设置与 Microsoft 365 和 Microsoft TeamsSet up secure collaboration with Microsoft 365 and Microsoft Teams

能够与合适的人员轻松共享信息,同时防止过度共享是组织取得成功的关键。Being able to easily share information with the right people while preventing oversharing is key to an organization's success. 这包括能够仅与应有权访问敏感数据的人安全地共享敏感数据。This includes being able to share sensitive data safely with only those who should have access to it. 根据项目的不同,这可能包括与组织外部人员共享敏感数据。Depending on the project, this might include sharing sensitive data with people outside your organization.

此协作解决方案指南包括两个可帮助你的组件:This collaboration solution guidance includes two components to help you:

  • 为Microsoft Teams部署具有正确保护级别的项目Deploy Microsoft Teams with the right level of protection for each project
  • 使用每个项目的适当安全设置配置外部共享Configure external sharing with appropriate security settings for each project

使用Teams部署外部共享,并配置具有相应安全设置的外部共享

如果通用且易于使用的内容协作工具不可用,用户通常会通过电子邮件进行协作。If versatile and easy-to-use content collaboration tools aren't available, users will often collaborate by emailing documents. 这是一种繁琐且容易出错的协作方法,会增加信息共享不当的风险。This is a tedious and error-prone method of collaboration, and can increase the risk of inappropriate sharing of information. 如果用户发现共享信息过于困难,他们可能会恢复为使用不受 IT 监管的消费者产品。If people find sharing information too difficult, they could revert to using consumer products that are not governed by IT. 这会带来更大的风险。This can pose an even greater risk.

使用 Microsoft 365,可以使用Teams配置部署解决方案,这些配置有助于:With Microsoft 365, you can deploy Teams with a variety of configurations that help:

  • 保护知识产权Protect your intellectual property
  • 实现轻松协作Enable easy collaboration
  • 在安全性和可用性之间实现平衡,提高用户满意度并降低卷影 IT 的风险Create a balance between security and usability that increases user satisfaction and reduces the risk of shadow IT

如果信息共享不当,则大多数组织都有各种信息,其敏感度各不相同,并且对业务的影响也各不相同。Most organizations have a variety of information, with varying degrees of sensitivity and varying degrees of business impact if the information is inappropriately shared. 根据给定信息的敏感度,你可能希望允许与以下用户共享:Depending on the sensitivity of a given piece of information, you may want to allow sharing with:

  • 任何 (未经身份验证) Anyone (unauthenticated)
  • 组织内部人员People inside the organization
  • 组织内部的特定人员Specific people inside the organization
  • 组织内外的特定人员Specific people inside and outside the organization

诸如营销手册这样的信息旨在广泛在组织外部共享。Information such as marketing brochures are meant for sharing broadly outside the organization. 诸如菜单这样的信息并不用于外部共享,但如果在外部共享,则对业务没有影响。Information such as cafeteria menus aren't meant for external sharing, but would have no business impact if they were shared externally. 这些类型的信息几乎不需要保护,或者不需要保护。These types of information need little or no protection.

这些相同的营销手册在开发中可能只能在组织内部共享。Those same marketing brochures, while under development, might only be shared inside the organization. 在这种情况下,使用默认共享Teams可能就足够了。In this case, the default sharing settings in Teams may be sufficient.

有关正在开发中的新产品的信息可能被视为敏感,即使在组织内部。Information about a new product that is under development might be considered sensitive, even within the organization. 在这种情况下,可能适合使用更大程度的保护。A greater degree of protection might be appropriate in this case. 例如,您可以限制特定团队成员对此信息的访问。You could restrict access to this information to members of a specific team, for example. 根据项目,您可能需要与组织外部人员(如供应商或合作伙伴组织)进行协作。Depending on the project, you may need to collaborate with people outside your organization, such as a vendor or partner organization.

对于贵组织的成功至关重要的信息,或者具有严格的安全或合规性要求的信息可能需要更高级别的保护。Information that is critical to your organization's success, or has stringent security or compliance requirements might require even greater levels of protection.

风险范围从低 (发行) 到高 (敏感业务数据)

对于上述所有方案,可以使用 Microsoft Teams来存储、共享和协作处理信息。For all the scenarios noted above, you can use teams in Microsoft Teams to store, share, and collaborate on the information.

若要配置安全协作,请使用Microsoft 365功能。To configure secure collaboration, you use these Microsoft 365 capabilities and features.

产品或组件Product or component 功能或特性Capability or feature 许可Licensing
Microsoft Defender for Office 365Microsoft Defender for Office 365 保险箱SPO、OneDrive 和 Teams 的附件;保险箱文档;保险箱链接TeamsSafe Attachments for SPO, OneDrive and Teams; Safe Documents; Safe Links for Teams Microsoft 365E1、E3 和 E5Microsoft 365 E1, E3 and E5
SharePointSharePoint 网站和文件共享策略、网站共享权限、共享链接、访问请求、网站来宾共享设置Site and file sharing policies, Site sharing permissions, Sharing links, Access requests, Site guest sharing settings Microsoft 365E1、E3 和 E5Microsoft 365 E1, E3 and E5
Microsoft TeamsMicrosoft Teams 来宾访问、私人团队、私人频道Guest access, private teams, private channels Microsoft 365E1、E3 和 E5Microsoft 365 E1, E3 and E5
Microsoft 365 合规中心Microsoft 365 Compliance 敏感度标签Sensitivity labels Microsoft 365 E3 和 E5Microsoft 365 E3 and E5

协作管理Collaboration governance

Microsoft 365提供了许多用于管理协作解决方案的选项。Microsoft 365 provides many options for governing your collaboration solution. 我们建议您将此部署内容与协作管理内容 一起用于 为组织创建最佳协作解决方案。We recommend you use this deployment content alongside the collaboration governance content to create the best collaboration solution for your organization.

对Teams使用数据Using Teams for all kinds of data

为了管理对不同敏感信息的访问,我们开发了三种不同保护层用于Teams。To manage access to information with different sensitivities, we've developed three different tiers of protection for Teams. 您可以自定义这些层中的任一层,以更好地满足需求或业务。You can customize any of these tiers to better address the needs or your business.

三种保护级别的图形Teams

这些层 (基线敏感 和高度 敏感 )逐渐增加保护,以帮助防止过度共享和潜在的信息泄露,如下表所示。These tiers - baseline, sensitive, and highly sensitive - gradually increase the protections that help prevent oversharing and potential information leakage, as shown in the following table.

- 基线层Baseline tier 敏感层Sensitive tier 高度敏感的层Highly sensitive tier
公共团队或私人团队Public or private team 两者皆可Either PrivatePrivate PrivatePrivate
未经身份验证的共享Unauthenticated sharing BlockedBlocked BlockedBlocked BlockedBlocked
文件共享File sharing 允许Allowed 允许Allowed 只有团队所有者才能共享。Only team owners can share.
团队成员身份Team membership 任何人都可以加入公共团队。Anyone can join public teams.
加入私人团队需要团队所有者批准。Team owner approval required to join private teams.
需要团队所有者批准才能加入。Team owner approval required to join. 需要团队所有者批准才能加入。Team owner approval required to join.
文档加密Document encryption 与敏感度标签一起提供Available with sensitivity label
来宾共享Guest sharing 允许Allowed 允许或阻止Can be allowed or blocked 允许或阻止Can be allowed or blocked
未托管的设备Unmanaged devices 无限制No restriction 仅 Web 访问Web-only access BlockedBlocked

配置这些层涉及:Configuring these tiers involves:

  • 配置来宾Teams私人频道的设置Configuring settings in Teams for guest access and private channels
  • 为内部和来宾共享、访问请求和共享链接SharePoint团队关联的网站中的设置Configuring settings in a team's associated SharePoint site for internal and guest sharing, access requests, and sharing links
  • 对于 敏感和**高度敏感的 层,配置敏感度标签以对团队进行分类,并控制来宾共享和从非托管设备访问For the sensitive and highly sensitive tiers, configuring sensitivity labels to classify the teams, and control guest sharing and access from unmanaged devices
  • 对于 高度敏感的 层,配置敏感度标签以加密应用它的文档For the highly sensitive tier, configuring a sensitivity label to encrypt the documents to which it is applied

从基线层开始,然后根据需要添加使用敏感和高度 敏感 层的团队,以帮助保护组织中的信息。 Start with the baseline tier, and then add teams that use the sensitive and highly sensitive tiers as needed to help protect the information in your organization. 请参阅以下资源以开始:See these resources to get started:

如果高度敏感的项目需要额外保护,即使在组织内部也无需共享,可以配置使用自己的敏感度标签加密文件的团队,以便只有团队成员才能读取文件。If you have a highly sensitive project that requires additional protection from sharing even within your organization, you can configure a team that uses its own sensitivity label to encrypt files so that only team members can read them. 有关详细信息 ,请参阅使用安全隔离配置 团队。See Configure a team with security isolation for details.

与组织外部人员共享Sharing with people outside your organization

你可能需要 与组织外部人员共享任何敏感度的信息You may need to share information of any sensitivity with people outside your organization. 这包括与单个人员共享单个文档,到与大型合作伙伴组织或世界各地的供应商就主要项目进行协作。This could range from sharing a single document with a single person to collaborating on a major project with a large partner organization or freelancers from around the world. 在Microsoft 365中,可以轻松完成此范围的外部共享,并提供适当的安全措施来帮助保护敏感信息。In Microsoft 365, this range of external sharing can be done easily and with the appropriate safeguards to help protect your sensitive information.

这些资源将帮助您开始设置环境以与组织外部人员进行协作:These resources will help you get started with setting up your environment for collaborating with people outside your organization:

根据所共享信息的敏感度,您可以添加安全措施以帮助防止过度共享。Depending on the sensitivity of the information being shared, you can add safeguards to help prevent oversharing. 这些资源将帮助您设置组织所需的保护:These resources will help you set up the protections that you need for your organization:

如果你与合作伙伴组织有一个主要项目,可以使用 Azure 权利管理来管理为该项目设置的团队中的来自该组织的来宾。If you have a major project with a partner organization, you can use Azure Entitlement Management to manage the guests from that organization in a team that you set up for the project. 有关详细信息,请参阅使用托管来宾创建 B2B Extranet。See Create a B2B extranet with managed guests for details.

管理员培训Training for administrators

Microsoft Learn 中的这些培训模块可帮助你了解 Teams 和 SharePoint 中的协作、管理和标识功能。These training modules from Microsoft Learn can help you learn the collaboration, governance, and identity features in Teams and SharePoint.

TeamsTeams

培训:Training: 使用 Microsoft Teams 管理团队协作Manage team collaboration with Microsoft Teams
Teams协作培训图标 “使用 Microsoft Teams 管理团队协作”介绍了 Microsoft Teams 的特性和功能,它是 Microsoft 365 中的团队协作中心。Manage team collaboration with Microsoft Teams introduces you to the features and capabilities of Microsoft Teams, the central hub for team collaboration in Microsoft 365. 你将了解如何使用 Teams 促进组织内的团队合作和通信,无论是在办公场所内还是办公场所外,也无论团队使用何种设备(从桌面设备到平板电脑再到电话),同时利用 Office 365 应用的所有丰富功能。You’ll learn how you can use Teams to facilitate teamwork and communication within your organization, both on and off premises, on a wide range of devices—from desktops to tablets to phones—while taking advantage of all the rich functionality of Office 365 applications. 你将了解 Teams 如何为团队跨应用和设备进行协作提供全面、灵活的环境。You’ll gain an understanding of how Teams provides a comprehensive and flexible environment for collaboration across applications and devices. 此学习途径可帮助你准备 Microsoft 365 认证:Teams 管理员关联认证。This learning path can help you prepare for the Microsoft 365 Certified: Teams Administrator Associate certification.

2 小时 17 分钟 - 学习路径 - 5 个模块2 hr 17 min - Learning Path - 5 Modules

SharePointSharePoint

培训:Training: 在 Microsoft 365 中配合使用 SharePointCollaborate with SharePoint in Microsoft 365
SharePoint培训图标 “使用 Microsoft SharePoint 管理共享内容”介绍 SharePoint 的特性和功能,以及它如何与 Microsoft 365 协同工作。Manage shared content with Microsoft SharePoint introduces you to the features and capabilities of SharePoint, and how it works with Microsoft 365. 你将了解 SharePoint 网站的不同类型(包括中心网站)以及信息保护、报告和监视。You'll learn about the different types of SharePoint sites, including hub sites, as well as information protection, reporting, and monitoring. 还将了解如何使用 SharePoint 文件和文件夹共享来优化协作,如何在外部共享文件,以及如何在 SharePoint 管理中心中管理 SharePoint 网站。You'll also learn how to use SharePoint file and folder sharing to optimize collaboration, how to share files externally, and how to manage SharePoint sites in the SharePoint admin center. 此学习途径可帮助你准备 Microsoft 365 认证:团队合作管理员关联认证。This learning path can help you prepare for the Microsoft 365 Certified: Teamwork Administrator Associate certification.

1 小时 14 分钟 - 学习路径 - 4 个模块1 hr 14 min - Learning Path - 4 Modules

信息保护Information protection

培训:Training: 使用 Microsoft 365 保护企业信息Protect enterprise information with Microsoft 365
Teams信息保护培训图标 保护和保证组织的信息安全以往任何时候都更具挑战性。Protecting and securing your organization's information is more challenging than ever. 使用 Microsoft 365 保护企业信息学习路径介绍如何防止敏感信息被意外过度分享或滥用,如何发现和分类数据,如何使用敏感度标签保护数据,以及如何同时监视和分析敏感信息以防信息丢失。The Protect enterprise information with Microsoft 365 learning path discusses how to protect your sensitive information from accidental oversharing or misuse, how to discover and classify data, how to protect it with sensitivity labels, and how to both monitor and analyze your sensitive information to protect against its loss. 此学习路径可帮助你准备Microsoft 365:安全管理员关联Microsoft 365认证:Enterprise专家认证。This learning path can help you prepare for the Microsoft 365 Certified: Security Administrator Associate and Microsoft 365 Certified: Enterprise Administration Expert certifications..

1 小时 - 学习路径 - 5 个模块1 hr - Learning Path - 5 Modules

身份和访问Identity and access

培训:Training: 使用 Azure Active Directory 提供标识和访问保护Protect identity and access with Azure Active Directory
标识和访问培训图标 标识和访问学习路径涵盖了最新的身份和访问技术、用于加强身份验证的工具以及组织内有关身份保护的指南。The Identity and Access learning path covers the latest identity and access technologies, tools for strengthening authentication, and guidance on identity protection within your organization. Microsoft 访问和身份技术使你能够保护组织的身份(无论是本地身份还是在云中),并使用户能够从任何位置安全地工作。Microsoft access and identity technologies enable you to secure your organization’s identity, whether it is on-premises or in the cloud, and empower your users to work securely from any location. 此学习途径可帮助你准备 Microsoft 365 认证:安全管理员关联与Microsoft 365 认证:企业管理专家认证。This learning path can help you prepare for the Microsoft 365 Certified: Security Administrator Associate and Microsoft 365 Certified: Enterprise Administration Expert certifications.

2 小时 52 分钟 - 学习路径 - 6 个模块2 hr 52 min - Learning Path - 6 Modules

面向最终用户的培训Training for end users

这些培训模块可帮助用户使用Teams、组和SharePoint进行Microsoft 365。These training modules can help your users use Teams, groups, and SharePoint for collaboration in Microsoft 365.

TeamsTeams SharePointSharePoint
设置和自定义团队培训图标Set up and customize your team training icon
设置和自定义团队Set up and customize your team
SharePoint共享和同步培训图标SharePoint share and sync training icon
共享和同步Share and sync
Teams上传和查找文件培训图标Teams upload and find files training icon
Upload并查找文件Upload and find files
在团队和频道中协作图标Collaborate in teams and channels icon
在团队和频道中协作Collaborate in teams and channels

插图Illustrations

这些插图将帮助您了解组和团队如何与组织中其他服务交互Microsoft 365以及哪些治理和合规性功能可帮助您在组织中管理这些服务。These illustrations will help you understand how groups and teams interact with other services in Microsoft 365 and what governance and compliance features are available to help you manage these services in your organization.

面向 IT 架构师的 Microsoft 365 中的组Groups in Microsoft 365 for IT Architects

对于 Microsoft 365 中的组,IT 架构师需要了解的信息What IT architects need to know about groups in Microsoft 365

Item 说明Description
组信息图的缩略图Thumb image for groups infographic
PDF | VisioPDF | Visio
2019 年 6 月更新Updated June 2019
这些图示详细介绍了不同类型的组,如何创建和管理这些组,以及一些治理建议。These illustrations detail the different types of groups, how these are created and managed, and a few governance recommendations.

Microsoft 365 中生产力服务的逻辑体系结构,以 Microsoft Teams 为主导。The logical architecture of productivity services in Microsoft 365, leading with Microsoft Teams.

Item 说明Description
Teams 逻辑体系结构海报缩略图Thumb image for Teams logical architecture poster
PDF | VisioPDF | Visio
2019 年 4 月更新Updated April 2019
Microsoft 提供了一系列生产力服务,这些服务协同工作,提供数据治理、安全性和符合性相关功能的协作体验。Microsoft provides a suite of productivity services that work together to provide collaboration experiences with data governance, security, and compliance capabilities.

此系列图示展示了企业架构师生产力服务的逻辑体系结构,以 Microsoft Teams 为主导。This series of illustrations provides a view into the logical architecture of productivity services for enterprise architects, leading with Microsoft Teams.

部署安全协作解决方案Deploy the secure collaboration solution

准备好部署此解决方案后,请继续执行以下步骤:When you're ready to deploy this solution, continue with these steps:

  1. 配置三种不同保护层以用于Teams。Configure the three different tiers of protection for Teams.
  2. 配置用于 与组织外部人员共享任何敏感度信息的设置Configure settings for sharing information of any sensitivity with people outside your organization.

另请参阅See also

Microsoft 365 安全中心文档Microsoft 365 security documentation

Microsoft 365 合规性文档Microsoft 365 compliance documentation

欢迎使用 Microsoft TeamsWelcome to Microsoft Teams