Office 应用程序和服务如何支持 Azure 权限管理How Office applications and services support Azure Rights Management

适用范围:Azure 信息保护Office 365*Applies to: Azure Information Protection, Office 365*

相关内容:*AIP 统一标记客户端和经典客户端Relevant for: AIP unified labeling client and classic client.


为了提供统一、简化的客户体验,Azure 门户中的 Azure 信息保护经典客户端和标签管理将于 2021 年 3 月 31 日弃用 。To provide a unified and streamlined customer experience, Azure Information Protection classic client and Label Management in the Azure Portal are being deprecated as of March 31, 2021. 在此时间框架内,所有 Azure 信息保护客户都可以使用 Microsoft 信息保护统一标记平台转换到我们的统一标记解决方案。This time-frame allows all current Azure Information Protection customers to transition to our unified labeling solution using the Microsoft Information Protection Unified Labeling platform. 有关详细信息,请参阅官方弃用通知Learn more in the official deprecation notice.

最终用户 Office 应用程序和 Office 服务可使用 Azure 信息保护中的 Azure 权限管理服务来帮助保护组织的数据。End-user Office applications and Office services can use the Azure Rights Management service from Azure Information Protection to help protect your organization’s data. Office 应用程序包括 Word、Excel、PowerPoint 和 Outlook。These Office applications are Word, Excel, PowerPoint, and Outlook. Office 服务包括 Exchange 和 Microsoft SharePoint。The Office services are Exchange and Microsoft SharePoint. 支持 Azure 权限管理服务的 Office 配置通常使用术语“信息权限管理 (IRM)”。The Office configurations that support the Azure Rights Management service often use the term information rights management (IRM).

Office 应用程序:Word、Excel、PowerPoint、OutlookOffice applications: Word, Excel, PowerPoint, Outlook

这些应用程序支持内置的 Azure Rights Management,让用户能够将保护应用于已保存文档,或者应用于要发送的电子邮件。These applications support Azure Rights Management built-in, and let users apply protection to a saved document or to an email message to be sent. 用户可以应用模板以应用保护。Users can apply templates to apply the protection. 或者,在 Word、Excel 和 PowerPoint 中,用户还可以针对访问、权限和使用限制选择自定义设置。Or, for Word, Excel, and PowerPoint, users can choose customized settings for access, rights, and usage restrictions.

例如,用户可以配置 Word 文档,使仅组织中的人员可以访问该文档。For example, users can configure a Word document so that it can be accessed only by people in your organization. 或者,控制 Excel 电子表格是否可以编辑,或限制为只读,或者禁止打印。Or, control whether an Excel spreadsheet can be edited, or restricted to read-only, or prevent it from being printed. 对于时间敏感型文件,可以配置一个过期时间,在过期之后无法再访问该文件。For time-sensitive files, an expiration time can be configured for when the file can no longer be accessed. 此配置可由用户或通过应用保护模板直接执行。This configuration can be made directly by users or by applying a protection template. 对于 Outlook,用户还可以选择“不要转发”选项来帮助防止数据泄漏。For Outlook, users can also choose the Do Not Forward option to help prevent data leakage.

如果已准备好配置 Office 应用,请参阅 Office 应用:客户端配置If you are ready to configure Office apps see Office apps: Configuration for clients.

有关相关的已知问题,请参阅 Office 应用程序中的 AIP 已知问题For relevant known issues, see AIP known issues in Office applications.

Exchange Online 和 Exchange ServerExchange Online and Exchange Server

使用 Exchange Online 或 Exchange 服务器 时,可以配置 Azure 信息保护的选项。When you use Exchange Online or Exchange Server, you can configure options for Azure Information Protection. 此配置允许 Exchange 提供以下保护解决方案:This configuration lets Exchange provide the following protection solutions:

  • Exchange ActiveSync IRM,让移动设备能够保护和使用受保护的电子邮件。Exchange ActiveSync IRM so that mobile devices can protect and consume protected email messages.

  • 针对“Outlook 网页版”的电子邮件保护支持,其实现方式类似于 Outlook 客户端。Email protection support for Outlook on the web, which is implemented similarly to the Outlook client. 此配置允许用户通过使用保护模板或选项来保护电子邮件。This configuration lets users protect email messages by using protection templates or options. 用户可以阅读和使用他们接收到的受保护的电子邮件。Users can read and use protected email messages that are sent to them.

  • 管理员可以配置适用于 Outlook 客户端的“保护规则”,以便自动将保护模板和选项应用于发送给指定收件人的电子邮件。Protection rules for Outlook clients that an administrator configures to automatically apply protection templates and options to email messages for specified recipients. 例如,在将内部电子邮件发送至法律部门时,只允许法律部门成员阅读这些邮件,而且不能转发。For example, when internal emails are sent to your legal department, they can only be read by members of the legal department and cannot be forwarded. 在发送电子邮件之前,用户可以看到应用于电子邮件的保护,而默认情况下,如果他们确定不需要这种保护,则可将其删除。Users see the protection applied to the email message before sending it, and by default, they can remove this protection if they decide it is not necessary. 电子邮件在发送之前进行了加密。Emails are encrypted before they are sent. 有关详细信息,请参阅 Exchange 库中的 Outlook 保护规则创建 Outlook 保护规则For more information, see Outlook Protection Rules and Create an Outlook Protection Rule in the Exchange library.

  • 管理员可以配置“邮件流规则”,以便将保护模板自动应用于电子邮件。Mail flow rules that an administrator configures to automatically apply protection templates or options to email messages. 该规则基于发件人、收件人、邮件主题和内容等属性。These rules are based on properties such as sender, recipient, message subject, and content. 这些规则在概念上与保护规则类似,但不允许用户删除保护,因为保护是由 Exchange 服务而不是客户端设置的。These rules are similar in concept to protection rules but don't allow users to remove the protection because the protection is set by the Exchange service rather than by the client. 由于保护是由服务设置的,因此用户使用何种设备或操作系统并不重要。Because protection is set by the service, it doesn't matter what device or what operating system the users have. 有关详细信息,请参阅针对 Exchange 本地部署的 Exchange Online 中的电子邮件流规则(传输规则)创建传输保护规则For more information, see Mail flow rules (transport rules) in Exchange Online and Create a Transport Protection Rule for Exchange on-premises.

  • “数据丢失预防 (DLP) 策略”包含一系列筛选邮件的条件,有助于防止机密或敏感内容的数据丢失。Data loss prevention (DLP) policies that contain sets of conditions to filter email messages and take actions, to help prevent data loss for confidential or sensitive content. 其中,可以指定的操作之一是通过指定一个保护模板或选项来应用加密作为保护。One of the actions that you can specify is to apply encryption as protection, by specifying one of the protection templates or options. 检测到敏感数据时,可以使用策略提示,警告用户他们可能需要应用保护。Policy Tips can be used when sensitive data is detected, to alert users that they might need to apply protection. 有关详细信息,请参阅 Exchange Online 文档中的数据丢失防护For more information, see Data loss prevention in the Exchange Online documentation.

  • 邮件加密支持以附件形式向任何设备上的任何电子邮件地址发送受保护的电子邮件和受保护的 Office 文档。Message Encryption that supports sending a protected email message and protected Office documents as attachments to any email address on any device. 对于没有使用 Azure AD 的用户帐户,Web 体验支持社交标识提供者或一次性密码。For user accounts that don't use Azure AD, a web experience supports social identity providers or a one-time passcode. 有关详细信息,请参阅 Microsoft 365 文档中的设置在 Azure 信息保护基础上构建的新的 Microsoft 365 邮件加密功能For more information, see Set up new Microsoft 365 Message Encryption capabilities built on top of Azure Information Protection from the Microsoft 365 documentation. 如需查找与此配置相关的其他信息,请参阅 Microsoft 365 邮件加密To help you find additional information that is related to this configuration, see Microsoft 365 Message Encryption.

如果使用本地 Exchange,可以通过部署 Azure 权限管理连接器结合使用 Azure 权限管理服务和 IRM 功能。If you use Exchange on-premises, you can use the IRM features with the Azure Rights Management service by deploying the Azure Rights Management connector. 此连接器充当本地服务器和 Azure 权限管理服务之间的中继。This connector acts as a relay between your on-premises servers and the Azure Rights Management service.

如需深入了解可用于保护电子邮件的电子邮件选项,请参阅电子邮件的“不得转发”选项电子邮件的“仅加密”选项For more information about the email options that you can use to protect emails, see Do Not Forward option for emails and encrypt-only option for emails.

如果已准备好配置 Exchange 以保护电子邮件:If you're ready to configure Exchange to protect emails:

有关详情,请参阅:For more information, see:

  • 统一标记客户端。Unified labeling client. 在标记管理中心(包括 Microsoft 365 安全中心、Microsoft 365 合规中心或 Microsoft 365 安全与合规中心)配置敏感度标签和标记策略。Configure sensitivity labels and labeling polices in your labeling admin center, including the Microsoft 365 security center, Microsoft 365 compliance center, or Microsoft 365 Security & Compliance Center. 有关详细信息,请参阅 Microsoft 365 文档For more information, see the Microsoft 365 documentation.

  • 经典客户端Classic client. 在 Azure 门户中配置保护模板。Configure protection templates in the Azure portal. 有关详细信息,请参阅配置和管理 Azure 信息保护的模板For more information, see Configuring and managing templates for Azure Information Protection.

后续步骤Next steps

如果你有 Microsoft 365,则可能有兴趣查看 Microsoft 365 中的文件保护解决方案,其中提供了用于保护 Microsoft 365 中的文件的建议功能。If you have Microsoft 365, you might be interested in reviewing File Protection Solutions in Microsoft 365, which provides recommended capabilities for protecting files in Microsoft 365.

若要查看其他应用程序和服务如何支持 Azure 信息保护中的 Azure Rights Management 服务,请参阅应用程序如何支持 Azure Rights Management 服务To see how other applications and services support the Azure Rights Management service from Azure Information Protection, see How applications support the Azure Rights Management service.

如果已准备好开始部署(包括配置这些应用程序和服务),请参阅用于分类、标签和保护的 AIP 部署路线图If you are ready to start deployment, which includes configuring these applications and services, see the AIP deployment roadmap for classification, labeling, and protection.