more information about the usage logging for the protection service.

如何为保护服务使用情况启用日志记录How to enable logging for protection usage

默认情况下会为所有客户启用保护服务使用情况日志记录。Protection usage logging is enabled by default for all customers.

不针对日志存储或日志记录功能收取额外的费用。There is no extra cost for the log storage or for the logging feature functionality.

如何访问和使用你的保护服务使用情况日志How to access and use your protection usage logs

Azure 信息保护将日志作为一系列 blob 写入到为你的租户自动创建的 Azure 存储帐户。Azure Information Protection writes logs as a series of blobs to an Azure storage account that it automatically creates for your tenant. 每个 Blob 包含一条或多条日志记录,采用 W3C 扩展日志格式。Each blob contains one or more log records, in W3C extended log format. Blob 名称为数字,按创建顺序排列。The blob names are numbers, in the order in which they were created. 本文档后面的如何解释 Azure Rights Management 使用日志部分包含了有关日志内容及其创建情况的更多信息。The How to interpret your Azure Rights Management usage logs section later in this document contains more information about the log contents and their creation.

在执行保护操作之后,日志需要一段时间才会显示在你的存储帐户中。It can take a while for logs to appear in your storage account after a protection action. 大多数日志在 15 分钟之内显示。Most logs appear within 15 minutes. 我们建议你将日志下载到本地存储,例如本地文件夹、数据库或 map-reduce 存储库。We recommend that you download the logs to local storage, such as a local folder, a database, or a map-reduce repository.

若要下载使用情况日志,需要使用适用于 Azure 信息保护的 AIPService PowerShell 模块。To download your usage logs, you will use the AIPService PowerShell module for Azure Information Protection. 有关安装说明,请参阅安装 AIPService PowerShell 模块For installation instructions, see Installing the AIPService PowerShell module.

使用 PowerShell 下载使用日志To download your usage logs by using PowerShell

  1. 使用“以管理员身份运行”选项启动 Windows PowerShell,然后使用 Connect-AipService cmdlet 连接到 Azure 信息保护:Start Windows PowerShell with the Run as administrator option and use the Connect-AipService cmdlet to connect to Azure Information Protection:

    Connect-AipService
    
  2. 运行以下命令,以下载特定日期的日志:Run the following command to download the logs for a specific date:

    Get-AipServiceUserLog -Path <location> -fordate <date>
    

    例如,在 E 盘上创建名为 Logs 的文件夹之后:For example, after creating a folder called Logs on your E: drive:

    • 若要下载特定日期(例如 2016/2/1)的日志,请运行以下命令:Get-AipServiceUserLog -Path E:\Logs -fordate 2/1/2016To download logs for a specific date (such as 2/1/2016), run the following command: Get-AipServiceUserLog -Path E:\Logs -fordate 2/1/2016

    • 若要下载某一日期范围(例如从 2016/2/1 到 2016/2/14)的日志,请运行以下命令:Get-AipServiceUserLog -Path E:\Logs -fromdate 2/1/2016 –todate 2/14/2016To download logs for a date range (such as from 2/1/2016 through 2/14/2016), run the following command: Get-AipServiceUserLog -Path E:\Logs -fromdate 2/1/2016 –todate 2/14/2016

如果你只指定了天(如我们的示例),则时间将假定为本地时间的 00:00:00,然后转换为 UTC。When you specify the day only, as in our examples, the time is assumed to be 00:00:00 in your local time, and then converted to UTC. 如果你使用 -fromdate 或 -todate 参数指定了时间(例如,fordate "2/1/2016 15:00:00"),则日期和时间将转换为 UTC。When you specify a time with your -fromdate or -todate parameters (for example, -fordate "2/1/2016 15:00:00"), that date and time is converted to UTC. 然后,Get-AipServiceUserLog 命令将获取该 UTC 时间段的日志。The Get-AipServiceUserLog command then gets the logs for that UTC time period.

你不能指定少于一整天的时间来进行下载。You cannot specify less than a whole day to download.

默认情况下,此 cmdlet 使用三个线程来下载日志。By default, this cmdlet uses three threads to download the logs. 如果你有足够的网络带宽,并且想要减少下载日志所需的时间,可使用 -NumberOfThreads 参数,该参数支持从 1 到 32 的值。If you have sufficient network bandwidth and want to decrease the time required to download the logs, use the -NumberOfThreads parameter, which supports a value from 1 through 32. 例如,如果你运行以下命令,此 cmdlet 将生成 10 个线程来下载日志:Get-AipServiceUserLog -Path E:\Logs -fromdate 2/1/2016 –todate 2/14/2016 -numberofthreads 10For example, if you run the following command, the cmdlet spawns 10 threads to download the logs: Get-AipServiceUserLog -Path E:\Logs -fromdate 2/1/2016 –todate 2/14/2016 -numberofthreads 10

提示

你可以使用 Microsoft Log Parser(一种在各种常见日志格式之间进行转换的工具),将所有已下载日志文件整合为 CSV 格式。You can aggregate all your downloaded log files into a CSV format by using Microsoft’s Log Parser, which is a tool to convert between various well-known log formats. 你还能够使用该工具将数据转换为 SYSLOG 格式,或者将其导入到数据库。You can also use this tool to convert data to SYSLOG format, or import it into a database. 安装该工具之后,请运行 LogParser.exe /? 以获得此工具的使用帮助和信息。After you have installed the tool, run LogParser.exe /? for help and information to use this tool.

例如,你可以运行以下命令,将所有信息导出为 .log 文件格式:logparser –i:w3c –o:csv "SELECT * INTO AllLogs.csv FROM *.log"For example, you might run the following command to import all information into a .log file format: logparser –i:w3c –o:csv "SELECT * INTO AllLogs.csv FROM *.log"

如何解释你的使用情况日志How to interpret your usage logs

可以使用以下信息帮助你解释保护服务使用情况日志。Use the following information to help you interpret the protection usage logs.

日志序列The log sequence

Azure 信息保护将日志作为一系列 blob 写入。Azure Information Protection writes the logs as a series of blobs.

日志中的每个条目都有 UTC 时间戳。Each entry in the log has a UTC timestamp. 因为保护服务跨多个数据中心在多台服务器上运行,所以,有时日志即使是按时间戳排序,也似乎并不符合时间顺序。Because the protection service runs on multiple servers across multiple data centers, sometimes the logs might seem to be out of sequence, even when they are sorted by their timestamp. 不过这种差异很小,通常在一分钟之内。However, the difference is small and usually within a minute. 大多数情况下,这不会为日志分析带来麻烦。In most cases, this is not an issue that would be a problem for log analysis.

Blob 格式The blob format

所有 Blob 都采用 W3C 扩展日志格式。Each blob is in W3C extended log format. 开头是以下两行:It starts with the following two lines:

#软件:RMS#Software: RMS

#版本:1.1#Version: 1.1

第一行确认这些是 Azure 信息保护中的保护日志。The first line identifies that these are protection logs from Azure Information Protection. 第二行标识 Blob 的剩余部分遵循版本 1.1 规范。The second line identifies that the rest of the blob follows the version 1.1 specification. 我们建议,用于解析这些日志的任何应用程序都应先验证这两行,然后再继续解析 Blob 的剩余部分。We recommend that any applications that parse these logs verify these two lines before continuing to parse the rest of the blob.

第三行枚举字段名称列表,以制表符分隔:The third line enumerates a list of field names that are separated by tabs:

#Fields: date      time      row-id      request-type      user-id      result      correlation-id      content-id      owner-email      issuer      template-id      file-name      date-published      c-info      c-ip      admin-action      acting-as-user#Fields: date time row-id request-type user-id result correlation-id content-id owner-email issuer template-id file-name date-published c-info c-ip admin-action acting-as-user

后面的每行都是日志记录。Each of the subsequent lines is a log record. 这些字段的值与前一行具有相同的顺序,并且以制表符分隔。The values of the fields are in the same order as the preceding line, and are separated by tabs. 请使用下表分析这些字段。Use the following table to interpret the fields.

字段名称Field name W3C 数据类型W3C data type 说明Description 示例值Example value
datedate 日期Date 为请求提供服务时的 UTC 日期。UTC date when the request was served.

源是为请求提供服务的服务器上的本地时钟。The source is the local clock on the server that served the request.
2013-06-252013-06-25
timetime 时间Time 为请求提供服务时的 UTC 时间(24 小时格式)。UTC time in 24-hour format when the request was served.

源是为请求提供服务的服务器上的本地时钟。The source is the local clock on the server that served the request.
21:59:2821:59:28
row-idrow-id 文本Text 此日志记录的唯一 GUID。Unique GUID for this log record. 如果不存在值,则使用 correlation-id 值来标识该条目。If a value is not present, use the correlation-id value to identify the entry.

在你整合日志或将日志复制为其他格式时,这个值是有用的。This value is useful when you aggregate logs or copy logs into another format.
1c3fe7a9-d9e0-4654-97b7-14fafa72ea631c3fe7a9-d9e0-4654-97b7-14fafa72ea63
request-typerequest-type 名称Name 所请求的 RMS API 的名称。Name of the RMS API that was requested. AcquireLicenseAcquireLicense
user-iduser-id 字符串String 发出请求的用户。The user who made the request.

该值包括在单引号中。The value is enclosed in single quotation marks. 由你管理的租户密钥 (BYOK) 所发出的调用具有值 ",这也适用于请求类型为匿名时的情况。Calls from a tenant key that is managed by you (BYOK) have a value of ", which also applies when the request types are anonymous.
‘joe@contoso.com’‘joe@contoso.com’
resultresult 字符串String 如果成功地为请求提供服务,则为 ‘Success’。'Success' if the request was served successful.

如果为请求提供服务失败,则在单引号中显示错误类型。The error type in single quotation marks if the request failed.
“Success”'Success'
correlation-idcorrelation-id 文本Text 在 RMS 客户端日志和服务器日志之间通用的针对给定请求的 GUID。GUID that is common between the RMS client log and server log for a given request.

此值有助于你解决客户端问题。This value can be useful to help troubleshooting client issues.
cab52088-8925-4371-be34-4b71a3112356cab52088-8925-4371-be34-4b71a3112356
content-idcontent-id 文本Text 包括在大括号中的 GUID,标识受保护内容(例如某个文档)。GUID, enclosed in curly braces that identifies the protected content (for example, a document).

只有当 request-type 为 AcquireLicense 时,此字段才具有值,对于其他所有请求类型,此字段都为空。This field has a value only if request-type is AcquireLicense and is blank for all other request types.
{bb4af47b-cfed-4719-831d-71b98191a4f2}{bb4af47b-cfed-4719-831d-71b98191a4f2}
owner-emailowner-email 字符串String 文档所有者的电子邮件地址。Email address of the owner of the document.

如果请求类型为 RevokeAccess,则此字段为空。This field is blank if the request type is RevokeAccess.
alice@contoso.com
颁发者issuer 字符串String 文档发布者的电子邮件地址。Email address of the document issuer.

如果请求类型为 RevokeAccess,则此字段为空。This field is blank if the request type is RevokeAccess.
alice@contoso.com(或)FederatedEmail.4c1f4d-93bf-00a95fa1e042@contoso.onmicrosoft.com’alice@contoso.com (or) FederatedEmail.4c1f4d-93bf-00a95fa1e042@contoso.onmicrosoft.com'
template-idtemplate-id 字符串String 用于保护文档的模板的 ID。ID of the template used to protect the document.

如果请求类型为 RevokeAccess,则此字段为空。This field is blank if the request type is RevokeAccess.
{6d9371a6-4e2d-4e97-9a38-202233fed26e}{6d9371a6-4e2d-4e97-9a38-202233fed26e}
file-namefile-name 字符串String 使用适用于 Windows 的 Azure 信息保护客户端跟踪的受保护文档的文件名。File name of a protected document that is tracked by using the Azure Information Protection client for Windows.

目前,某些文件(如 Office 文档)显示为 GUID 而不是实际文件名。Currently, some files (such as Office documents) display as GUIDs rather than the actual file name.

如果请求类型为 RevokeAccess,则此字段为空。This field is blank if the request type is RevokeAccess.
TopSecretDocument.docxTopSecretDocument.docx
date-publisheddate-published 日期Date 保护文档时的日期。Date when the document was protected.

如果请求类型为 RevokeAccess,则此字段为空。This field is blank if the request type is RevokeAccess.
2015-10-15T21:37:002015-10-15T21:37:00
c-infoc-info 字符串String 有关发出请求的客户端平台的信息。Information about the client platform that is making the request.

特定字符串各不相同,具体取决于应用程序(例如操作系统或浏览器)。The specific string varies, depending on the application (for example, the operating system or the browser).
'MSIPC;version=1.0.623.47;AppName=WINWORD.EXE;AppVersion=15.0.4753.1000;AppArch=x86;OSName=Windows;OSVersion=6.1.7601;OSArch=amd64''MSIPC;version=1.0.623.47;AppName=WINWORD.EXE;AppVersion=15.0.4753.1000;AppArch=x86;OSName=Windows;OSVersion=6.1.7601;OSArch=amd64'
c-ipc-ip 地址Address 发出请求的客户端的 IP 地址。IP address of the client that makes the request. 64。51。202。14464.51.202.144
admin-actionadmin-action BoolBool 管理员是否已在管理员模式下访问文档跟踪站点。Whether an administrator has accessed the document tracking site in Administrator mode. 正确True
acting-as-useracting-as-user 字符串String 管理员正在访问其文档跟踪站点的用户的电子邮件地址。The email address of the user for whom an administrator is accessing the document tracking site. 'joe@contoso.com''joe@contoso.com'

user-id 字段的例外Exceptions for the user-id field

虽然 user-id 字段通常指示发出请求的用户,但在两种例外情况下,该值不映射到真正用户:Although the user-id field usually indicates the user who made the request, there are two exceptions where the value does not map to a real user:

  • 'microsoftrmsonline@<YourTenantID>.rms.<region>.aadrm.com'The value 'microsoftrmsonline@<YourTenantID>.rms.<region>.aadrm.com'.

    它指示 Office 365 服务(例如 Exchange Online 或 Microsoft SharePoint)正在发出请求。This indicates an Office 365 service, such as Exchange Online or Microsoft SharePoint, is making the request. 在此字符串中,<YourTenantID> 是你的租户的 GUID,<region> 是在其中注册了你的租户的区域。 In the string, <YourTenantID> is the GUID for your tenant and <region> is the region where your tenant is registered. 例如,na 代表北美,eu 代表欧洲,ap 代表亚洲。For example, na represents North America, eu represents Europe, and ap represents Asia.

  • 如果你使用 RMS 连接器。If you are using the RMS connector.

    此连接器发出的请求将使用服务主体名称 Aadrm_S-1-7-0 进行记录,该名称是在安装 RMS 连接器时自动生成的。Requests from this connector are logged with the service principal name of Aadrm_S-1-7-0, which is automatically generated when you install the RMS connector.

典型请求类型Typical request types

有许多针对保护服务的请求类型,但下表列出了其中一些最常用的请求类型。There are many request types for the protection service but the following table identifies some of the most typically used request types.

请求类型Request type 说明Description
AcquireLicenseAcquireLicense 基于 Windows 的计算机上的客户端正在请求受保护内容的许可证。A client from a Windows-based computer is requesting a license for protected content.
AcquirePreLicenseAcquirePreLicense 某个客户端正在代表用户请求受保护内容的许可证。A client, on behalf of the user, is requesting for a license for protected content.
AcquireTemplatesAcquireTemplates 进行调用以基于模板 ID 获取模板A call was made to acquires templates based on template IDs
AcquireTemplateInformationAcquireTemplateInformation 进行调用以从服务获取模板的 ID。A call was made to get the IDs of the template from the service.
AddTemplateAddTemplate 从 Azure 门户进行调用以添加模板。A call is made from the Azure portal to add a template.
AllDocsCsvAllDocsCsv 从文档跟踪站点进行调用,以便从“所有文档”页面下载 CSV 文件。A call is made from the document tracking site to download the CSV file from the All Documents page.
BECreateEndUserLicenseV1BECreateEndUserLicenseV1 从移动设备进行调用以创建最终用户许可证。A call is made from a mobile device to create an end-user license.
BEGetAllTemplatesV1BEGetAllTemplatesV1 从移动设备(后端)进行调用以获取所有模板。A call is made from a mobile device (back-end) to get all the templates.
CertifyCertify 客户端正在认证用户对受保护内容的使用和创建情况。The client is certifying the user for the consumption and creation of protected content.
FECreateEndUserLicenseV1FECreateEndUserLicenseV1 类似于 AcquireLicense 请求,但来自移动设备。Similar to the AcquireLicense request but from mobile devices.
FECreatePublishingLicenseV1FECreatePublishingLicenseV1 与 Certify 和 GetClientLicensorCert 组合请求相同,来自移动客户端。The same as Certify and GetClientLicensorCert combined, from mobile clients.
FEGetAllTemplatesFEGetAllTemplates 从移动设备(前端)进行调用以获取模板。A call is made, from a mobile device (front-end) to get the templates.
FindServiceLocationsForUserFindServiceLocationsForUser 进行调用以查询 URL,使用该项来调用 Certify 或 AcquireLicense。A call is made to query for URLs, which is used to call Certify or AcquireLicense.
GetClientLicensorCertGetClientLicensorCert 客户端正在从基于 Windows 的计算机请求发布证书(随后用于保护内容)。The client is requesting a publishing certificate (that is later used to protect content) from a Windows-based computer.
GetConfigurationGetConfiguration 调用 Azure PowerShell cmdlet 以获取 Azure RMS 租户的配置。An Azure PowerShell cmdlet is called to get the configuration of the Azure RMS tenant.
GetConnectorAuthorizationsGetConnectorAuthorizations 从 RMS 连接器进行调用以从云中获取其配置。A call is made from the RMS connectors to get their configuration from the cloud.
GetRecipientsGetRecipients 从文档跟踪站点进行调用,以便导航到单个文档的列表视图。A call is made from the document tracking site to navigate to the list view for a single document.
GetTenantFunctionalStateGetTenantFunctionalState Azure 门户正在检查是否已激活保护服务 (Azure Rights Management)。The Azure portal is checking whether the protection service (Azure Rights Management) is activated.
KeyVaultDecryptRequestKeyVaultDecryptRequest 客户端正在尝试解密受 RMS 保护的内容。The client is attempting to decrypt the RMS-protected content. 仅适用于 Azure 密钥保管库中客户托管的租户密钥 (BYOK)。Applicable only for a customer-managed tenant key (BYOK) in Azure Key Vault.
KeyVaultGetKeyInfoRequestKeyVaultGetKeyInfoRequest 进行调用以验证指定用在 Azure 信息保护租户密钥的 Azure 密钥保管库中的密钥可访问,并且未使用。A call is made to verify that the key specified to be used in Azure Key Vault for the Azure Information Protection tenant key is accessible and not already used.
KeyVaultSignDigestKeyVaultSignDigest 在将 Azure 密钥保管库中客户托管的密钥 (BYOK) 用于签名时进行调用。A call is made when a customer-managed key (BYOK) in Azure Key Vault is used for signing purposes. 通常是针对每个 AcquireLicence(或 FECreateEndUserLicenseV1)、Certify 和 GetClientLicensorCert(或 FECreatePublishingLicenseV1)请求调用一次此项。This is called typically once per AcquireLicence (or FECreateEndUserLicenseV1), Certify, and GetClientLicensorCert (or FECreatePublishingLicenseV1).
KMSPDecryptKMSPDecrypt 客户端正在尝试解密受 RMS 保护的内容。The client is attempting to decrypt the RMS-protected content. 仅适用于旧版客户托管的租户密钥 (BYOK)。Applicable only for a legacy customer-managed tenant key (BYOK).
KMSPSignDigestKMSPSignDigest 在将旧版客户托管的密钥 (BYOK) 用于签名时进行调用。A call is made when a legacy customer-managed key (BYOK) is used for signing purposes. 通常是针对每个 AcquireLicence(或 FECreateEndUserLicenseV1)、Certify 和 GetClientLicensorCert(或 FECreatePublishingLicenseV1)请求调用一次此项。This is called typically once per AcquireLicence (or FECreateEndUserLicenseV1), Certify, and GetClientLicensorCert (or FECreatePublishingLicenseV1).
ServerCertifyServerCertify 从已启用 RMS 的客户端(如 SharePoint)进行调用以认证服务器。A call is made from an RMS-enabled client (such as SharePoint) to certify the server.
SetUsageLogFeatureStateSetUsageLogFeatureState 进行调用以启用使用日志记录。A call is made to enable usage logging.
SetUsageLogStorageAccountSetUsageLogStorageAccount 进行调用以指定 Azure Rights Management 服务日志的位置。A call is made to specify the location of the Azure Rights Management service logs.
UpdateTemplateUpdateTemplate 从 Azure 门户进行调用以更新现有模板。A call is made from the Azure portal to update an existing template.

仅限经典客户端Classic client only

以下请求类型仅适用于具有 AIP 经典客户端的用户:The following request types are relevant for users with the AIP classic client only:

请求类型Request type 说明Description
DeleteTemplateByIdDeleteTemplateById 从 Azure 门户进行调用以按模板 ID 删除模板。A call is made from the Azure portal, to delete a template by template ID.
DocumentEventsCsvDocumentEventsCsv 从文档跟踪站点进行调用,以便下载单个文档的 .CSV 文件。A call is made from the document tracking site to download the .CSV file for a single document.
ExportTemplateByIdExportTemplateById 从 Azure 门户进行调用以基于模板 ID 导出模板。A call is made from the Azure portal to export a template based on a template ID.
FEGetAllTemplatesFEGetAllTemplates 从移动设备(前端)进行调用以获取模板。A call is made, from a mobile device (front-end) to get the templates.
GetAllDocsGetAllDocs 从文档跟踪站点进行调用,以便为用户加载“所有文档”页面,或者搜索该租户的所有文档。A call is made from the document tracking site to load the all documents page for a user, or search all documents for the tenant. 将此值与 admin-action 和 acting-as-admin 字段结合使用:Use this value with the admin-action and acting-as-admin fields:

- admin-action 为空:用户在“所有文档”页面中查看自己的文档。- admin-action is empty: A user views the all documents page for their own documents.

- admin-action 为 true 且 acting-as-user 为空:管理员查看其租户的所有文档。- admin-action is true and acting-as-user is empty: An administrator views all documents for their tenant.

- admin-action 为 true 且 acting-as-user 不为空:管理员查看用户的“所有文档”页面。- admin-action is true and acting-as-user is not empty: An administrator views the all documents page for a user.
GetAllTemplatesGetAllTemplates 从 Azure 门户进行调用以获取所有模板。A call is made from the Azure portal, to get all the templates.
GetConnectorAuthorizationsGetConnectorAuthorizations 从 RMS 连接器进行调用以从云中获取其配置。A call is made from the RMS connectors to get their configuration from the cloud.
GetSingleGetSingle 从文档跟踪站点进行调用,以便导航到“单个文档”页面。A call is made from the document tracking site to navigate to a single document page.
GetTemplateByIdGetTemplateById 从 Azure 门户进行调用以通过指定模板 ID 来获取模板。A call is made from the Azure portal to get a template by specifying a template ID.
LoadEventsForMapLoadEventsForMap 从文档跟踪站点进行调用,以便导航到单个文档的映射视图。A call is made from the document tracking site to navigate to the map view for a single document.
LoadEventsForSummaryLoadEventsForSummary 从文档跟踪站点进行调用,以便导航到单个文档的时间线视图。A call is made from the document tracking site to navigate to the timeline view for a single document.
LoadEventsForTimelineLoadEventsForTimeline 从文档跟踪站点进行调用,以便导航到单个文档的映射视图。A call is made from the document tracking site to navigate to the map view for a single document.
ImportTemplateImportTemplate 从 Azure 门户进行调用以导入模板。A call is made from the Azure portal to import a template.
RevokeAccessRevokeAccess 从文档跟踪站点进行调用以撤销文档。A call is made from the document tracking site to revoke a document.
SearchUsersSearchUsers 从文档跟踪站点进行调用,以便搜索某个租户中的所有用户。A call is made from the document tracking site to search all users in a tenant.
UpdateNotificationSettingsUpdateNotificationSettings 从文档跟踪站点进行调用,以便更改单个文档的通知设置。A call is made from the document tracking site to change the notification settings for a single document.
UpdateTemplateUpdateTemplate 从 Azure 门户进行调用以更新现有模板。A call is made from the Azure portal to update an existing template.

PowerShell 参考PowerShell reference

访问保护服务使用情况日志记录时所需的唯一 PowerShell cmdlet 是 Get-AipServiceUserLogThe only PowerShell cmdlet that you need to access your protection usage logging is Get-AipServiceUserLog.

若要详细了解如何将 PowerShell 用于 Azure 信息保护,请参阅使用 Powershell 管理 Azure 信息保护中的保护服务For more information about using PowerShell for Azure Information Protection, see Administering protection from Azure Information Protection by using PowerShell.