实现商业无国界Enable business without borders

标识并非可有可无 - 它是员工实现高效工作的核心。Identity is not a nice to have – it is at the core of an efficient workforce. 组织需使其员工能通过任何设备随时随地访问所有数据和应用程序。Organizations need to empower their employees to access all their data and applications from every device and every location. 用户需要相互合作,与合作伙伴合作,并与客户沟通。Users need to collaborate with each other and with partners, and connect with customers. 他们使用的工具不再驻留于受保护和受控制的环境中,而是可在任何公共云中找到。The tools they use don’t live in a protected and controlled environment any more; it can be found in any public cloud.

这个新领域带来了传统工具无法应对的挑战和高级威胁。This new world introduces challenges and advanced threats that cannot be mitigated with traditional tools. 由于新边界是用户,因此仅保护自己的网络是没有意义的。There is no point in protecting just your network while the new boundary is the user. 在这种环境中提高工作效率和获得保护的关键是强大的标识解决方案。The key to be productive and protected in this environment is a strong identity solution.

企业移动性 + 安全性可提供哪些帮助?How can Enterprise Mobility + Security help you?

企业移动性 + 安全性 (EMS) 是一个不仅从设备自身本机保护公司数据,还采用身份、设备、应用和数据这四个保护层提供更多保护的综合云解决方案。Enterprise Mobility + Security (EMS) is the only comprehensive cloud solution that natively protects corporate data on the device itself and beyond with four layers of protection across identities, devices, apps, and data. EMS 可帮助解决移动优先、云优先世界中的一个重大难题 - 如何提供一个适用于跨云和本地资产的单一标识,并尽可能让用户保持高效。EMS helps you solve one of the key challenges in the mobile-first, cloud-first world – how to provide a single identity that works across cloud and on-premises assets, and keep users as productive as possible.

访问单一登录应用程序Access to single sign-on applications

通过联合身份验证和单一登录,用户将拥有一组登录凭据和密码,并且 IT 能够更高效地管理用户标识。With Identity Federation and single sign-on, users have one set of login credentials and passwords, and IT is able to more efficiently manage user identity.

多重身份验证Multi-factor authentication

用户还能够将新设备引入企业,但 IT 部门可以验证这些连接到网络的设备由具有适当凭据的个人所有和控制。Users also have the ability to bring new devices into the enterprise, but IT can validate that devices connecting to the network are owned and controlled by individuals with the appropriate credentials. 多重身份验证 (MFA) 可帮助提供一层保护。Multi-factor authentication (MFA) helps to provide a layer of protection.

自助服务组管理Self-service group management

当用户确实忘记密码时,能够重置自己的密码,这减少了 IT 的负担并使用户通过快速解决问题提高效率。When users do forget passwords, they have the ability to reset their own passwords, reducing the burden on IT and making the user more efficient by being able to resolve the issue quickly.

跨组织协作Cross-organization collaboration

企业到企业协作对于 97%的 Microsoft 客户是非常重要的,他们认为与合作伙伴合作是一个需实现的关键要求。Business to Business collaboration is important to 97% of Microsoft customers, who consider it a key requirement to work with partners. Azure Active Directory B2B(企业到企业)协作支持跨公司关系,途径是使合作伙伴能够使用自我管理的标识有选择地访问企业应用程序和数据。Azure Active Directory B2B (business-to-business) collaboration supports cross company relationships by enabling partners to selectively access corporate applications and data using self-managed identities.

建议使用 Azure Active Directory B2B(企业到企业)协作 解决方案,它可与传统工具上的现有投资协作,使组织能够以安全高效的方式随处访问所需的任何内容。Azure Active Directory B2B (business-to-business) collaboration is the recommended solution that provides to organizations access to everything they need from everywhere, in a secure and productive way, in collaboration with existing investments on traditional tools.

  • IT 专业人员,向合作伙伴组织和协作方提供其组织数据和应用程序的访问权限。IT Pros providing access to their organization’s data and applications to partner organizations and collaborators.
  • 合作伙伴用户,作为自己组织的代表或员工进行操作。Partner users that are acting “on behalf of”, as representatives or employees of their organization.
  • 访问审查、电子邮件验证、允许列表、拒绝列表等,以及控制对主机应用程序和资源的访问。Access reviews, email verification, allow list, deny list, etc. govern access to host application and resources.
  • 合作伙伴用户是可发现的,并且可从其自己的组织看到其他用户(取决于策略)。Partner users are discoverable and can see other users from their own organization (subject to policy).

Azure AD B2B 协作工作原理How Azure AD B2B collaboration works

Azure AD B2B 协作基于邀请和兑换模型,该模型使用你想与其合作的合作伙伴的电子邮件地址和你想使用的相应应用程序。Azure AD B2B collaboration is based on an invite and redeem model, which utilizes email addresses of the partners you want to work with and the respective applications you want to use.

  1. 管理员登陆 Azure 门户,并通过导入包含合作伙伴用户信息的 CSV 文件来邀请合作伙伴用户。Your admin logs into Azure portal, and invites partner users by importing a CSV file that contains the partner’s user information.
  2. Azure 门户向合作伙伴发送电子邮件。Azure portal sends e-mails to the partners.
  3. 合作伙伴单击从 Azure 门户收到的电子邮件中的链接。Partners click the link in the e-mail they receive from Azure portal. 如果合作伙伴用户已经存在于 Azure AD 中,系统将提示他们输入其工作凭据;如果没有,合作伙伴用户将需要以 Azure AD B2B 协作用户身份注册。If the partner user is already in Azure AD, they’re prompted to enter their work credentials; if not, the partner user will need to sign up as an Azure AD B2B collaboration user.
  4. 合作伙伴用户将自动重定向到他们受邀在其中进行协作的应用程序。The partner’s user gets automatically redirected to the application in which they were invited to collaborate.

图示:合作伙伴用户受邀通过 Azure AD B2B. 进行协作的过程。

实现本解决方案的方式How to implement this solution

以下步骤介绍之前讨论的实现每个 Azure AD B2B 协作的方法。The following steps describe how to implement each Azure AD B2B collaboration previously discussed. 每个链接表示一组不同的文章,其中包含要在组织中实现的一组不同的说明/步骤:Each link represents a different set of articles with a different set of instructions/steps to be implemented in your organization: