Azure 信息保护租户密钥的操作Operations for your Azure Information Protection tenant key

适用范围:Azure 信息保护Office 365*Applies to: Azure Information Protection, Office 365*

相关内容:AIP 统一标记客户端和经典客户端Relevant for: AIP unified labeling client and classic client*

根据你的租户密钥拓扑,可以对 Azure 信息保护租户密钥进行不同级别的控制并承担相应责任。Depending on your tenant key topology for Azure Information Protection, you have different levels of control and responsibility for your Azure Information Protection tenant key. 两种密钥拓扑分别由 Microsoft 托管和客户托管。The two key topologies are Microsoft-managed and customer-managed.

这种在 Azure 密钥保管库中自行管理租户密钥的方式通常称为“自带密钥”(BYOK)。When you manage your own tenant key in Azure Key Vault, this is often referred to as bring your own key (BYOK). 有关此方案以及如何在这两种租户密钥拓扑之间进行选择的详细信息,请参阅计划和实现你的 Azure 信息保护租户密钥For more information about this scenario and how to choose between the two tenant key topologies, see Planning and implementing your Azure Information Protection tenant key.

下表介绍了你可以执行的操作,具体取决于你为 Azure 信息保护租户密钥所选择的拓扑。The following table identifies the operations that you can do, depending on the topology that you’ve chosen for your Azure Information Protection tenant key.

生命周期操作Life cycle operation 由 Microsoft 管理(默认)Microsoft-managed (default) 由客户管理 (BYOK)Customer-managed (BYOK)
撤消你的租户密钥Revoke your tenant key 否(自动)No (automatic) Yes
重新生成租户密钥Rekey your tenant key Yes Yes
备份和恢复你的租户密钥Backup and recover your tenant key No Yes
导出你的租户密钥Export your tenant key Yes No
对违规行为做出响应Respond to a breach Yes Yes

确定实施了哪种拓扑之后,请选择以下的某个链接,获取这些针对 Azure 信息保护租户密钥的操作的相关详细信息:After you have identified which topology you have implemented, select one of the following links for more information about these operations for your Azure Information Protection tenant key: