通过

刷新完全数据与敏感信息源表文件匹配

  • 项目

每 24 小时最多可以刷新 5 次敏感信息的数据库。 必须重新hash 并上传敏感信息源表。 刷新使用新表覆盖现有的敏感信息源表。

  1. 将敏感数据重新导出到应用(如 Microsoft Excel),并将文件保存为 .csv、.tsv 格式或管道分隔的 (|) 格式。 保留之前对文件进行哈希处理和上传时使用的相同文件名和位置。 有关导出敏感数据并将其转换为正确格式的详细信息,请参阅 导出源数据以获取基于完全数据匹配的敏感信息类型

    注意

    如果对敏感信息源表文件的结构 (字段名称) 没有更改,则刷新数据时无需对数据库架构文件进行任何更改。 但是,如果必须进行更改,请确保相应地编辑数据库架和规则包。 有关编辑或删除架构的步骤,请参阅 管理确切的数据匹配 架构。 若要了解如何 dit 或删除 EDM SIT/rule 包,请参阅 创建完全数据匹配敏感信息类型/规则包

  2. 使用 哈希和上传敏感信息源表中的过程,获取与敏感信息类型完全匹配的数据 ,以上传敏感信息表源文件。

  3. 可以使用 任务计划程序 自动执行 哈希并上传敏感信息源表,以便完全匹配敏感信息类型 过程。 你可以使用多种方法来计划任务:

    方法 需执行的操作
    PowerShell 请参阅本文中的计划任务文档和示例 PowerShell 脚本
    任务计划程序 API 请参阅任务计划程序文档
    Windows 用户界面 在 Windows 中单击“开始”,然后键入 Task Scheduler。 然后,在结果列表中,右键单击“任务计划程序”,然后选择“以管理员身份运行”。

提示

如果你不是 E5 客户,请使用为期 90 天的 Microsoft Purview 解决方案试用版来探索其他 Purview 功能如何帮助组织管理数据安全性和合规性需求。 立即从Microsoft Purview 合规门户试用中心开始。 了解有关 注册和试用条款的详细信息。

任务计划程序的示例 PowerShell 脚本

此部分包含一个示例 PowerShell 脚本,你可以使用该脚本来计划为数据创建哈希并上传哈希数据的任务:

在组合步骤中计划哈希和上传

param(\[string\]$dataStoreName,\[string\]$fileLocation)
\# Assuming current user is also the user context to run the task
$user = "$env:USERDOMAIN\\$env:USERNAME"
$edminstallpath = 'C:\\Program Files\\Microsoft\\EdmUploadAgent\\'
$edmuploader = $edminstallpath + 'EdmUploadAgent.exe'
$csvext = '.csv'
$schemaext = '.xml'
\# Assuming file name is same as data store name and file is in .csv format
$dataFile = "$fileLocation\\$dataStoreName$csvext"
\# Assuming location to store hash file is same as the location of csv file
$hashLocation = $fileLocation
\# Assuming Schema file name is same as data store name
$schemaFile = "$fileLocation\\$dataStoreName$schemaext"
$uploadDataArgs = '/UploadData /DataStoreName ' + $dataStoreName + ' /DataFile ' + $dataFile + ' /HashLocation' + $hashLocation + ' /Schema ' + $schemaFile
\# Set up actions associated with the task
$actions = @()
$actions += New-ScheduledTaskAction -Execute $edmuploader -Argument $uploadDataArgs -WorkingDirectory $edminstallpath
\# Set up trigger for the task
$trigger = New-ScheduledTaskTrigger -Weekly -DaysOfWeek Sunday -At 2am
\# Set up task settings
$principal = New-ScheduledTaskPrincipal -UserId $user -LogonType S4U -RunLevel Highest
$settings = New-ScheduledTaskSettingsSet -RunOnlyIfNetworkAvailable -StartWhenAvailable -WakeToRun
\# Create the scheduled task
$scheduledTask = New-ScheduledTask -Action $actions -Principal $principal -Trigger $trigger -Settings $settings
\# Get credentials to run the task
$creds = Get-Credential -UserName $user -Message "Enter credentials to run the task"
$password=\[Runtime.InteropServices.Marshal\]::PtrToStringAuto(\[Runtime.InteropServices.Marshal\]::SecureStringToBSTR($creds.Password))
\# Register the scheduled task
$taskName = 'EDMUpload\_' + $dataStoreName
Register-ScheduledTask -TaskName $taskName -InputObject $scheduledTask -User $user -Password $password

将哈希和上传计划为单独的步骤

param(\[string\]$dataStoreName,\[string\]$fileLocation)
\# Assuming current user is also the user context to run the task
$user = "$env:USERDOMAIN\\$env:USERNAME"
$edminstallpath = 'C:\\Program Files\\Microsoft\\EdmUploadAgent\\'
$edmuploader = $edminstallpath + 'EdmUploadAgent.exe'
$csvext = '.csv'
$edmext = '.EdmHash'
$schemaext = '.xml'
\# Assuming file name is same as data store name and file is in .csv format
$dataFile = "$fileLocation\\$dataStoreName$csvext"
$hashFile = "$fileLocation\\$dataStoreName$edmext"
\# Assuming Schema file name is same as data store name
$schemaFile = "$fileLocation\\$dataStoreName$schemaext "

\# Assuming location to store hash file is same as the location of csv file
$hashLocation = $fileLocation
$createHashArgs = '/CreateHash' + ' /DataFile ' + $dataFile + ' /HashLocation ' + $hashLocation + ' /Schema ' + $schemaFile
$uploadHashArgs = '/UploadHash /DataStoreName ' + $dataStoreName + ' /HashFile ' + $hashFile
\# Set up actions associated with the task
$actions = @()
$actions += New-ScheduledTaskAction -Execute $edmuploader -Argument $createHashArgs -WorkingDirectory $edminstallpath
$actions += New-ScheduledTaskAction -Execute $edmuploader -Argument $uploadHashArgs -WorkingDirectory $edminstallpath
\# Set up trigger for the task
$trigger = New-ScheduledTaskTrigger -Weekly -DaysOfWeek Sunday -At 2am
\# Set up task settings
$principal = New-ScheduledTaskPrincipal -UserId $user -LogonType S4U -RunLevel Highest
$settings = New-ScheduledTaskSettingsSet -RunOnlyIfNetworkAvailable -StartWhenAvailable -WakeToRun
\# Create the scheduled task
$scheduledTask = New-ScheduledTask -Action $actions -Principal $principal -Trigger $trigger -Settings $settings
\# Get credentials to run the task
$creds = Get-Credential -UserName $user -Message "Enter credentials to run the task"
$password=\[Runtime.InteropServices.Marshal\]::PtrToStringAuto(\[Runtime.InteropServices.Marshal\]::SecureStringToBSTR($creds.Password))
\# Register the scheduled task
$taskName = 'EDMUpload\_' + $dataStoreName
Register-ScheduledTask -TaskName $taskName -InputObject $scheduledTask -User $user -Password $password