Azure 信息保护统一标记客户端 - 版本发行历史记录和支持策略Azure Information Protection unified labeling client - Version release history and support policy

*适用于Azure 信息保护、Windows 10、Windows 8.1、Windows 8、Windows Server 2019、Windows Server 2016、Windows Server 2012 R2、Windows Server 2012**Applies to: Azure Information Protection, Windows 10, Windows 8.1, Windows 8, Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, Windows Server 2012*

如果你使用 Windows 7 或 Office 2010,请参阅 AIP 与旧版 Windows 和 OfficeIf you have Windows 7 or Office 2010, see AIP and legacy Windows and Office versions.

*相关客户端仅限 AIP 统一标记客户端Relevant for: AIP unified labeling client only. 对于经典客户端,请参阅 AIP 经典客户端版本发行历史记录和支持策略For the classic client, see AIP classic client version release history and support policy.

本文介绍适用于统一标记客户端的新功能,以及每个 AIP 统一客户端版本的服务信息和支持时间表。This article describes the new features available for the unified labeling client, as well as servicing information and support timelines for each AIP unified client version.

可以从 Microsoft 下载中心下载 Azure 信息保护统一标记客户端。You can download the Azure Information Protection unified labeling client from the Microsoft Download Center.

经过短时间的延期(通常是四周时间)后,最新正式版本也包含在 Microsoft 更新目录中。After a short delay of typically four weeks, the latest general availability version is also included in the Microsoft Update Catalog. Azure 信息保护版本的产品名称为“Microsoft Azure 信息保护” > “Microsoft Azure 信息保护统一标记客户端”,分类为“更新”。 Azure Information Protection versions have a product name of Microsoft Azure Information Protection > Microsoft Azure Information Protection Unified Labeling Client, and a classification of Updates.

将 Azure 信息保护包含在该目录中意味着可以利用 WSUS、Configuration Manager 或其他使用 Microsoft 更新的软件部署机制来升级客户端。Including Azure Information Protection in the catalog means that you can upgrade the client using WSUS or Configuration Manager, or other software deployment mechanisms that use Microsoft Update.

有关详细信息,请参阅升级和维护 Azure 信息保护统一标记客户端For more information, see Upgrading and maintaining the Azure Information Protection unified labeling client.

维护信息和日程表Servicing information and timelines

每个正式版 (GA) 的 Azure 信息保护统一标记客户端在后续正式版发布之后可享受最长六个月的支持。Each general availability (GA) version of the Azure Information Protection unified labeling client is supported for up to six months after the release of the subsequent GA version. 文档不包括关于不支持的客户端版本的信息。The documentation does not include information about unsupported versions of the client. 修补程序和新功能始终应用于最新 GA 版,且不适用于较旧的 GA 版。Fixes and new functionality are always applied to the latest GA version and will not be applied to older GA versions.

不再受支持的正式版General availability versions that are no longer supported

客户端版本Client version 发布日期Date released
2.7.962.7.96 01/20/202101/20/2021
2.6.111.02.6.111.0 03/09/202003/09/2020
2.5.33.02.5.33.0 2019/10/2310/23/2019
2.2.21.02.2.21.0 09/03/201909/03/2019
2.2.19.02.2.19.0 08/06/201908/06/2019
2.2.14.02.2.14.0 07/15/201907/15/2019
2.0.779.02.0.779.0 05/01/201905/01/2019
2.0.778.02.0.778.0 04/16/201904/16/2019

本页上使用的日期格式为“月/日/年”。The date format used on this page is month/day/year.

发布信息Release information

参考以下信息了解适用于 Windows 的 Azure 信息保护统一标记客户端的受支持版本的新增功能或已更改功能。Use the following information to see what's new or changed for a supported release of the Azure Information Protection unified labeling client for Windows. 最新版本会最先列出。The most current release is listed first. 本页上使用的日期格式为“月/日/年”。The date format used on this page is month/day/year.

指出 Azure 信息保护功能目前以预览版提供。Noted Azure Information Protection features are currently in PREVIEW. Azure 预览版补充条款包含适用于 beta 版、预览版或其他尚未正式发布的 Azure 功能的其他法律条款。The Azure Preview Supplemental Terms include additional legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.

备注

未列出次要修复,因此如果你遇到统一标记客户端的问题,我们建议检查该问题是否已在最新正式版中得到修复。Minor fixes are not listed so if you experience a problem with the unified labeling client, we recommend that you check whether it is fixed with the latest GA release. 如果该问题仍然存在,请检查当前预览版(如果可用)。If the problem remains, check the current preview version (if available).

有关技术支持,请参阅支持选项和社区资源信息。For technical support, see the Support options and community resources information. 我们还邀请你加入 Azure 信息保护团队:Yammer 站点We also invite you to engage with the Azure Information Protection team, on their Yammer site.

统一标记客户端取代了 Azure 信息保护经典客户端。The unified labeling client replaces the Azure Information Protection classic client. 若要将其特性和功能与经典客户端进行比较,请参阅比较适用于 Windows 计算机的标记解决方案To compare features and functionality with the classic client, see Compare the labeling solutions for Windows computers.

用于共同创作的版本 2.10.46.0(公共预览版)Version 2.10.46.0 for co-authoring (Public preview)

统一标记客户端版本 2.10.46.0Unified labeling client version 2.10.46.0

发布日期 03/02/2021Release 03/02/2021

此专用版 Azure 信息保护提供 Microsoft 365 中最近支持的共同创作功能的公共预览版。This dedicated version of Azure Information Protection provides a public preview of co-authoring features newly supported in Microsoft 365.

Office 应用的共同创作使多个用户可以编辑通过敏感度标签标记和加密的文档。Co-authoring for Office apps enables multiple users to edit documents that are labeled and encrypted by sensitivity labels.

重要

若要利用公共预览版中的共同创作功能,必须下载并安装此版本的专用安装文件。To leverage the co-authoring features in public preview, you must download and install the dedicated installation file for this release. Microsoft 下载站点上,下载并安装该 AzInfoProtection_2.10.46_CoAuthoring_PublicPreview.exe 文件。On the Microsoft download site, download and install the AzInfoProtection_2.10.46_CoAuthoring_PublicPreview.exe file.

系统还必须符合 Microsoft 365 共同创作的先决条件中列出的版本要求。Your system must also comply with the version requirements listed in the Microsoft 365 prerequisites for co-authoring.

在开始之前,我们建议查看所有相关的先决条件和限制。Before you start, we recommend that you review all related prerequisites and limitations. 有关详情,请参阅:For more information, see:

DLP 策略版本 2.10.43.0(公共预览版)Version 2.10.43.0 for DLP policies (Public preview)

统一标记扫描程序版本 2.10.43.0Unified labeling scanner version 2.10.43.0

发布日期 03/02/2021Release 03/02/2021

此专用版 Azure 信息保护提供 Microsoft 365 对数据丢失防护 (DLP) 策略的支持的公共预览版。This dedicated version of Azure Information Protection provides a public preview of the support for Data Loss Prevention (DLP) policies supported by Microsoft 365.

  • 使用 DLP 策略 可使扫描程序通过将 DLP 规则与文件共享和 SharePoint 服务器中存储的文件进行匹配,来检测潜在的数据泄露。Using a DLP policy enables the scanner to detect potential data leaks by matching DLP rules to files stored in file shares and SharePoint Server.

  • 在内容扫描作业中启用 DLP 规则可以减少与 DLP 策略匹配的任何文件的透露。Enable DLP rules in your content scan job to reduce the exposure of any files that match your DLP policies.

    扫描程序可以仅限数据所有者进行文件访问,或者减少文件透露在网络范围的组(例如“任何人”、“经过身份验证的用户”或“域用户”)中的情况。 The scanner may reduce file access to data owners only, or reduce exposure to network-wide groups, such as Everyone, Authenticated Users, or Domain Users.

  • 在启用 DLP 规则的情况下扫描文件还可创建文件权限报告Scanning your files with DLP rules enabled also creates file permission reports. 查询这些报告可以调查特定文件的透露情况,或者了解扫描的文件透露于特定用户的情况。Query these reports to investigate specific file exposures or explore the exposure of a specific user to scanned files.

Microsoft 365 合规中心配置用于强制实施或测试 DLP 策略的设置。Settings for enforcing or testing the DLP policy are configured in the Microsoft 365 Compliance center.

重要

若要利用公共预览版中的 DLP 支持,必须下载并安装此版本的专用安装文件。To leverage the DLP support in public preview, you must download and install the dedicated installation file for this release. Microsoft 下载站点上,下载并安装该 AzInfoProtection_2.10.43_DLP_PublicPreview.exe 文件。On the Microsoft download site, download and install the AzInfoProtection_2.10.43_DLP_PublicPreview.exe file.

有关详细信息(包括许可要求),请参阅:For more information, including licensing requirements, see:

版本 2.9.116Version 2.9.116

统一标记扫描程序和客户端版本 2.9.116Unified labeling scanner and client version 2.9.116

发布日期 02/08/2021Released 02/08/2021

已修复的问题:在以下情况下,用户现在能够按预期方式查看受保护的文件:Fixed issues Users are now able to view protected files as expected in the following scenarios:

  • 将受保护的文件与未配置 AIP 策略的用户(例如外部用户)共享时。When protected files are shared with users who don’t have an AIP policy configured, such as external users. 只有 AIP 查看器应用才出现过此问题。This issue had occurred only with the AIP Viewer app.

  • 将带有作用域内标签的内容与未包含在该标签的作用域内的用户或组共享时。When content with a scoped label is shared with users or groups not included in the label's scope. 使用 AIP 查看器应用时以及通过文件资源管理器查看或分类共享内容时均出现过此问题。This issue had occurred both with the AIP Viewer app and when viewing or classifying the shared content via the File Explorer.

有关详细信息,请参阅 AIP 统一标记客户端用户指南For more information, see the AIP unified labeling client user guide.

版本 2.9.111.0Version 2.9.111.0

统一标记扫描程序和客户端版本 2.9.111.0Unified labeling scanner and client version 2.9.111.0

发布日期 01/13/2021Released 01/13/2021

支持截止日期 08/08/2021Supported through 08/08/2021

此版本包含以下适用于统一标记扫描程序和客户端的新功能、修复和增强:This version includes the following new features, fixes, and enhancements for the unified labeling scanner and client:

对已断开连接的扫描程序服务器的 PowerShell 支持PowerShell support for disconnected scanner servers

对于无法连接到 Internet 的扫描程序服务器或者 Azure 中国世纪互联环境(中国主权云)中的扫描程序,Azure 信息保护本地扫描程序现在支持通过 PowerShell 管理内容扫描作业。The Azure Information Protection on-premises scanner now supports managing content scan jobs over PowerShell, for scanner servers that cannot connect to the internet, or for scanners in an Azure China 21Vianet environment (China sovereign cloud).

为了支持断开连接的扫描程序服务器或 Azure 中国世纪互联扫描程序服务器,我们添加了以下新的 cmdlet:To support disconnected or Azure China 21Vianet scanner servers, we've added the following new cmdlets:

CmdletCmdlet 说明Description
Add-AIPScannerRepositoryAdd-AIPScannerRepository 将新的存储库添加到内容扫描作业。Adds a new repository to your content scan job.
Get-AIPScannerContentScanJobGet-AIPScannerContentScanJob 获取有关内容扫描作业的详细信息。Gets details about your content scan job.
Get-AIPScannerRepositoryGet-AIPScannerRepository 获取有关为内容扫描作业定义的存储库的详细信息。Gets details about repositories defined for your content scan job.
Remove-AIPScannerContentScanJobRemove-AIPScannerContentScanJob 删除内容扫描作业。Deletes your content scan job.
Remove-AIPScannerRepositoryRemove-AIPScannerRepository 从内容扫描作业中删除存储库。Removes a repository from your content scan job.
Set-AIPScannerContentScanJobSet-AIPScannerContentScanJob 定义内容扫描作业的设置。Defines settings for your content scan job.
Set-AIPScannerRepositorySet-AIPScannerRepository 定义内容扫描作业中现有存储库的设置。Defines settings for an existing repository in your content scan job.

此外还添加了 Set-MIPNetworkDiscovery cmdlet 用于提供额外的支持,使你能够通过 PowerShell 更新网络发现服务的安装设置。The Set-MIPNetworkDiscovery cmdlet was also added to provide additional support, enabling you to update the installation settings for the Network Discovery service via PowerShell.

有关详细信息,请参阅扫描程序服务器何时无法连接到 Internet配置扫描程序For more information, see When the scanner server cannot have internet connectivity and Configure the scanner.

对内容扫描作业中 NFS 存储库的支持(公共预览版)Support for NFS repositories in content scan jobs (Public preview)

现在,除了可将 SMB 文件共享和 SharePoint 存储库添加到内容扫描作业以外,还可将 NFS 存储库添加到其中。Now you can add NFS repositories to your content scan jobs, in addition to SMB file shares and SharePoint repositories.

若要支持对 NFS 共享的扫描,必须在扫描程序计算机上部署 NFS 服务:To support scans on NFS shares, services for NFS must be deployed on the scanner machine:

  1. 在计算机上,导航到“Windows 功能(打开或关闭 Windows 功能)”设置对话框。On your machine, navigate to the Windows Features (Turn Windows features on or off) settings dialog.

  2. 选择以下项:Select the following items:

    • NFS 服务Services for NFS
      • 管理工具Administrative Tools
      • NFS 客户端Client for NFS

有关详细信息,请参阅创建内容扫描作业For more information, see Create a content scan job.

添加了对其他敏感信息类型的支持Added support for additional sensitive information types

我们在 Azure 信息保护中添加了对其他敏感信息类型(例如“澳大利亚企业编号”、“澳大利亚公司编号”或“奥地利身份证”)的支持。 We’ve added support for additional sensitive information types in Azure Information Protection, such as Australia business number, Australia company number, or Austria identity card.

有关详细信息,请参阅 Microsoft 365 文档中的敏感信息类型实体定义For more information, see the Sensitive information type entity definitions in the Microsoft 365 documentation.

跟踪文档访问权限和撤销访问权限(公共预览版)Track document access and revoke access (Public preview)

升级到版本 2.9.111.0 后,尚未进行跟踪注册的所有受保护文档,在下一次在装有 AIP 统一标记客户端的计算机上打开时将会注册。Once you've upgraded to version 2.9.111.0, any protected documents that are not yet registered for tracking are registered the next time they're opened on a machine with the AIP unified labeling client installed. 支持跟踪和撤销受保护的文档,即使未对其进行标记。Protected documents are supported for track and revoke, even if they are not labeled.

让文档进行跟踪注册可让管理员使用 PowerShell 来跟踪文档访问权限,并根据需要撤销访问权限。Having your documents registered for tracking enables administrators to use PowerShell to track document access, and revoke access if needed.

升级后,最终用户还可以撤销对他们所保护的文档的访问权限。Once you've upgraded, end-users can also revoke access for documents that they've protected. 若要撤销从 Microsoft Office 应用进行访问的权限,请在“敏感度”菜单中使用新的“撤销访问权限”选项。 To revoke access from Microsoft Office apps, use the new Revoke access option on the Sensitivity menu.

有关详情,请参阅:For more information, see:

如果你的组织或所在区域中的隐私要求规定必须关闭文档跟踪功能,请参阅面向管理员的跟踪和撤销过程If you have privacy requirements in your organization or region that require you to turn off document tracking features, see the track and revoke administrator procedures.

从经典客户端升级Upgrades from the classic client

AIP 经典客户端支持使用 Microsoft 跟踪门户来实现跟踪和撤销功能。The AIP classic client supports track and revoke features using the Microsoft tracking portal. 使用统一标记客户端时,此跟踪门户没有作用。This tracking portal is not relevant when working with the unified labeling client.

若要使用统一标记客户端查看跟踪数据,请根据管理员指南中所述仅使用 PowerShell 命令。To view tracking data with the unified labeling client, use the PowerShell commands only, as described in the admin guide.

统一标记扫描程序的修复和改进Fixes and improvements for the unified labeling scanner

Azure 信息保护统一标记扫描程序版本 2.9.111.0 中提供了以下修复:The following fixes were delivered in version 2.9.111.0 of the Azure Information Protection unified labeling scanner:

统一标记客户端的修复和改进Fixes and improvements for the unified labeling client

版本 2.8.85.0Version 2.8.85.0

统一标记扫描程序和客户端版本 2.8.85.0Unified labeling scanner and client version 2.8.85.0

发布日期 09/22/2020Released 09/22/2020

支持截止日期 7/13/2021Supported through 7/13/2021

此版本包含以下适用于统一标记扫描程序和客户端的新功能、修复和增强:This version includes the following new features, fixes, and enhancements, for the unified labeling scanner and client:

选择性地对检测到的更改进行完全重新扫描Optional full rescans for changes detected

在对策略或内容扫描作业做出更改后,管理员现在可以跳过完全重新扫描。Administrators can now skip a full rescan after making changes to policies or content scan jobs. 如果跳过完全重新扫描,则只会应用自上次扫描以来已修改或创建的文件中的更改。Skipping a full rescan applies your changes only on files that have been modified or created since the last scan.

例如,你做出了只会影响最终用户的更改(例如在视觉标记中),并且你不希望花费时间立即运行完全重新扫描。For example, you may have made changes that only affect the end user, such as in visual markings, and don't want to take the time required to run a full rescan immediately.

可以跳过立即完全重新扫描,稍后再回来运行完全重新扫描,并在各个存储库中应用更改。Skip the full, immediate rescan, and return later to run a full rescan and apply your changes across your repositories.

重要

在其策略和内容扫描作业中做出更改的管理员现在必须了解这些更改对内容的影响,并确定是否需要完全重新扫描。Administrators making changes in their policies and content scan jobs must now understand the effects of those changes on the content, and determine whether a full rescan is required.

例如,如果已将“敏感度策略”设置从“Enforce = Off”更改为“Enforce = On”,请确保运行完全重新扫描以在内容中应用标签。 For example, if you’ve changed Sensitivity policy settings from Enforce = Off to Enforce = On, make sure to run a full rescan to apply your labels across your content.

配置 SharePoint 超时Configure SharePoint timeouts

SharePoint 交互的默认超时已更新为两分钟,超过此时间后,尝试的 AIP 操作将会失败。The default timeout for SharePoint interactions has been updated to two minutes, after which the attempted AIP operation fails.

AIP 管理员现在还可以分别为所有 Web 请求和文件 Web 请求配置 SharePoint 超时。AIP administrators can also now configure SharePoint timeouts, separately for all web requests and file web requests.

有关详细信息,请参阅配置 SharePoint 超时For more information, see Configure SharePoint timeouts.

网络发现支持(公共预览版)Network Discovery support (public preview)

统一标记扫描程序现在包含新的 网络发现 服务,使用该服务可以扫描可能包含敏感内容的网络文件共享的指定 IP 地址或范围。The unified labeling scanner now includes a new network discovery service, which enables you to scan specified IP addresses or ranges for network file shares that may have sensitive content.

网络发现 服务根据发现的权限和访问权限,使用可能存在风险的共享位置列表更新 存储库 报告。The network discovery service updates Repository reports with a list of share locations that may be at risk, based on the discovered permissions and access rights. 检查更新的 存储库 报告可确保内容扫描作业包括需要扫描的所有存储库。Check the updated Repository reports to ensure that your content scan jobs include all repositories that need to be scanned.

提示

有关详细信息,请参阅网络发现 cmdletFor more information, see Network discovery cmdlets.

使用网络发现服务To use the Network discovery service

  1. 升级扫描程序版本,并确保正确配置了扫描程序群集。Upgrade your scanner version and make sure that you have your scanner cluster configured correctly. 有关详情,请参阅:For more information, see:

  2. 确保已启用 Azure 信息保护分析。Make sure that you have Azure Information Protection analytics enabled.

    在 Azure 门户中,转到“Azure 信息保护”>“管理”>“配置分析(预览版)”。In the Azure portal, go to Azure Information Protection > Manage > Configure analytics (Preview).

    有关详细信息,请参阅 Azure 信息保护的中心报告(公共预览版)For more information, see Central reporting for Azure Information Protection (public preview).

  3. 运行 Install-MIPNetworkDiscovery PowerShell cmdlet 来启用网络发现。Enable Network Discovery by running the Install-MIPNetworkDiscovery PowerShell cmdlet.

    重要

    运行此 cmdlet 时,请确保使用一个弱用户作为 StandardDomainsUserAccount 参数的值,以确保报告对存储库的任何公开访问。When running this cmdlet, make sure to use a weak user as the value for the StandardDomainsUserAccount parameter to ensure that any public access to repositories is reported.

    此用户只能是“域用户”组的成员,用于模拟对存储库的公开访问。This user must be a member of the Domain Users group only, and is used to simulate public access to the repositories.

  4. 在 Azure 门户中,转到“Azure 信息保护”>“网络扫描作业”,并创建作业来扫描网络的特定区域In the Azure portal, go to Azure Information Protection > Network scan jobs and create jobs to scan specific areas of your network.

  5. 使用新的“存储库”窗格中生成的报告找出可能存在风险的其他网络文件共享。Use the generated reports on the new Repositories pane to find additional network file shares that may be at risk. 将有风险的所有文件共享添加到内容扫描作业,以扫描添加的存储库中的敏感内容。Add any risky file shares to your content scan jobs to scan the added repositories for sensitive content.

网络发现 cmdlet(公共预览版)Network discovery cmdlets (public preview)

为网络发现添加的 PowerShell cmdlet 包括:PowerShell cmdlets added for Network Discovery include:

CmdletCmdlet 说明Description
Get-MIPNetworkDiscoveryConfigurationGet-MIPNetworkDiscoveryConfiguration 获取有关网络发现服务是从默认的联机配置还是从 Azure 门户导出的脱机文件中拉取网络扫描数据的当前设置。Gets the current setting for whether the Network Discovery service pulls network scan data from the default, online configuration, or an offline file exported from the Azure portal.
Get-MIPNetworkDiscoveryJobsGet-MIPNetworkDiscoveryJobs 获取当前配置的网络扫描作业的列表。Gets a list of currently configured network scan jobs.
Get-MIPNetworkDiscoveryStatusGet-MIPNetworkDiscoveryStatus 获取租户中配置的所有网络扫描作业的当前状态。Gets the current status of all network scan jobs configured in your tenant.
Import-MIPNetworkDiscoveryConfigurationImport-MIPNetworkDiscoveryConfiguration 从文件导入网络扫描作业的配置。Imports the configuration for a network scan job from a file.
Install-MIPNetworkDiscoveryInstall-MIPNetworkDiscovery 安装网络发现服务Installs the Network Discovery service
Set-MIPNetworkDiscoveryConfigurationSet-MIPNetworkDiscoveryConfiguration 设置有关网络发现服务是从默认的联机配置还是从 Azure 门户导出的脱机文件中拉取网络扫描数据的配置。Sets the configuration for whether the Network Discovery service pulls network scan data from the default, online configuration, or an offline file exported from the Azure portal.
Start-MIPNetworkDiscoveryStart-MIPNetworkDiscovery 立即运行特定的网络扫描作业。Runs a specific network scan job immediately.
Uninstall-MIPNetworkDiscoveryUninstall-MIPNetworkDiscovery 卸载网络发现服务。Uninstalls the Network Discovery service.

针对 Outlook 中 AIP 弹出窗口的管理员自定义操作Administrator customizations for AIP popups in Outlook

AIP 管理员现在可以自定义 Outlook 中向最终用户显示的弹出窗口,例如有关已阻止电子邮件、警告消息和理由提示的弹出窗口。AIP administrators can now customize the popups that appear in Outlook for end-users, such as popups for blocked emails, warning messages, and justification prompts.

有关详细信息(包括常见用例方案的多个示例规则),请参阅自定义 Outlook 弹出消息For more information, including several sample rules for common use case scenarios, see Customize Outlook popup messages.

针对理由提示的管理员自定义操作Administrator customizations for justification prompts

AIP 管理员现在可以自定义当最终用户更改文档和电子邮件中的分类标签时显示的理由提示中的一个选项。AIP administrators can now customize one of the options in the justification prompts that are displayed when end-users change classification labels on documents and emails.

有关详细信息,请参阅自定义已修改标签的理由提示文本For more information, see Customize justification prompt texts for modified labels.

审核日志更新Audit log updates

现在,仅当用户打开了标记的或受保护的文件,并更清晰地指明发生用户访问时,才会发送来自统一标记客户端的访问事件审核日志。Audit logs for access events from the unified labeling client are now sent only when users open labeled or protected files, providing a clearer indication of user access.

访问事件审核日志不再发送信息类型,现在只有发现事件审核日志才发送信息类型。Information types are no longer sent by audit logs for access events, and are now sent only with audit logs for discover events.

有关详细信息,请参阅访问审核日志For more information, see Access audit logs.

有关详细信息,请参阅 Azure 信息保护审核日志参考For more information, see Azure Information Protection audit log reference.

基于 DKE 模板的标记更新DKE template-based labeling updates

Azure 信息保护现在支持在扫描程序中使用基于双重密钥加密 (DKE) 模板的标记,另外还支持使用文件资源管理器和 PowerShell。Azure Information Protection now supports Double Key Encryption (DKE) template-based labeling in the scanner, as well as using the File Explorer and PowerShell.

有关详情,请参阅:For more information, see:

Azure 信息保护扫描程序版本 2.8.85.0 中已修复的问题Azure Information Protection scanner fixed issues, version 2.8.85.0

Azure 信息保护统一标记扫描程序版本 2.8.85.0 中提供了以下修复:The following fixes were delivered in version 2.8.85.0 of the Azure Information Protection unified labeling scanner:

  • 改进了对路径较长的文件的扫描Improvements for scanning files with long paths
  • 存在多个 ContentDatabase 时,AIP 扫描程序现在会扫描完整的 SharePoint 环境。The AIP scanner now scans full SharePoint environments when there are multiple ContentDatabases.
  • AIP 扫描程序现在支持路径中包含句点、但不包含扩展名的 SharePoint 文件。The AIP scanner now supports SharePoint files with a period in the path, but no extension. 例如,现在可以成功扫描路径为 https://sharepoint.contoso.com/shared documents/meeting-notes 且不包含扩展名的文件。For example, a file with a path of https://sharepoint.contoso.com/shared documents/meeting-notes, with no extension, is now scanned successfully.
  • AIP 扫描程序现在支持在 Microsoft 安全与合规中心创建的、不属于任何策略的自定义敏感信息类型The AIP scanner now supports custom sensitive information types that are created in the Microsoft Security and Compliance center, and do not belong to any policy.

Azure 信息保护客户端版本 2.8.85.0 中已修复的问题Azure Information Protection client fixed issues, version 2.8.85.0

Azure 信息保护统一标记客户端版本 2.8.85.0 中提供了以下修复:The following fixes were delivered in version 2.8.85.0 of the Azure Information Protection unified labeling client:

  • 为 Office 应用的“敏感度”“列”图标菜单中当前选定的任何项提供新的旁白式指示。A new, narrated indication for any items currently selected from the Sensitivity columns icon menu in Office apps. 有关详细信息,请参阅有关 Microsoft 365 文档中的敏感度标签的页面。For more information, see the page on Sensitivity labels in the Microsoft 365 docs.
  • 修复了在 AIP 查看器中查看 JPEG 文件时出现的问题Fixes for viewing JPEG files in the AIP Viewer
  • 降级标签的操作现在会自动在 审核事件中包含 ProtectionOwnerBeforeDowngrading a label now automatically includes the ProtectionOwnerBefore in audit events
  • 更改事件现在会在 审核日志中包含 LastModifiedDateChange events now include the LastModifiedDate in audit logs
  • 添加了在使用代理获取令牌时对 Proxy.pac 文件的支持。Added support for Proxy.pac files when using a proxy to acquire a token. 有关详细信息,请参阅防火墙和网络基础结构要求For more information, see Firewalls and network infrastructure requirements.
  • 修复了刷新策略时出现的身份验证问题Fixes for authenticating when refreshing policies
  • 修复了在只读模式下对 PowerPoint 进行自动内容标记更新时出现的问题Fixes for automatic content marking updates for PowerPoint in read-only mode
  • 改善了弹出窗口和错误文本Improvements in popups and error texts
  • 工具提示将会更新,在同时考虑电子邮件和附件分类的情况下,显示最高的电子邮件附件分类Tooltip updates to show the highest classification for email attachments, considering both the classification of the email and the attachment.
  • 修复了在使用 Set-LabelPolicy cmdlet 修改敏感度标记策略时“报告问题”文本存在的问题Fixes to the Report an Issue text when modifying sensitivity labeling policies using the Set-LabelPolicy cmdlet
  • 修复了结合无效标签 ID 使用 Set-AipFileLabel cmdlet 时显示的错误。Fixes in errors shown when the Set-AipFileLabel cmdlet is used with an invalid label ID.
  • 修复了在 Outlook 阅读窗格中解密 SMIME 电子邮件时存在的性能问题。Performance fixes for decrypting SMIME emails in Outlook's reading pane. 若要实施此修复,请启用 OutlookSkipSmimeOnReadingPaneEnabled 高级属性。To implement this fix, enable the OutlookSkipSmimeOnReadingPaneEnabled advanced property.
  • 修复了解密包含密码加密文件的 PST 文件时出现的问题。Fixes for decrypting PST files that contain password-encrypted files. 如果 PST 文件包含密码保护的文件,解密 PST 文件不再失败。Decrypting PST files no longer fails if the PST file contains a password-protected file.
  • 现在,删除未包含在有作用域内策略中的保护标签会从内容中删除该标签和保护。Removing a protection label that is not included in your scoped policy now removes both the label and protection from the content.

版本 2.7.101.0Version 2.7.101.0

统一标记扫描程序和客户端版本 2.7.101.0Unified labeling scanner and client version 2.7.101.0

发布日期 08/23/2020Released 08/23/2020

支持截止日期 3/22/2021Supported through 3/22/2021

修复:Fix:

修复了 PPT、Excel 和 Word 用户遇到的问题,该问题导致文件冻结、崩溃或强迫重复保存,它与在强制标签中配置了保护、水印和/或内容标记相关。Fixed issue for PPT, Excel and Word users which resulted in files freezing, crashing, or being forced to repeat save that was related to mandatory labels configured with protection, watermarking, and/or content marking.

版本 2.7.99.0Version 2.7.99.0

统一标记扫描程序和客户端版本 2.7.99.0Unified labeling scanner and client version 2.7.99.0

发布日期 07/20/2020Released 07/20/2020

支持截止日期 2/23/2021Supported through 2/23/2021

修复和改进Fixes and improvements:

修复了针对“新标签”审核日志执行文件标记操作时出现的问题。Fixed issues in file labeling actions for New Label audit logs.

有关详细信息,请参阅版本 2.7.96.0Azure 信息保护审核日志参考(公共预览版)For more information, see Version 2.7.96.0 and Azure Information Protection audit log reference (public preview).

版本 2.7.96.0Version 2.7.96.0

统一标记扫描程序和客户端版本 2.7.96.0Unified labeling scanner and client version 2.7.96.0

发布日期 06/29/2020Released 06/29/2020

支持截止日期 1/20/2021Supported through 1/20/2021

统一标记扫描程序版本 2.7.96.0 的新功能New features for the unified labeling scanner, version 2.7.96.0

统一标记客户端版本 2.7.96.0 的新功能New features for the unified labeling client, version 2.7.96.0

为已删除的文件生成新审核日志New audit logs generated for removed files

现在,每当扫描程序检测到以前扫描过的文件现已被删除时,都会生成审核日志。Audit logs are now generated each time the scanner detects that a file that had previously been scanned is now removed.

有关详情,请参阅:For more information, see:

重要

在此版本中,文件标记操作不会生成“新标签”审核日志。In this version, file labeling actions do not generate New Label audit logs. 如果在 Enforce=On 模式下运行扫描程序,我们建议升级到版本 2.7.99.0If you run the scanner in Enforce=On mode, we recommend that upgrade to Version 2.7.99.0.

强制执行 TLS 1.2TLS 1.2 enforcement

从此版 Azure 信息保护客户端开始,仅支持 TLS 1.2 或更高版本。Starting with this version of the Azure Information Protection client, only TLS versions 1.2 or later are supported.

使用不支持 TLS 1.2 的 TLS 设置的客户必须改为使用支持 TLS 1.2 的设置,才能使用 Azure 信息保护策略、令牌、审核和保护来实现基于 Azure 信息保护的通信。Customers that have a TLS setup that does not support TLS 1.2 must move to a setup that supports TLS 1.2 to use Azure Information Protection policies, tokens, audit, and protection, and to receive Azure Information Protection-based communication.

有关更多要求细节,请参阅防火墙和网络基础结构要求For more requirement details, see Firewalls and network infrastructure requirements.

版本 2.7.96.0 的修复和改进Fixes and improvements, version 2.7.96.0

  • 扫描程序 SQL 方面的改进:Scanner SQL improvements for:

    • 性能Performance
    • 存在大量信息类型的文件Files with large numbers of information types
  • SharePoint 扫描方面的改进:SharePoint scanning improvements for:

    • 扫描性能Scanning performance
    • 路径中包含特殊字符的文件Files with special characters in the path
    • 包含大量文件的库Libraries with large file count

    若要查看有关在 SharePoint 中使用 Azure 信息保护的快速入门,请参阅快速入门:查找本地存储的文件中的敏感信息To view a quickstart for using Azure Information Protection with SharePoint, see Quickstart: Find what sensitive information you have in files stored on-premises.

  • 改善了有关缺少策略的用户通知。Improved user notifications for missing policies. 有关统一标记客户端的标签策略的详细信息,请参阅 Microsoft 365 文档中的标签策略的作用For more information about label policies for the unified labeling client, see What label policies can do in the Microsoft 365 documentation.

  • 现在,在 Excel 中,当用户在不保存的情况下关闭文件时,将应用自动标签,就如同用户主动保存文件时一样。Automatic labels are now applied in Excel for scenarios where a user starts to close a file without saving, just as they are when a user actively saves a file.

  • 配置 ExternalContentMarkingToRemove 设置后,将按预期方式删除页眉和页脚,而不是每次保存文档时删除。Headers and footers are removed as expected, and not on each document save, when the ExternalContentMarkingToRemove setting is configured.

  • 动态用户变量现在会按预期方式显示在文档的视觉标记中。Dynamic user variables are now displayed in a document's visual markings as expected.

  • 只已解决仅使用第一页 PDF 内容应用自动分类规则的问题,基于 PDF 中所有内容的自动分类现在会按预期方式继续进行。Issue where only the first page of content of a PDF was being used for applying autoclassification rules is now resolved, and autoclassification based on all content in the PDF now proceeds as expected. 有关分类和标记的详细信息,请参阅分类和标记常见问题解答For more information about classification and labeling, see the classification and labeling FAQ.

  • 当配置了多个 Exchange 帐户并且启用了 Azure 信息保护 Outlook 客户端时,会按预期方式从辅助帐户发送邮件。When multiple Exchange accounts are configured and the Azure Information Protection Outlook client is enabled, mails are sent from the secondary account as expected. 有关在 Outlook 中配置统一标记客户端的详细信息,请参阅配置组策略以防止禁用 AIPFor more information about configuring the unified labeling client with Outlook, see Configure your group policy to prevent disabling AIP.

  • 将包含较高机密性标签的文档拖放到电子邮件中时,该电子邮件现在会自动按预期方式接收较高机密性标签。When a document with a higher confidentiality label is dragged and dropped into an email, the email now automatically receives the higher confidentiality label as expected. 有关标记客户端功能的详细信息,请参阅标记客户端比较表For more information about labeling client features, see the labeling client comparison table.

  • 当电子邮件地址同时包含撇号 (') 和句点 (.) 时,自定义权限现在会按预期方式应用到电子邮件。有关在 Outlook 中配置统一标记客户端的详细信息,请参阅配置组策略以防止禁用 AIPCustom permissions are now applied to emails as expected, when email addresses include both an apostrophe (') and period (.) For more information about configuring the unified labeling client with Outlook, see Configure your group policy to prevent disabling AIP.

  • 默认情况下,当文件由统一标记扫描程序、PowerShell 或文件资源管理器扩展标记时,该文件的 NTFS 所有者将会丢失。By default, a file's NTFS owner is lost when the file is labeled by the unified labeling scanner, PowerShell, or the File Explorer extension. 现在,可以通过将新的 UseCopyAndPreserveNTFSOwner 高级设置指定为 true,将系统配置为保留文件的 NTFS 所有者。Now you can configure the system to keep the file's NTFS owner by setting the new UseCopyAndPreserveNTFSOwner advanced setting to true.

    UseCopyAndPreserveNTFSOwner 高级设置要求在扫描程序和扫描的存储库之间建立低延迟且可靠的网络连接。The UseCopyAndPreserveNTFSOwner advanced setting requires a low latency, reliable network connection between the scanner and the scanned repository.

后续步骤Next steps

不确定是否适合安装统一标记客户端?Not sure if unified labeling is the right client to install? 请参阅选择 Windows 标记解决方案See Choose your Windows labeling solution.

有关安装和使用统一标记客户端的详细信息:For more information about installing and using the unified labeling client: