Azure 信息保护的客户端The client side of Azure Information Protection

适用于:Active Directory Rights Management Services、Azure 信息保护Azure 信息保护Windows 10、Windows 8.1、Windows 8、Windows Server 2019、Windows Server 2016、Windows Server 2012 R2、Windows Server 2012Applies to: Active Directory Rights Management Services, Azure Information Protection,Azure Information Protection, Windows 10, Windows 8.1, Windows 8, Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, Windows Server 2012

如果你有 Windows 7 或 Office 2010,请参阅 AIP 与旧版 Windows 和 OfficeIf you have Windows 7 or Office 2010, see AIP and legacy Windows and Office versions.

相关内容:AIP 统一标记客户端和经典客户端Relevant for: AIP unified labeling client and classic client*

备注

为了提供统一、简化的客户体验,Azure 门户中的 Azure 信息保护经典客户端和标签管理将于 2021 年 3 月 31 日弃用 。To provide a unified and streamlined customer experience, Azure Information Protection classic client and Label Management in the Azure Portal are being deprecated as of March 31, 2021. 在此时间框架内,所有 Azure 信息保护客户都可以使用 Microsoft 信息保护统一标记平台转换到我们的统一标记解决方案。This time-frame allows all current Azure Information Protection customers to transition to our unified labeling solution using the Microsoft Information Protection Unified Labeling platform. 有关详细信息,请参阅官方弃用通知Learn more in the official deprecation notice.

Azure 信息保护统一标记客户端提供了一种客户端-服务器解决方案,可帮助保护组织的文档和电子邮件,并且是用于 Microsoft Office 的内置标记解决方案的替代方案。The Azure Information Protection unified labeling client provides a client-server solution that helps protect an organization's documents and emails, and is an alternative to the built-in labeling solution for Microsoft Office.

除了直接与 Office 应用程序集成外,统一标记客户端包括对文件资源管理器和 PowerShell 的支持,以便你可以在 Office 外部对文件进行分类和保护。In addition to integrating directly with Office applications, the unified labeling client includes support for the File Explorer and PowerShell, so that you can classify and protect files outside of Office. 其他组件包括用于受保护 PDF 和图像的查看器以及用于本地数据存储的扫描程序。Additional components include a viewer for protected PDFs and images, and a scanner for on-premises data stores.

统一标记客户端必须单独安装到 Office 应用。The unified labeling client must be installed separately to Office apps.

服务驻留在云中或本地:The service resides in the cloud or on-premises:

  • 云服务是 Azure 信息保护,使用 Azure Rights Managements 服务进行数据保护The cloud service is Azure Information Protection, and uses the Azure Rights Managements service for data protection
  • 本地服务是 Active Directory Rights Management Services (AD RMS)The on-premises service is Active Directory Rights Management Services (AD RMS)

选择 Windows 标记解决方案Choose your Windows labeling solution

标签可让用户更轻松地应用保护,还可提供分类,以便可以跟踪和管理数据。Labels make it easier for your users to apply protection, and also provide classification so that you can track and manage your data.

选择 Windows 标记解决方案时,请考虑以下基本差异:When choosing a Windows labeling solution, consider the following basic differences:

  • 从何处下载标签和标签策略Where labels and label policies are downloaded from

    内置标记解决方案和 AIP 统一标记客户端使用以下管理中心之一:The built-in labeling solution and the AIP unified labeling client use one of the following admin centers:

    • Office 365 安全与合规中心Office 365 Security & Compliance Center
    • Microsoft 365 安全中心Microsoft 365 security center
    • Microsoft 365 合规中心Microsoft 365 compliance center

    如果使用旧的 AIP 经典客户端,则在 Azure 门户中下载和管理标签和标签策略。If you are using the legacy AIP classic client, your labels and label policies are downloaded and managed in the Azure portal.

  • 安装要求Installation requirements

    内置标记解决方案无需单独安装。The built-in labeling solution does not require a separate installation.

    AIP 统一标记客户端和旧的经典客户端都需要单独安装到 Office。The AIP unified labeling client and the legacy classic client both require a separate installation to Office. Microsoft 下载中心下载并安装统一标记客户端。Download and install the unified labeling client from the Microsoft Download Center.

    如果需要下载并安装旧的经典客户端,请联系支持人员并创建票证以访问安装文件。If you need to download and install the legacy classic client, contact support and open a ticket to access the installation file.

使用以下部分可帮助你确定最适合组织的客户端:Use the following sections to help you determine which client is best for your organization:

有关详细信息,请参阅:AIP 客户端的详细比较没有为统一标记客户端规划的功能For more information, see: Detailed comparisons for the AIP clients and Features not planned for the unified labeling client.

备注

最新版本的统一标记客户端使其在功能上与经典客户端接近。The latest version of the unified labeling client brings it to close parity in features with the classic client. 随着这一差距的缩小,可以预期只会向统一标记客户端添加新功能。As this gap closes, you can expect new features to be added only to the unified labeling client.

如果统一标记客户端目前的功能集和功能可满足你的业务需求,建议部署它。We recommend that you deploy the unified labeling client if its current feature set and functionality meet your business requirements.

内置 Office 标记解决方案Built-in Office labeling solution

内置到 Microsoft Office 的标记解决方案:The labeling solution that's built-in to Microsoft Office:

  • 需要具有 Microsoft 365 应用程序的 Windows 计算机(最低版本 1910)Requires a Windows computer with Microsoft 365 applications, minimum version 1910
  • 使你可以共享 macOS、iOS 和 Android 也可以使用的标签和策略设置Enables you to share labels and policy settings that can also be used by macOS, iOS, and Android
  • 支持切换帐户Supports switching accounts
  • 在 Office 应用程序中提供更好的性能Provides better performance in Office applications
  • 不需要单独安装和维护Does not require a separate installation and maintenance
  • 无法禁用。Cannot be disabled.

如果需要仅由 Azure 信息保护客户端提供的功能(如功能区下的信息保护栏),请勿使用内置 Office 标记客户端。Don't use the built-in Office labeling client if you need features provided only the Azure Information Protection clients, such as the Information Protection bar under the ribbon. 此栏提供更方便的标签选择和可见性。This bar provides easier label selection and visibility.

Azure 信息保护统一标识客户端Azure Information Protection unified labeling client

统一标记客户端需要 Windows 计算机,并使你可以共享 macOS、iOS 和 Android 也可以使用的标签和策略设置。The unified labeling client requires a Windows computer, and enables you to share labels and policy settings that can also be used by macOS, iOS, and Android.

如果在 Azure 门户中配置了尚未迁移到统一标记存储的标签,请勿使用统一标记客户端。Don't use the unified labeling client if you have configured labels in the Azure portal that you haven't yet migrated to the unified labeling store.

Azure 信息保护经典客户端Azure Information Protection classic client

经典客户端是 AIP 的旧客户端,支持与统一标记客户端类似的功能,也必须单独安装到 Office 应用。The classic client is AIP's legacy client, supports similar features as the unified labeling client, and must also be installed separately to Office apps.

2021 年 3 月将弃用经典客户端。The classic client is being deprecated in March 2021.

仅当尚未迁移到统一标记时,才使用经典客户端。Use the classic client only if you haven't yet migrated to unified labeling. 有关详细信息,请参阅教程:从 Azure 信息保护 (AIP) 经典客户端迁移到统一标记客户端For more information, see Tutorial: Migrating from the Azure Information Protection (AIP) classic client to the unified labeling client.

对于 macOS、iOS 和 Android,经典客户端具有不同的策略设置。The classic client has different policy settings for macOS, iOS, and Android. 因此,虽然你可能要使用其他功能,但你必须使用单独的管理门户和用户体验来保护操作系统上的内容。So, while you may want to use the additional features, you'll have to work with a separate management portal and user experience to protect content across operating systems.

如果可能,建议使用统一标记客户端,而不是经典客户端。Where possible, we recommend using the unified labeling client instead of the classic client.

在同一环境中使用多个客户端Using multiple clients in the same environment

可以在同一环境中使用不同的客户端支持不同的业务要求,如下面的部署示例中所示。You can use different clients in the same environment to support different business requirements, as demonstrated in the following deployment example. 在混合客户端环境中,建议使用统一标签,以便客户端共享相同的标签集以便于管理。In a mixed client environment, we recommend you use unified labels so that clients share the same set of labels for ease of administration. 默认情况下,新客户具有统一标签,因为其租户位于统一标记平台上。New customers have unified labels by default because their tenants are on the unified labeling platform. 有关详细信息,请参阅如何确定我的租户是否在统一标记平台上?For more information, see How can I determine if my tenant is on the unified labeling platform?

如果 Windows 计算机运行的 Microsoft 365 应用的最低版本为 1910,并且安装了一个 Azure 信息保护客户端,则默认情况下,在 Office 应用中会禁用内置标记解决方案。When you have a Windows computer that runs Microsoft 365 apps that are a minimum version 1910 and one of the Azure Information Protection clients is installed, by default the built-in labeling solution is disabled in Office apps. 但是可以更改此行为,以便仅对 Office 应用使用内置标记解决方案。However, you can change this behavior to use the built-in labeling solution for just your Office apps. 使用此配置时,Azure 信息保护客户端仍可用于在文件资源管理器、PowerShell 和扫描程序中进行标记。With this configuration, the Azure Information Protection client remains available for labeling in File Explorer, PowerShell, and the scanner. 有关在 Microsoft 365 应用中禁用 Azure 信息保护客户端的说明,请参阅 Microsoft 365 合规性文档中的 Office 内置标记解决方案和 Azure 信息保护客户端部分。For instructions to disable the Azure Information Protection client in Microsoft 365 apps, see the section Office built-in labeling solution and the Azure Information Protection client from the Microsoft 365 Compliance documentation.

示例部署策略Sample deployment strategy
  • 对于大多数用户,可部署 Azure 信息保护统一标记客户端,因为此客户端满足这些用户的业务需求。For the majority of users, you deploy the Azure Information Protection unified labeling client because this client meets the business needs for these users.

    对于这些用户,他们在 Windows、Mac、iOS 和 Android 中的标记体验是相似的,因为发布给他们的标签相同并且他们具有相同的策略设置。For these users, their labeling experience is similar across Windows, Mac, iOS, and Android because they have the same labels published to them and the same policy settings. 作为管理员,你可以在同一管理中心管理这些标签和策略设置。As an admin, you manage these labels and policy settings in the same management center.

  • 你还可为自己安装统一标记客户端,以测试 Azure 信息保护扫描程序。You also install the unified labeling client for yourself, to test the Azure Information Protection scanner.

  • 对于一部分用户,你可部署经典客户端,因为这些用户需要应用“保存自己的密钥”(HYOK) 保护的标签。For a subset of users, you deploy the classic client because these users require labels that apply hold your own key (HYOK) protection.

    对于这些用户,他们在使用此客户端时具有略微不同的标记体验。For these users, they have a slightly different labeling experience when they use this client. 例如,他们在 Office 应用中会看到“保护”按钮,而不是“敏感度”按钮 。For example, they see a Protect button rather than a Sensitivity button in Office apps. 作为管理员,你需要将另一个管理中心的 HYOK 设置和策略设置的标签管理到其他客户端平台的标签和设置。As an admin, you need to manage their labels for HYOK settings and policy settings in a different management center to the labels and settings for the other client platforms.

  • 你具有本地数据存储,其中包含需要扫描敏感信息或进行分类和保护的文档。You have on-premises data stores with documents that need to be scanned for sensitive information, or classified and protected. 对于生产用途,请在服务器上部署统一标记客户端,以运行 Azure 信息保护扫描程序For production use, you deploy the unified labeling client on servers to run the Azure Information Protection scanner.

Rights Management 客户端Rights Management client

RMS 客户端仅提供保护,会自动与某些应用程序(包括 Office 应用程序、AIP 统一标记和经典客户端)以及其他软件供应商提供的启用 RMS 的应用程序一起安装。The RMS client provides protection only, and is automatically installed with some applications, including Office applications, the AIP unified labeling and classic clients, and RMS-enlightened applications from other software vendors.

还可以自行安装 RMS 客户端,以支持从受 IRM 保护的库和 OneDrive 同步文件,并为要将权限管理保护集成到业务线应用程序中的开发者提供支持。You can also install the RMS client yourself, to support synchronizing files from IRM-protected libraries and OneDrive, and for developers who want to integrate rights management protection into line-of-business applications.

比较适用于 Windows 计算机的标记解决方案Compare the labeling solutions for Windows computers

使用下表可帮助比较 Windows 计算机的三个标记解决方案支持的功能。Use the following table to help compare which features are supported by the three labeling solutions for Windows computers.

若要在不同操作系统平台(Windows、macOS、iOS 和 Android)间比较 Office 内置敏感度标记功能,请参阅 Microsoft 365 合规性文档应用中的敏感度标签功能支持To compare the Office built-in sensitivity labeling features across different operating system platforms (Windows, macOS, iOS, and Android) and for the web, see the Microsoft 365 Compliance documentation, Support for sensitivity label capabilities in apps. 本文档还包括受支持功能的 Office 生成号或 Office 更新通道信息。This documentation also includes the Office build numbers or Office update channel information for the supported features.

有关更多详细信息,另请参阅:For even more details, see also:

功能Feature 经典客户端Classic client 统一标记客户端Unified labeling client 内置 Office 标记解决方案Office built-in labeling solution
手动标记Manual labeling 是 是 是
默认标签Default label 是 是 是
建议标记或自动标记Recommended or automatic labeling
适用于 Word、Excel、PowerPoint、OutlookFor Word, Excel, PowerPoint, Outlook
是 是 是
强制标记Mandatory labeling 是 是 是
适用于标签的用户定义的权限User-defined permissions for a label:
对于电子邮件不转发Do Not Forward for emails
是 是 是
适用于标签的用户定义的权限User-defined permissions for a label:
适用于 Word、Excel、PowerPoint 的自定义权限Custom permissions for Word, Excel, PowerPoint
是 是 是
对标签的多语言支持Multilanguage support for labels 是 是 是
来自电子邮件附件的标签继承Label inheritance from email attachments 是 是 否
包括以下内容的自定义项Customizations that include:
- 电子邮件的默认标签- Default label for email
- Outlook 中的弹出消息- Pop up messages in Outlook
- S/MIME 支持- S/MIME support
- 报告问题选项- Report an Issue option
是 1yes 1 是 2yes 2 否
本地数据存储的扫描程序Scanner for on-premises data stores 是 是 否
中央报告(分析)Central reporting (analytics) 是 是 否
独立于标签的自定义权限集Custom permissions set independently from a label 是 是 3yes 3 否
Office 应用中的“信息保护”栏Information Protection bar in Office apps 是 是 否
作为标签操作的视觉标记Visual markings as a label action
(页眉、页脚、水印)(header, footer, watermark)
是 是 是
每应用视觉标记Per app visual markings 是 是 是 9yes 9
具有变量的动态视觉标记Dynamic visual markings with variables 是 是 是 9yes 9
删除应用中的外部内容标记Remove external content marking in app 是 是 否
具有文件资源管理器的标签Label with File Explorer 是 是 否
受保护文件的查看器A viewer for protected files
(文本、图像、PDF、.pfile)(text, images, PDF, .pfile)
是 是 否
对应用标签的 PPDF 支持PPDF support for applying labels 是 否 否
PowerShell 标记 cmdletPowerShell labeling cmdlets 是 是 否
离线支持保护操作Offline support for protection actions 是 是 4yes 4 是
对已断开连接计算机的手动策略文件管理Manual policy file management for disconnected computers 是 是 否
HYOK 支持HYOK support 是 否 否
事件查看器中的使用情况日志记录Usage logging in Event Viewer 是 否 否
在 Outlook 中显示“不可转发”按钮Display the Do Not Forward button in Outlook 是 否 否
跟踪受保护文档Track protected documents 是 5yes 5 是 5yes 5 否
撤销受保护文档Revoke protected documents 是 5yes 5 是 5yes 5 否
仅保护模式(无标签)Protection-only mode (no labels) 是 否 否
对帐户切换的支持Support for account switching 否 否 是
对远程桌面服务的支持Support for Remote Desktop Services 是 是 是
对 AD RMS 的支持Support for AD RMS 是 否 6no 6 否
对 Microsoft Office 97-2003 格式的支持Support for Microsoft Office 97-2003 formats 是 是 否 8no 8
双重密钥加密Double Key Encryption 否 是 否
政府社区云Government Community Cloud 是 是 是

脚注Footnotes:

1 这些设置和许多其他设置支持作为在 Azure 门户中配置的高级客户端设置1 These settings, and many more are supported as advanced client settings that you configure in the Azure portal.

2 这些设置和许多其他设置支持作为使用 PowerShell 配置的高级设置2 These settings, and many more are supported as advanced settings that you configure with PowerShell.

3 受文件资源管理器和 PowerShell 支持。3 Supported by File Explorer and PowerShell. 在 Office 应用中,用户可以选择“文件信息” > “保护文档” > “限制访问”。In Office apps, users can select File Info > Protect Document > Restrict Access.

4 对于文件资源管理器和 PowerShell 命令,用户必须连接到 Internet 才能保护文件。4 For File Explorer and PowerShell commands, the user must be connected to the internet to protect files.

5 有关详细信息,请参阅:统一标记客户端:管理员指南(公共预览版) | 用户指南(公共预览版)5 For more information, see: Unified labeling client: Admin guide (Public preview) | User guide (Public preview). 仅对全局管理员才支持跟踪。Tracking is supported for Global admins only. 经典客户端:管理员指南 | 用户指南Classic client: Admin guide | User guide. 管理员还可以使用中央报告来确定是否从 Windows 计算机访问受保护文档,以及授予还是拒绝访问。Administrators can also use central reporting to identify whether protected documents are accessed from Windows computers, and whether access was granted or denied.

6 标记和保护操作不受支持。6 Labeling and protection actions aren't supported.

8 尽管 AIP 客户端同时支持 Microsoft Office 97-2003 文件格式(如 .doc)和 Office Open XML 格式(如 .docx),但内置标记仅支持 Open XML 格式。8 While the AIP clients support both Microsoft Office 97-2003 file formats, such as .doc, as well as Office Open XML formats, such as .docx, the built-in labeling supports Open XML formats only.

9 有关内置标记解决方案的动态内容标记和每应用内容标记支持的详细信息,请参阅 Microsoft 365 文档9 For more information about support for dynamic content markings and per app content markings for the built-in labeling solution, see the Microsoft 365 documentation.

Azure 信息保护客户端的详细比较Detailed comparisons for the Azure Information Protection clients

当 Azure 信息保护经典客户端和 Azure 信息保护统一标记客户端都支持相同功能时,请使用以下列表帮助确定两个客户端之间的功能差异:When the Azure Information Protection classic client and the Azure Information Protection unified labeling client both support the same feature, use the following lists to help identify some functional differences between the two clients:

功能Functionality 经典客户端Classic client 统一标记客户端Unified labeling client
安装Setup 安装本地演示策略的选项Option to install local demo policy 没有本地演示策略No local demo policy
在 Office 应用中应用时的标签选择和显示Label selection and display when applied in Office apps 通过功能区上的“保护”按钮From the Protect button on the ribbon

通过“信息保护”栏(功能区下方的水平栏)From the Information Protection bar (horizontal bar under the ribbon)
通过功能区上的“敏感度”按钮From the Sensitivity button on the ribbon

通过“信息保护”栏(功能区下方的水平栏)From the Information Protection bar (horizontal bar under the ribbon)
在 Office 应用中管理“信息保护”栏Manage the Information Protection bar in Office apps 对于用户:For users:
从功能区上的“保护”按钮选择显示或隐藏栏Option to show or hide the bar from the Protect button on the ribbon

如果用户选择隐藏栏,默认情况下,该栏在应用中隐藏,但会继续自动显示在新打开的应用中When a user selects to hide the bar, by default, the bar is hidden in that app, but continues to automatically display in newly opened apps

对于管理员:For admins:
在应用首次打开时,通过策略设置自动显示或隐藏栏,并控制在用户选择隐藏栏后,该栏是否对新打开的应用自动保持隐藏状态Policy settings to automatically show or hide the bar when an app first opens, and control whether the bar automatically remains hidden for newly opened apps after a user selects to hide the bar
对于用户:For users:
从功能区上的“敏感度”按钮选择显示或隐藏栏。Option to show or hide the bar from the Sensitivity button on the ribbon.

如果用户选择隐藏栏,该栏在该应用和新打开的应用中都会隐藏When a user selects to hide the bar, the bar is hidden in that app and also in newly opened apps

对于管理员:For admins:
用于管理栏的 PowerShell 设置PowerShell setting to manage the bar
标签颜色Label color 在 Azure 门户中配置Configure in the Azure portal 在迁移标签之后保留,可使用 PowerShell 进行配置Retained after label migration and configurable with PowerShell
标签支持不同语言Labels support different languages 在 Azure 门户中配置Configure in the Azure portal 使用 Office 365 安全与合规 PowerShell 进行配置Configure by using Office 365 Security & Compliance PowerShell
策略更新Policy update - Office 应用打开时- When an Office app opens
- 右键单击以分类和保护文件或文件夹时- When you right-click to classify and protect a file or folder
- 在运行 PowerShell cmdlet 以实现标记和保护时- When you run the PowerShell cmdlets for labeling and protection
- 每 24 小时- Every 24 hours
- 对于扫描程序:为每小时以及当服务启动并且策略生效超过一小时时- For the scanner: Every hour and when the service starts and the policy is older than one hour
- Office 应用打开时- When an Office app opens
- 右键单击以分类和保护文件或文件夹时- When you right-click to classify and protect a file or folder
- 在运行 PowerShell cmdlet 以实现标记和保护时- When you run the PowerShell cmdlets for labeling and protection
- 每 4 小时- Every 4 hours
- 对于扫描程序:每 4 小时- For the scanner: Every 4 hours
PDF 支持的格式Supported formats for PDF 保护:Protection:
- PDF 加密的 ISO 标准(默认)- ISO standard for PDF encryption (default)
- .ppdf- .ppdf

消耗Consumption:
- PDF 加密的 ISO 标准- ISO standard for PDF encryption
- .ppdf- .ppdf
- SharePoint IRM 保护- SharePoint IRM protection
保护:Protection:
- PDF 加密的 ISO 标准- ISO standard for PDF encryption

消耗Consumption:
- PDF 加密的 ISO 标准- ISO standard for PDF encryption
- .ppdf- .ppdf
- SharePoint IRM 保护- SharePoint IRM protection
使用查看器打开的一般受保护文件 (.pfile)Generically protected files (.pfile) opened with the viewer 文件会在原始应用中打开,然后可在不受保护的情况下在其中进行查看、修改和保存File opens in the original app where it can then be viewed, modified, and saved without protection 文件会在原始应用中打开,然后可在其中进行查看和修改,但不进行保存File opens in the original app where it can then be viewed and modified, but not saved
受支持的 cmdletSupported cmdlets - 用于标记的 cmdlet- Cmdlets for labeling
- 仅用于保护的 cmdlet- Cmdlets for protection-only
用于标记的 cmdlet:Cmdlets for labeling:
Set-AIPFileClassificationSet-AIPFileLabel 不支持 Owner 参数Set-AIPFileClassification and Set-AIPFileLabel don't support the Owner parameter
此外,对于未应用标签的所有场景,都有一条“无适用标签”的注释In addition, there is a single comment of "No label to apply" for all scenarios where a label isn't applied

Set-AIPFileClassification 支持 WhatIf 参数,因此可以在发现模式下运行Set-AIPFileClassification supports the WhatIf parameter, so it can be run in discovery mode

Set-AIPFileLabel 不支持 EnableTracking 参数Set-AIPFileLabel doesn't support the EnableTracking parameter

Get-AIPFileStatus 不从其他租户返回标签信息,也不显示 RMSIssuedTime 参数Get-AIPFileStatus doesn't return label information from other tenants and doesn't display the RMSIssuedTime parameter
此外,Get-AIPFileStatus 的 LabelingMethod 参数显示 Privileged 或 Standard,而不是 Manual 或 Automatic。In addition, the LabelingMethod parameter for Get-AIPFileStatus displays Privileged or Standard, instead of Manual or Automatic.
Office 中每个操作的对齐方式提示(如果已配置)Justification prompts (if configured) per action in Office - 频率:每个文件- Frequency: Per file
- 降低敏感度级别- Lowering the sensitivity level
- 删除标签- Removing a label
- 删除保护- Removing protection
- 频率:每个会话- Frequency: Per session
- 降低敏感度级别- Lowering the sensitivity level
- 删除标签- Removing a label
删除已应用的标签操作Remove applied label actions 系统提示用户确认User is prompted to confirm

下次 Office 应用打开文件时,不自动应用默认标签或自动标签(如果已配置)The default label or an automatic label (if configured) is not automatically applied next time the Office app opens the file
不提示用户进行确认User is not prompted to confirm

下次 Office 应用打开文件时,自动应用默认标签或自动标签(如果已配置)The default label or an automatic label (if configured) is automatically applied next time the Office app opens the file
自动标签和建议标签Automatic and recommended labels 在 Azure 门户中配置为标签条件,其中包含使用短语或正则表达式的内置信息类型和自定义条件Configured as label conditions in the Azure portal with built-in information types and custom conditions that use phrases or regular expressions

配置选项包括:Configuration options include:
- 唯一/非唯一计数- Unique / Not unique count
- 最小计数- Minimum count
在管理中心中配置,包含内置敏感信息类型和自定义信息类型Configured in the admin centers with built-in sensitive information types and custom information types

配置选项包括:Configuration options include:
- 仅唯一计数- Unique count only
- 最小和最大计数- Minimum and maximum count
- 信息类型支持 AND 和 OR- AND and OR support with information types
- 关键字字典- Keyword dictionary
- 可自定义的可信度和字符接近度- Customizable confidence level and character proximity
附件子标签的排序支持Order support for sublabels on attachments 使用高级客户端设置启用Enabled with an advanced client setting 默认情况下启用,无需配置Enabled by default, no configuration required
更改文件类型的默认保护行为Change the default protection behavior for file types 使用注册表编辑替代本机保护和常规保护的默认值Use registry edits to override the defaults of native and generic protection 使用 PowerShell 更改受保护的文件类型Use PowerShell to change which file types get protected
自动重新扫描Automatic rescans 每次扫描程序检测到策略或标记设置发生更改时,都会自动运行完整重新扫描Full rescans are automatically run every time the scanner detects a change in policy or labeling settings 从版本 2.8.85.0 开始,管理员可以选择在更改策略或内容扫描作业设置后跳过完整重新扫描。Starting in version 2.8.85.0, administrators can choose to skip a full rescan after making changes to policy or content scan job settings.
网络发现(公共预览版)Network discovery (Public preview) 网络发现功能不可用于经典扫描程序Network discovery features are unavailable for the classic scanner 管理员可以通过扫描指定 IP 地址或范围来发现其他危险的存储库。Administrators can discover additional risky repositories by scanning a specified IP address or range.

未计划在 Azure 信息保护统一标记客户端中实现的功能Features not planned to be in the Azure Information Protection unified labeling client

尽管 Azure 信息保护统一标记客户端仍处于开发阶段,但当前未计划在统一标记客户端的未来发布版中推出以下相对于经典客户端的功能和行为差异:Although the Azure Information Protection unified labeling client is still under development, the following features and behavior differences from the classic client are not currently planned to be available in future releases for the unified labeling client:

父标签及其子标签Parent labels and their sublabels

Azure 信息保护经典客户端不支持指定具有子标签的父标签的配置。The Azure Information Protection classic client doesn't support configurations that specify a parent label that has sublabels. 这些配置包括指定默认标签和推荐分类或自动分类的标签。These configurations include specifying a default label, and a label for recommended or automatic classification. 如果某个标签具有子标签,可以指定其中一个子标签,但不能指定父标签。When a label has sublabels, you can specify one of the sublabels but not the parent label.

对于奇偶校验,Azure 信息保护统一标签客户端也不支持应用具有子标签的父标签,即使可以在管理中心中选择这些标签,也无法应用。For parity, the Azure Information Protection unified labeling client also doesn't support applying parent labels that have sublabels, even though you can select these labels in the admin centers. 在此方案中,Azure 信息保护统一标记客户端将不应用父标签。In this scenario, the Azure Information Protection unified labeling client will not apply the parent label.

后续步骤Next steps

若要安装和配置 Azure 信息保护统一标记客户端,请参阅:To install and configure the Azure Information Protection unified labeling client, see:

有关使用 Microsoft 365 应用的内置标记解决方案的详细信息,请参阅 Office 应用中的敏感度标签For more information about using the built-in labeling solution for Microsoft 365 apps, see Sensitivity labels in Office apps.